sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
69b91d6bba6d053b300a89692d5ebe98cc3ce9803d5f25e600a31943afa7fc6eRed Hat Security Advisory 2021-4032-01 - Openshift Logging Bug Fix Release. Issues addressed include a code execution vulnerability.
14f971ee6ac97f93b8de4d06c668c3a26b4bb107cba2ed6ee7eacb091fa3dcc7This Metasploit module exploits an input validation error on the log file extension parameter of SuiteCRM version 7.11.18. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the username of a valid user, as this info is logged. The php code in the file can then be executed by sending an HTTP request to the log file. A similar issue was reported by the same researcher where a blank file extension could be supplied and the extension could be provided in the file name. This exploit will work on those versions as well, and those references are included.
7f2ef0fa96275977d80eca31460f8f2876baa953ce756a42a73f7d1524b141fbUbuntu Security Notice 5148-1 - It was discovered that hivex incorrectly handled certain input. An attacker could use this vulnerability to cause a crash or obtain sensitive information.
76851cf8dd20c10c8a7e161d457d12beee41e14890fc435ae8dd98c540f7a962WordPress Smart Product Review plugin versions 1.0.4 and below suffer from a remote shell upload vulnerability.
29a1fcc09577e084c0c089ef3d7a429a755dafcc54dfac7e29bf7520ce0f0f63Red Hat Security Advisory 2021-4626-01 - The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as well as to add storage, create VMs and manage user permissions. Issues addressed include a denial of service vulnerability.
e78c982084d10901d788a5c486cbbfd19932b8793039633a3cf90132286b87fdLiquidFiles version 3.5.13 suffers from a privilege escalation vulnerability. The LiquidFiles API allows a User Admin to access keys for System Administrators.
bf9b58acae02929b7e3bacefe79b18576f37054b1cc772c21d9b054246ca69cbRed Hat Security Advisory 2021-4703-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The ovirt.ovirt package manages all oVirt Ansible modules. The ovirt-ansible-hosted-engine-setup package provides an Ansible role for deploying Red Hat Virtualization Hosted-Engine.
344136b78bd0a33e49bbd741bc5b8ab81942ea43faba16ccc30e1da86859067dUbuntu Security Notice 5149-1 - Kevin Backhouse discovered that AccountsService incorrectly handled memory when performing certain language setting operations. A local attacker could use this issue to escalate privileges.
0183300b73a168e52d3f29741265462c012571234ef6c3e63b0ff9bfdc7887b1GitLab version 13.10.2 remote code execution exploit that provides a reverse shell.
a3816f4a73b68abc9aa497e0982428e2bde3d7b0a005094907ca8484d9f39f60Red Hat Security Advisory 2021-4628-01 - Openshift Logging Bug Fix Release. Issues addressed include a code execution vulnerability.
ac277430a1b1b05dba76cecef03900e9e3030dda5c7eafc2dd739d28f122ce68Quick.CMS version 6.7 suffers from a cross site scripting vulnerability that can allow for cross site request forgery attacks.
67a0a105c6f950cecd0e39d185aca97751f39901cc4896bc691f737af9c4e4ecRed Hat Security Advisory 2021-4702-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include XML injection, code execution, denial of service, information leakage, local file inclusion, man-in-the-middle, memory leak, open redirection, password leak, remote file inclusion, remote shell upload, and traversal vulnerabilities.
8add47f95e7029cc9b29e159ddcedaf8b823cd7f438afa063e0aa09ebed5c91aBludit version 3.13.1 suffers from a cross site scripting vulnerability.
a40179e874a3617c43914004a657787ce2c2cd85253dca00ef0e809d5a1b018cIn this paper, the authors conduct an analysis of the previously over-looked attack surface related to DNS, and are able to uncover even stronger side channels that have existed for over a decade in Linux kernels. The side channels affect not only Linux but also a wide range of DNS software running on top of it, including BIND, Unbound and dns-masq. They also discovered that about 38% of open resolvers (by frontend IPs) and 14% (by backend IPs) are vulnerable including the popular DNS services such as OpenDNS and Quad9.
285348238e1453af785253da8bbd1e4ba41081c23566393003c3960304917844
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed