This Metasploit module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlier versions in order to execute arbitrary commands with SYSTEM privileges. Valid credentials for a ZenTao admin account are required. This module has been successfully tested against ZenTao 8.8.1 and 8.8.2 running on Windows 10 (XAMPP server).
191b945627084957824fcc0caf7eb0edfafb74b14433e38de0cb21c995667b52
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
5f5a9f1cf455dc9369af7b42313fd241102069bb05c6b6945c34add878dbbf07
Ubuntu Security Notice 4428-1 - It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this information. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Python incorrectly handled certain TAR archives. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
bd0ca3aa125b7eb221c2efb45192de20cbb57e4b69e622b348f061fab6792867
Ubuntu Security Notice 4430-1 - It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted image file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service.
76de1c4dcb2f8ddf02ae8ea197de16bb0ea36cad146fbaca49df39b4e7d2cf26
Ubuntu Security Notice 4429-1 - It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack.
f6956b1c90a287224c0c82eff6fa6dee8aa4fe8193cff2ffcedd3f924d51822d
Red Hat Security Advisory 2020-3098-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a bypass vulnerability.
43e23faf9d5348bde32808009acef8127f1adfcaa463fafc9de98336cf79bd42
Red Hat Security Advisory 2020-3105-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins.
ea16728bd70ae96da557f40f2a3facaf6511f0047b35f572739853d05a0d34a1
Red Hat Security Advisory 2020-3102-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins.
eb68cfba73e80a957610c1c1754ee02b04c2c11dd863a4626362fde0e05f7479
Red Hat Security Advisory 2020-3099-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a bypass vulnerability.
af1168d38a072f5da0c15712b298d780e245ddddd505734083ac93fa6a8783f0
Red Hat Security Advisory 2020-3100-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a bypass vulnerability.
5dfe4f41bb301d732a531db9705ccd026e69b3bb4479a6fea66a3a0c7399303c
Red Hat Security Advisory 2020-3101-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a bypass vulnerability.
6c4a228e650ebf6d8f38ae2ad3f8952591d667abb324a86df9576e398ae56cf9
Docsify.js version 4.11.4 suffers from a cross site scripting vulnerability.
0bcd9963527e80734359f08f4fb7fbea017a71d3c6f4262918bd2b9112da1c80
Red Hat Security Advisory 2020-3096-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins.
fa7e5d6396dfe8a770ab86f5a8a8e1e106b6d53b52ddb895efc680513c0e2540
Red Hat Security Advisory 2020-3090-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
885e23f7d18e0ac7c553dc780e8db1574740985ebc651183992d17da0a8d1add
Red Hat Security Advisory 2020-3087-01 - Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation.
beb36d6fde9d9b16b89f5ae7ac29137d7e53b66ff31cf855503a76f0b99bc58a
WordPress NexosReal Estate Theme version 1.7 suffers from cross site scripting and remote SQL injection vulnerabilities.
df44eb3bb3bda424cb66f50cc08e0b9335df8fe6832a5f67fa979e8d464c6eb7
Ubuntu Security Notice 4425-1 - It was discovered that the network block device implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service. It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
cf4699147e9a8170a6b01cfad73d27e74fd7559a378c683fa8339ccc82663df9
Ubuntu Security Notice 4427-1 - It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information. Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.
b977bb1eef5006f04c02310b64f67dfc0df0cf66bdb9c9980f831579b1b67812
Ubuntu Security Notice 4426-1 - Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges. Various other issues were also addressed.
c08d99828ab0121536e6f7fbfa804274851e82d4f947dc4c837c3f5da9f63b08
Red Hat Security Advisory 2020-3084-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service and integer overflow vulnerabilities.
7a4caa69e6c2b55ec9e17b1435e419c0e4f4298a4da2e39e480c2298868fd2f7
Sophos VPN Web Panel 2020 denial of service proof of concept exploit.
fed56a4e0c61feafa1c63267efd2d4a90437797c3dc2ac6df64387ab03184a6e