This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restore a user-specified database (OpCode 10007), however the database connection username is not sanitized resulting in command injection, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This Metasploit module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN).
6e617c9e2dc52b8e3176ccf763528cbf0564f66df4920f7c15aa5b7cd694b5eaThis Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restart a user-specified database instance (OpCode 10008), however the instance ID is not sanitized, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This Metasploit module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN).
8593e2a11cac9b478374fc96e4123be69ffbd8aafe9adc13437d98414d73a636Proof of concept that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions.
556baf38b3cbd6a00b1977182d2e52222d11bc57c0158fa40ccf472a8568c448On January 9, fixes for CVE-2017-5754 were released into the Ubuntu Xenial kernel version 4.4.0-108.131. This CVE, also known as "Meltdown," is a security vulnerability caused by flaws in the design of speculative execution hardware in the computer's CPU.
d1f83d5380c45fea8b0f7c98adba0bf5365481ee9ac8b2cebf7d26e5186c74c9VMware Security Advisory 2018-0002.1 - VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.
963ccf51b4549886833cc22006ffc81cb09d33e8bbc3e81de60d3044de7c9355VMware Security Advisory 2018-0004 - VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest remediation for speculative execution issue.
c6d2e4b063e3ab3f5a8f434842d6b1780e505c1685915b84e2d41b8aa6dce9d1Debian Linux Security Advisory 4082-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
347c611935bac535fc1ce2315b4501495b8f7bd67bd16039884f09a909a4602dDebian Linux Security Advisory 4080-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.
fb40631b4e6e2aa36a01a6097b8791637329c2a2a7b66ec5d5560c871d05ec6aSlackware Security Advisory - New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
4489cd71a5ef8912e23b5f4d1c1772857ab325f60226dc1f82a59f9efe07e4d0Ubuntu Security Notice 3524-1 - Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.
c8bb4a82294102baa9e7f69f64d2d2878ce4d9cc96d24be8c1049ae3616180f4Ubuntu Security Notice 3522-2 - USN-3522-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.
3e930e1f5dff43194405e5579a9823306e54589d76fe6adf09696898ed22a655Ubuntu Security Notice 3522-1 - Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.
08ae6485c712ce5c920c54c20ceb6ff954aceba2445bce96579831fef548df84Ubuntu Security Notice 3523-1 - Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5e21912d20ede254be2f46410d61a48a034c988bdc1be837146967e4fe2ff191Debian Linux Security Advisory 4081-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.
f7aae35ae4ec77a819fbff5ac55f53d91ca4cdc6887bdb1c9c1f9c3f7ea1b7e8The Microsoft Windows local print spooler can be abused to create an arbitrary file from a low privilege application including one in an AC as well as a typical Edge LPAC CP leading to elevation of privilege.
5c56ace40b07b3eea1f0414716862aee14ba5600ee84beb8a7da67c6abb0c94bThe Microsoft Windows OpenType ATMFD.DLL kernel-mode font driver has an undocumented "escape" interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications through an exported (but not documented) gdi32!NamedEscape function, which internally invokes the NtGdiExtEscape syscall.
bb274850f13f39d2cc7b83f33319ed2f50d1c874d081fd6fe6774c05fbaf68fbThe Microsoft Windows OpenType ATMFD.DLL kernel-mode driver lacks any sort of sanitization of various 32-bit offsets found in .MMM files (Multiple Master Metrics), and instead uses them blindly while loading Type 1 Multiple-Master fonts in the system.
b8102ba5cbc41970fedaf8cb7c662e036805d3aff1751f055103ddb03a105367The Microsoft Windows kernel suffers from a stack memory disclosure from nt!RawMountVolume via nt!PiUEventHandleGetEvent (\Device\DeviceApi\CMNotify device).
4245759a610e4875033a8cfc4ff41296198e721a838158cc5a4f29dd1838640cMicrosoft Edge Chakra fails to detect if "tmp" escapes the scope, allocates it to the stack. This may lead to dereference uninitialized stack values.
e75c0b7061c30013e71afb6bd97779067f7723b0f2e1cf092d0c9d4b92c2d136The Microsoft Windows kernel pool suffers from a memory disclosure in nt!NtQuerySystemInformation (information class 138, QueryMemoryTopologyInformation).
e572e268023cabc683d71d1229389e3c95052ecd8ab0d445337f24230815954aThe Microsoft Windows kernel suffers from a stack memory disclosure in nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues).
bfd46a1d8d67416403423e1b59913b8c6cd67fe31a752a390b97a6aac06a5bebThe Android MemoryIntArray class allows processes to share an in-memory array of integers backed by an "ashmem" file descriptor. As the class implements the Parcelable interface, it can be inserted into a Parcel, and optionally placed in a Bundle and transferred via binder to remote processes.
029f917e2e536de18d04761028191f4815fb7c9f5d6d53318a48a27ff5c347bbMicrosoft Edge Chakra JIT suffers from an out-of-bounds read in asm.js.
3dbadffd487c282938dfeef00382193f9d732adf03adf862f22f984c574f5cc1Microsoft Edge Chakra JIT has an issue where BackwardPass::RemoveEmptyLoopAfterMemOp does not insert branches.
60c50e5770fe9cf8d0a6b1b9db3bfee2421dd1354b480605f75a9f93bb16ffe8Microsoft Edge Chakra JIT has an issue where Op_MaxInAnArray and Op_MinInAnArray Misuse can explicitly call user defined JavaScript functions.
283f5a24fbb70e666e7313c38982967327884e5a4d3566411fa14556feb83259
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed