This Metasploit module exploits an unauthenticated remote code execution vulnerability in Jorani versions prior to 1.0.2. It abuses log poisoning and redirection bypass via header spoofing and then it uses path traversal to trigger the vulnerability. It has been tested on Jorani 1.0.0.
a4309a794ac0f54cb65920512a047c08d1fe2fb20e8fd4e92250ccc7c03334baDebian Linux Security Advisory 5481-1 - Multiple security issues were discovered in Fast DDS, a C++ implementation of the DDS (Data Distribution Service), which might result in denial of service or potentially the execution of arbitrary code when processing malformed RTPS packets.
60761ae1f909d5fe23670d691683d7c15f304abbdcc61d3087f50541332964fbDebian Linux Security Advisory 5480-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
41dc7825fce5df5966134dc369b0fdabc89599073025de78f75ae2cf98e6b9a8Academy LMS version 6.1 suffers from an upload vulnerability that could lead to persistent cross site scripting attacks.
7376aca92af649793fc8f249692d13f1ef1e359cdf18e47dababff6842bf39f0Credit Lite version 1.5.4 suffers from a remote SQL injection vulnerability.
0faea53f64035d441033c829555c1f6f8fc72385d820d794d376c48be7218249Ubuntu Security Notice 6303-1 - It was discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
e410cd198f326bdba54dc90a500dd75665a7d226d4685e2b40c7c1b8a1f440ffUbuntu Security Notice 6302-1 - It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Vim did not properly perform bounds checks in the diff mode in certain situations. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
99d99c980fb814b5a940e8caef7cb6f9ac4873610d0870a4650486177b144b4cUbuntu Security Notice 6267-3 - USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy. Alexander Guryanov discovered that Firefox did not properly update the value of a global variable in WASM JIT analysis in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. Mark Brand discovered that Firefox did not properly validate the size of an untrusted input stream. An attacker could potentially exploit this issue to cause a denial of service.
7e86313999419f66e87b639480ef8ad7f3101a9bf1b0aef199979f717993c99aCrypto Currency Tracker (CCT) versions 9.5 and below suffer from a flaw that allows an administrative account to be added without authentication.
9bfa02f5d59b5e3cf33ee7b1bbfbf8405639a69db395f6a7dbbbe7f5809ce517Fara Melk Estate CMS version 1.5.0 suffers from an information leakage vulnerability.
4af12b7169ce378353d4cf96d1c4969efdc42f2c001caa9c8366ef3c2c37e915Evsanati Radyo version 1.0 suffers from a remote shell upload vulnerability.
6f289542a9b2ff6259d9eb3de8975ddf2b290e0ca802dfb52bee485e1ba002f9Event Locations CMS version 1.0.1 suffers from a remote shell upload vulnerability.
5726fce489985783f22e0f5ecc503fba4dae0b938d62e509a60800df39aafc2cDoorGets CMS version 7.0 suffers from an information leakage vulnerability.
e4dd4e13f6683cf82c0e69a415af646d4525941805e5d02a2a2a1438821ec8e2Emaar Real Estate Agency Directory System version 5.7 suffers from a remote shell upload vulnerability.
2208a9ef6d057665e6e208a9fcf7cb84fba0639ca102f63b041c7f40f53cd112
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed