The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
8a8cea880193b092895e1094dcc1368f8f44d986cf0749166e5da40ab6214982Quest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.
fd18c79b0364edc307ae0073788f224ea5fd016ba9223e6018267eb9911d3f41This Metasploit module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. When we run slui.exe with changed Registry key (HKCU:\Software\Classes\exefile\shell\open\command), it will run our custom command as Admin instead of slui.exe. The module modifies the registry in order for this exploit to work. The modification is reverted once the exploitation attempt has finished. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting the payload in a different process.
52eae7699fd217998bd9f71d972ca94c711fbd59761cf10ee7f2ba42b345263eQuest DR Series Disk Backup Software version 4.0.3 suffers from multiple code execution vulnerabilities.
e313c1bcf4d85337e78155dc912283a22293cddaadd03f8b4acb51929c7e6e8cPageKit CMS version 1.0.13 suffers from a cross site scripting vulnerability.
159b4f9b84d35d3f6a1f5d3bf55f4ab55a5d7c9402cba628709a4c7655460b17TAC Xenta 511 and 911 suffer from a credential disclosure vulnerability.
90952fc563068e757f870ef57c9c2fb11c036d0d9a431a036bcc222061093dccRed Hat Security Advisory 2018-1779-01 - Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Issues addressed include a deserialization vulnerability.
68d8463eb39947b4768e0072e58a98eeb01f9f8c076d5bbe05a00c4fe69a62f8New STAR version 2.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
942f181d2cef121670ac4505bb620b06890b8ed43bc51798794f718651dabde2Red Hat Security Advisory 2018-1777-01 - The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Issues addressed include a heap overflow vulnerability.
6a5432497654c684dedf725c9d655f9ea79f3a8a1cdb12d1d04ae0bdf435f6abPHP Dashboards NEW version 5.5 suffers from a remote SQL injection vulnerability.
3a0a42771f077f731c8acfd860f24ce43b9da0dd368e67e85cd17bf005c119b5Ubuntu Security Notice 3665-1 - It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that Tomcat contained incorrect documentation regarding description of the search algorithm used by the CGI Servlet to identify which script to execute. This issue only affected Ubuntu 17.10. Various other issues were also addressed.
adc3401f4c6099499fc7f32dd5cfa60804e4fe107e205fa1ebecec9060700bf5CSV Import and Export version 1.1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
08bf99e3c3d9f328e9bffab76058387d5d908cb206308aad51b9c5313e0d68f3Grid Pro Big Data version 1.0 suffers from a remote SQL injection vulnerability.
b1a5b6b5ec54dcb35948fe2e94789131e2272e1fcfa3162ded64b1df27330a98Chitasoft version 3.6.2 suffers from a remote SQL injection vulnerability.
b8e6ee3398abdd19039b38944eaffefcc4f40997b47c4b627b90f1c62624af70Brother HL-L2340D and HL-L2380DW suffer from a cross site scripting vulnerability.
619bdaaa6484db813096e9f60d0936c2648c7b469e6a7525ec8533294ee85f8aUbuntu Security Notice 3664-1 - Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers.
f8bd164a4dab67d5f1cb9bbeba62f5dd5317d2b3aefa38f3af5fed9d94f78351AXON PBX version 2.02 suffers from a cross site scripting vulnerability.
04a666c41333b5f3a6da50e9ea1dbdebeff05424793da848b007b56096f2c465AXON PBX version 2.02 suffers from a DLL hijacking vulnerability.
c680c40bb9644184c45d660a62e2391edc86949192449483678e312f79d2cc46105 bytes small Linux/x86 bindshell shellcode that spawns on TCP/4444.
fe6dd7fae1e1513ff3a092da78ff89e74788f9291d362a32c9d34126322afd77Microsoft Edge Chakra suffers from an issue where EntrySimpleObjectSlotGetter can have side effects that cause a type confusion vulnerability.
dac02c231e7c37da88c204ab8918570d1df7d88c3ea07b2805f9d5afd9081f4432 bytes smalls Linux/ARM egghunter + /bin/sh shellcode.
a8a8818b58dd7c10ffc3f9eef5ebbd60e88af764ec5bd9d08bdf1bc70f86695638 bytes small Linux/x86 egghunter + access() shellcode.
5bb54f21df2196370591c274991a596c8ac61ef9d2b7d4bb707eccadef695a0a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed