This Metasploit module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WS_FTP server running the Ad Hoc Transfer module. All versions of WS_FTP Server prior to 2020.0.4 (version 8.7.4) and 2022.0.2 (version 8.8.2) are vulnerable to this issue. The vulnerability was originally discovered by AssetNote.
67c3ec27f34dd597203794dd63375f1b12dc8aadd9a36aed8d054aa388c58b83Ubuntu Security Notice 6401-1 - It was discovered that FreeRDP did not properly manage certain inputs. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that FreeRDP did not properly manage certain inputs. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly execute arbitrary code.
9d49b67d80a9d8ac4cbe0f390e587665488a0a6f20bf9d963b6668b08fc9fc73Gentoo Linux Security Advisory 202310-4 - Multiple vulnerabilities have been discovered in libvpx, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.13.1 are affected.
a0d0ea2b8b8468b5f0fcfb9dae5191fa8ba8672fc27d290cf177a1b57ac6d6cdGentoo Linux Security Advisory 202310-3 - Multiple vulnerabilities in glibc could result in Local Privilege Escalation. Versions greater than or equal to 2.37-r7 are affected.
e2500310834567c2cb1e8cade2790f16602f9ae46924039eae6d388ddac98d3bUbuntu Security Notice 6410-1 - It was discovered that a specially crafted file system image could cause a heap-based out-of-bounds write. A local attacker could potentially use this to perform arbitrary code execution bypass and bypass secure boot protections. It was discovered that a specially crafted file system image could cause an out-of-bounds read. A physically-present attacker could possibly use this to leak sensitive information to the GRUB pager.
38694ae886fc45b7444310bbce577ee7031ee22a606a28f5a7021f474d4c4ed4Red Hat Security Advisory 2023-5390-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.36. Issues addressed include a denial of service vulnerability.
7878235dd5f3cb95e3b6ab0ca2fc0e38e4555feb09e561ae1675e1197e1f6477Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
51b3f646b7889065f8eb3b36f5410d5de8ca85f551f03de5dac5ba6b67e59c2cUbuntu Security Notice 6386-3 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
9e6acdc1fc5617ecd41b5df8f4a74a5d8fff08867f2f3ba7e58deb983fa599cfUbuntu Security Notice 6407-1 - Gregory James Duck discovered that libx11 incorrectly handled certain keyboard symbols. If a user were tricked into connecting to a malicious X server, a remote attacker could use this issue to cause libx11 to crash, resulting in a denial of service, or possibly execute arbitrary code. Yair Mizrahi discovered that libx11 incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service.
5e193d5a5e3b8104a8d4ef277ea0b008d7b50d430e58ab2495477c22baff0e9dUbuntu Security Notice 6409-1 - It was discovered that the GNU C Library incorrectly handled the GLIBC_TUNABLES environment variable. An attacker could possibly use this issue to perform a privilege escalation attack. It was discovered that the GNU C Library incorrectly handled certain DNS responses when the system was configured in no-aaaa mode. A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. This issue only affected Ubuntu 23.04.
f7cfa8e1c5b1ae4735706243eda7383b0f18aafc0e50647d07deb086c6db7da1Ubuntu Security Notice 6408-1 - Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service. Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could use this issue to cause libXpm to crash, leading to a denial of service, or possibly execute arbitrary code.
308862dc7073569674e3f6aef29ef161e77276c63a1927d16d01d616509cd6feDebian Linux Security Advisory 5514-1 - The Qualys Research Labs discovered a buffer overflow in the dynamic loader's processing of the GLIBC_TUNABLES environment variable. An attacker can exploit this flaw for privilege escalation.
a79c990734c79f4a2e535800be7b51931296133795be03c15dbd74fa4e5e4b50Debian Linux Security Advisory 5513-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
351508c91f2f195312c3b99007306f255460d396a1eb8a8f18501bde2385668cRed Hat Security Advisory 2023-5419-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.
eca5c145160d9bf3e1cdbf388fa2f0122e1c94a4b1f94623cc27d65238d5a028Ubuntu Security Notice 6406-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.
25de3c8dd39492ae9ee3a9bd07e4d5238e4246b6951dd3dbfb8c5854dceaefd0This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
f026e7b79ba7fb540f75182af96dc8a8f1db395f922bbc9f6ca603672686086b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed