This Metasploit module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The exec.php file within the Operator Panel permits users with operator_panel_view permissions, or administrator permissions, to execute arbitrary commands as the web server user by sending a system command to the FreeSWITCH event socket interface. This module has been tested successfully on FusionPBX version 4.4.1 on Ubuntu 19.04 (x64).
38468e6614fd2cb8667101b151bf487ee43e93ccd419b6ad4216f21cee042b1e
This Metasploit module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with exec_view permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This module has been tested successfully on FusionPBX version 4.4.1 on Ubuntu 19.04 (x64).
9ddc511633ca4524be66e468aa2349e7ebf43ba65883baed79761e3c37b3b7af
This Metasploit module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions: 1.6.10-17-726448d~44bit on FreeSWITCH-Deb8-TechPreview virtual machine; 1.8.4~64bit on Ubuntu 19.04 (x64); and 1.10.1~64bit on Windows 7 SP1 (EN) (x64).
2af6ba6d2dae98ab9fd3f1dbb8b8f6ec3e20238f5bef67966c656048edd77ffc
Ubuntu suffers from refcount underflow and type confusion vulnerabilities in shiftfs.
fc083eb6624e5af7dd882d1267361f52f304c19c1c96a185b84a12e9f221811d
Ubuntu Security Notice 4192-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
2defdd96991ff03edfdcc1ed54efb2e70aac9afd1f1731ca699f45549177d957
Red Hat Security Advisory 2019-3883-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.
d6b0312b84c1d25138e9ba5c37763c18a96f66d2ceb3e3d20368993fe5cd221d
Ubuntu Security Notice 4191-1 - It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. Sergej Schumilo, Cornelius Aschermann and Simon Woerner discovered that the qxl paravirtual graphics driver implementation in QEMU contained a null pointer dereference. A local attacker in a guest could use this to cause a denial of service. Various other issues were also addressed.
aee81e66d46141ffe8a014607d051bd70b2b1232ee96bcb442a1838008da393b
Ubuntu Security Notice 4191-2 - USN-4191-2 fixed a vulnerability in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
ae017f5886a9bd72e047c3db07423197155e2dbe1d4b843e052ead1516d83a3a
Ubuntu Security Notice 4186-3 - USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. This update addresses the issue. Various other issues were also addressed.
a22fb499a8eee3d48959f316cc92b99039174e4ec75ff93b2f12800519de703c
Red Hat Security Advisory 2019-3878-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.
890605b78c79a69bdd14cd97414c0776fd7e4b1e425ebbc6845574bc247b430f
Ubuntu Security Notice 4185-3 - USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables are disabled or not supported. This update addresses both issues. Various other issues were also addressed.
0943619d6246e8a0cdee4b5acfc1807d3c4914c36a38fbe8ded7be757a4e396b
Ubuntu Security Notice 4183-2 - USN-4183-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. This update addresses the issue. Various other issues were also addressed.
db78d28cd507d49176624aa1c886c5cf61d842620b9c273cac92d9c264a69321
Ubuntu Security Notice 4184-2 - USN-4184-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables are disabled or not supported. This update addresses both issues. Various other issues were also addressed.
b7e4f5cb2e7a1b61d8abbcf5d64a6bd1b12b10f64ec69db57292af5b7c023804
Red Hat Security Advisory 2019-3877-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.
6434bec05e1334d050e6b8527e8895d289751f44eac634381d6a8704b437b67d
Red Hat Security Advisory 2019-3872-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.
524810ebb56f475f231d82e9fb5f6a2461292b14d50c4cd18c64b8047cc622c1
Red Hat Security Advisory 2019-3770-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the oauth-server container image for Red Hat OpenShift Container Platform 4.2.4. Issues addressed include a cross site scripting vulnerability.
001a5cee0e0f4cf6e8d46ea7b73f748a53b6f5c84a23169350a0d4e02f381ba3
Red Hat Security Advisory 2019-3771-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the golang-github-prometheus-prometheus container image for Red Hat OpenShift Container Platform 4.2.4. A cross site scripting issue was addressed.
6cd003c924904751fa7e1e9c20e7a9196174aa179dd4eb3edbc60d067f2c2483
Red Hat Security Advisory 2019-3873-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write issue was addressed.
fc2e085eb133d792f72b40208563ff42f927bd835f6e4b0b68de0d3f7bc16ae5
Ubuntu Security Notice 4190-1 - It was discovered that libjpeg-turbo incorrectly handled certain BMP images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that libjpeg-turbo incorrectly handled certain JPEG images. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.04. Various other issues were also addressed.
4cf16dc0101a131dafca007e4d605c50be567c6122d9ec55f5bc2f8547768ac5
Xfilesharing versions 2.5.1 and below suffer from local file inclusion and remote shell upload vulnerabilities.
16eaecb6c750d7e90a4058c28407241f37dbcaf9b7c7b2b1e799b21776afb5ec
oXygen XML Editor version 21.1.1 suffers from an XML external entity injection vulnerability.
ecf168f5280157ada4955304be9f8936cd276ddb9b875238d2065784e1a87a20
SMPlayer version 19.5.0 suffers from a buffer overflow vulnerability that can trigger a denial of service condition.
d2080d79b568f000262f147d44280502d68ba82583ba9ed9efaa56d401694b7f