Oracle Weblogic versions 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 prior to the Jan 2023 security update are vulnerable to an unauthenticated remote code execution vulnerability due to a post deserialization vulnerability. This Metasploit module exploits this vulnerability to trigger the JNDI connection to a LDAP server you control. The LDAP server will then respond with a remote reference response that points to a HTTP server that you control, where the malicious Java class file will be hosted. Oracle Weblogic will then make an HTTP request to retrieve the malicious Java class file, at which point our HTTP server will serve up the malicious class file and Oracle Weblogic will instantiate an instance of that class, granting us remote code execution as the oracle user.
bf2f1b516a8dc0fb1cbfbd5fd5ff2f96c261f01313c61be63baa18eaf950b757This Metasploit module is a Terramaster chained exploit that performs session crafting to achieve escalated privileges that allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.15 and below are affected.
7ed27419eb63bc961b9030c2afefd618737ab612eeb1c26228002425218d88afThis Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.06 and below via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system under the same privileges as the web application, which typically runs under root at the TerraMaster Operating System.
8935d1e9f61d6f9eb3550ec44e1a8a5d97992b91e55a7456ae2af009097db539Anevia Flamingo XL version 3.2.9 suffers from an SSH sandbox escape via the use of traceroute. A remote attacker can breakout of the restricted environment and have full root access to the device.
d01a03802c6672cc17ac7216582cc0ad2e643d89808e99df7c959276e761db6dAnevia Flamingo XL version 3.6.20 suffers from an authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges.
43b14f668d4cb3067cebaa36c98d98889067ae017e721f40aa4910c9fb7f8585Anevia Flamingo XS version 3.6.5 suffers from an authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges.
53e095bd8aa1c01d2554ab8f1b300973ebf09ad1794d93fb1b09c6ffe2266f09Anevia Flamingo XL/XS versions 3.6.20 and 3.2.9 have a weak set of default and hardcoded administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
2deadfaf85581a1f50ccbbab6f33e8fcfb1e7bcb2cec62ab73bffe247af5652dDebian Linux Security Advisory 5423-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
39fd28a4e51cf92b07dc048ec4a3a557fdc8493c2998b7bbf52cfb0d34f5d018Ubuntu Security Notice 6153-1 - It was discovered that Jupyter Core executed untrusted files in the current working directory. An attacker could possibly use this issue to execute arbitrary code.
e049b61f2fbb6457ed2a6ddde7ac19490ab8581a30c4ee08fbce8af1f8109ce9Red Hat Security Advisory 2023-3557-01 - OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool. Issues addressed include a bypass vulnerability.
a484b137c49d4be983cc60080e22e27f3968c949feca93d9d4d66179cd80d702OmniCart version 3.4.0 suffers from a cross site scripting vulnerability.
7323138488bd4cd451f0dffd691e21b4c0a55eb945acdb7f373e7140c7bef115LearnDesk version 1.0 suffers from a cross site scripting vulnerability.
7cf650733c542723690c9a00d465a835103eb18d3f78642d33f825488c7b3124BB Machine Forum version 1.0 suffers from a cross site scripting vulnerability.
6315ed904ee3dea27805196e3028564056c12963b3a7f6936d5344758d825387Expert X Jobs Portal And Resume Builder version 1.0 suffers from a cross site scripting vulnerability.
19f4755eb1dd3a69bc59894dfb38d143b71e2cccaeec50578bedd8040f72b67fPhotoSwipe version 5.3.7 suffers from an arbitrary file download vulnerability.
e3c2913294c88ee858084b60305ca64197b66e6c22651f6ce631126b031fceaePES Pro CMS version 1.9.7 suffers from an add administrator vulnerability.
3d97f6f0b8f502ed030585d7d6b91ccacf8a0f1ab76836e0c68f38cde0a96e07KesionCMS X version 9.5 suffers from an unauthenticated add administrator vulnerability.
024a40520b5fe0b781a7cbf82ba73b871d140c7767554af3aee2a48e9ea18c1bPannres-Idence CMS version 7.3 suffers from a cross site request forgery vulnerability.
f1c42b82bf02fabbfc0466a6bc27d61027562f218a3cc4719bffb478ca5a7d9bOrmesson-Immobilier CMS version 8 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
387dd9b9671bc18550ca2875160ffe7b6c6242239617019eb08ec20fc1c20332osCommerce version 4 suffers from a local file inclusion vulnerability.
7cbd3f800121fbd6498c3dbdfab0d4d1fc70c2191d3bab9e42181076af739910WordPress theme Workreap version 2.2.2 suffers from a remote shell upload vulnerabilities.
88613ebc6afdbf65ab6006134c141ccea5e75079b6943db66508c59fc8ddd503Proof of concept exploit for a SPARQL injection vulnerability in VIVO that triggers a denial of service.
03a908c86212c5d8cb01cd14ceb44e5ff14b5a0ad5966f87f7b111117d9a3ab6Proof of concept exploit for a buffer overflow in strongSwan VPN's charon server.
381239d433a012d932de3871f064091c52ad26bb7b01de975c5e82fe37562652Proof of concept exploit for a buffer overflow remote code execution vulnerability in librelp.
e494ed907a60d68aba585cbc21eba08e50daffab41973ff8ba84e679096953dcProof of concept exploit for polkit that triggers an eventfd file descriptor leak.
f9b681fc933ff4d272ea49c02694d6c797b953465a57f0c30ab341372a92d369
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed