This Metasploit module can be used to execute a payload on Atlassian Jira via the Universal Plugin Manager(UPM). The module requires valid login credentials to an account that has access to the plugin manager. The payload is uploaded as a JAR archive containing a servlet using a POST request against the UPM component. The check command will test the validity of user supplied credentials and test for access to the plugin manager.
fb47812af6f170c72f706227c7635ea0efcb1f492374881294375137a6d0c137Ubuntu Security Notice 3817-1 - It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that Python incorrectly handled running external commands in the shutil module. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
03b91d747808db6662227ba32df53ee769cca67a7c8ef16b220c02b136f095e6SwitchVPN for MacOS and Windows version 2.1012.03 suffers from a man-in-the-middle vulnerability.
bb38df2916279a67eae167360690706c54013599fd3e8810b088263a9fa9d6b4This Microsoft bulletin summary lists a new CVE that has been added to the November advisory.
1570340541d2bb99e7c9e8a3f6917674ae600f0d2ca7397ba6d668922875f28cRed Hat Security Advisory 2018-3601-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. Issues addressed include a failure to delete data.
306deee33c560015c34a6495bac43afbd182746787a850ea8fe89368dbc97f92OCS Inventory NG suffers from an ocsreports authenticated remote code execution vulnerability via a shell upload.
24d22f114a3cf7d6004bf89c7745ac2a396b3daec40452cab1bc1b32f0c94835Red Hat Security Advisory 2018-3600-01 - The python-cryptography packages contain a Python Cryptographic Authority's cryptography library, which provides cryptographic primitives and recipes to Python developers. Issues addressed include a tag forgery vulnerability.
e06ef5a025c2fb21dd05ef7409e10e5310b636ef92cda32eddfb5efc0c1b4870Alive Parish version 2.0.4 suffers from remote file upload and remote SQL injection vulnerabilities.
13e52b63ee03ace99467ba4a684173a599e0af52a1f92ea2ec58619487f54c24Maitra Mail Tracking System version 1.7.2 suffers from remote SQL injection and database file download vulnerabilities.
d0058ad01d7cee1f55923aafeb38114a18d4b21914dd662ce46c678fbe5222c7This Microsoft summary lists Microsoft security updates released for November 13, 2018.
42d64d15f9bd050b8cafe4f3d736f8896e665a5146ec17b3b4da024bded44863This Microsoft advisory notification includes advisories released or updated on November 13, 2018.
2fb5736b3191a695873e77b11348a0e56e6c6a60ec1000bc3660d211e37a5eaaSIPve version 0.0.2-R19 suffers from a remote SQL injection vulnerability.
1e205bf5d38f212cb56a15b6edfc2b6a152682cb1d57a7ed5ea4df8701fc7c93SwitchVPN for MacOS version 2.1012.03 suffers from a privilege escalation vulnerability.
0d318968cae2b90169b2552a12c8ab32488a546badc48ecfe4e8001449fc3c0cRed Hat Security Advisory 2018-3595-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.5 serves as a replacement for Red Hat Single Sign-On 7.2.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
61d48207c326fdf7bcf8d805b68679a276363d1bd9f0c68cd0d3f85ce4894584Red Hat Security Advisory 2018-3593-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.5 serves as a replacement for Red Hat Single Sign-On 7.2.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
ae6d24611b65a597b874c13e22b715668b7bf792cc29ac0ba1baa739af4d210fWebiness Inventory version 2.3 suffers from a remote SQL injection vulnerability.
25f09879c0db287dad2fc64ac71621a7e9b49d26fea899646879a6d6d7b9127eWebiness Inventory version 2.3 suffers from cross site request forgery and remote shell upload vulnerabilities.
683ffb2a25365218ef07730178c4da2bb2d28d090c9924b039f5e7c3daac34a9Red Hat Security Advisory 2018-3592-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.5 serves as a replacement for Red Hat Single Sign-On 7.2.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
989a9b57ce6034bde23ac0385f6ebd053dbc969de4b8dc96b28c2d01cd0ddb56Red Hat Security Advisory 2018-3591-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an integer overflow vulnerability.
ccf8060e03ef67ab708802c8654d1b6d77da8af66f7e306750e5d6334f9a4f25ClipperCMS version 1.3.3 suffers from a cross site request forgery vulnerability.
d09486642ab60b675d0329207cb0cacb806e94fc94714a2fa51660ade3ebe27cRed Hat Security Advisory 2018-3590-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.
e1f32d161373ab4335bdb583d19868b2299507b80221f4b698d47f09a7185dc2Red Hat Security Advisory 2018-3540-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.
633aabe29b1e0f5d6bf768e3c3ce4393d827ebe23a55fe636f36ccbc25c9b3d7Silurus Classifieds Script version 2.0 suffers from a remote SQL injection vulnerability.
bac6493c536e26987265ce53ec7f7d1f7282ec77a11020fd997ed9d315bdd100
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed