Ubuntu Security Notice 4923-1 - Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. Satoshi Tanda discovered that EDK II incorrectly handled decompressing certain images. A remote attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
c6a40eaa9804bcbd688af5e22e4aacb4108392cf23d7cf4f045959af8339a0deThis Metasploit module exploits an arbitrary configuration write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user.
abded99044d29ee61fd87425114e92d627cb24bfd4a08cbdc45f77650c84534dThis Metasploit module exploits an OS command injection vulnerability in includes/components/nxti/index.php that enables an authenticated user with admin privileges to achieve remote code execution as the apache user. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios XI 5.7.3 running on CentOS 7.
02c732ecdeb46edeb55c3d07feeea7f934380ef9d317001de2070079b9dae17dRed Hat Security Advisory 2021-1297-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
d2fc9583f02831592db884875277fcf7256755db2717f96597bcc661d0855b25This Metasploit module exploits two NoSQL injection vulnerabilities to retrieve the user list and password reset tokens from the system. Next, the USER is targeted to reset their password. Then, a command injection vulnerability is used to execute the payload. While it is possible to upload a payload and execute it, the command injection provides a no disk write method which is more stealthy. Cockpit CMS versions 0.10.0 through 0.11.1, inclusive, contain all the necessary vulnerabilities for exploitation.
4d68ac3e666ed9ff71dca71ddb5b25a40d4998c467a0dc4dc723c054ae9043ccAdtran Personal Phone Manager version 10.8.1 suffers from a DNS exfiltration vulnerability.
3dd1867ec938ca429dc56dd3a114be49598fc02680ddbb249fb52cadbbb7641dUbuntu Security Notice 4922-1 - Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack.
cf2ecedb6dc196e4af175809b78647a6357efa199acf1dec4b27a28339ad47d1Red Hat Security Advisory 2021-1298-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
111d7f79cadeeb4e25d52f549c9ef3074496b150b3412a9de6f194c8acffe8f6Hasura GraphQL version 1.3.3 suffers from a denial of service vulnerability.
58ed2fb4a19652d286e476e457bd2a816cbd60dacbcd1f29fc6657648aa3128eRed Hat Security Advisory 2021-1307-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
569022b9b518cc207f856cca35a8373bf368219400d3d6a5a480c359d10bb7b5OpenEMR version 5.0.2.1 remote code execution exploit that drops in a reverse shell.
19c8469e1f4adb849ff6cc14a09cddd215b6ce8699d9be7ed6adaccfcbba09c2Red Hat Security Advisory 2021-1306-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
c499857d7375f4cf9a1e614722d6d0ef89951cbd839a21fc352c880bdbc4ab87Tenda versions D151 and D301 configuration downloading exploit.
fc37a22e1c47e9ca6660a0c683b311797731fe9a99e2150fcd40d501d3ac38ddRed Hat Security Advisory 2021-1150-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.
cb0b05054e01dacfc97259c7111ab5d6358375e32e414ffad4b6c7394ff1feefRed Hat Security Advisory 2021-1299-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
30a779eacb92e26ef4e4b02eb9a7120bca6ab83b2db2b7f31f91f77a392d1f60Adtran Personal Phone Manager version 10.8.1 suffers from multiple reflective cross site scripting vulnerabilities.
91eb377154488ec7c016952ffe3b4ebf2791bd6838a98d08693e4ebf4db983baAdtran Personal Phone Manager version 10.8.1 suffers from a persistent cross site scripting vulnerability.
1a74f8201ae6c8c3641611292636c86df375abcf5cbd509ea906e6109f10291eHasura GraphQL version 1.3.3 suffers from a server-side request forgery vulnerability.
05cf663a02092c1f333b7942d756aca4b12b9239512514eee13081444f037125Red Hat Security Advisory 2021-1305-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
99ad2593f5159777a59279ce8f64cb038e76214bfaefce17b4c14cd7a403e4b6Hasura GraphQL version 1.3.3 suffers from an arbitrary file read vulnerability.
8378720189b6d8e38a67594bb98e3dcd9bbc8ec7b0b661c2f36049eff3a5c2barconfig versions 3.9.6 and below shell upload exploit. This is a variant of the flaw discovered in the same version by Murat Seker in March of 2021.
1436538566bc2047ab944ff8012333d763d61f1e1541f4ad7acb854d2806935aUbuntu Security Notice 4921-1 - It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code.
87024ff6c191bb40811c1ca8de8bc0a3ac4ca491cbd4900fb45eb739b4934918RemoteClinic 2 suffers from multiple cross site scripting vulnerabilities.
c45f8690b4b4bff71dc90d7b4222008bf3eb6231aed4384736a38bfc57fcbbcbWordPress RSS for Yandex Turbo plugin version 1.29 suffers from a persistent cross site scripting vulnerability.
f33f759ff517707c00862118c43fe8866bee60549ed5f649f1b6c5df664f01b8Red Hat Security Advisory 2021-1301-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
15087b27679b08fe5d63785cade6bd64e49c1401cb1a1c6a4cac8fea0e8884e6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed