The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
febc812db5ae0a6bd96fed7c1a01cdac63f8bdbb7bc58e6031aeafbae7d5b096Red Hat Security Advisory 2024-9976-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a remote shell upload vulnerability.
755e3f7fd3a32e239d9a8e79f9b2bd32c56c1499b3152634192c8405d374b1a0Red Hat Security Advisory 2024-9975-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a remote shell upload vulnerability.
606dbbccfc1abbfc6325944757b4c621aff1bfa2dff0fcf6e7bc64c779e522a0Red Hat Security Advisory 2024-9923-03 - An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a remote shell upload vulnerability.
ac3b4900168ba2084e3ad8318e664384985ddb8ae1864c72c0e264af4e5a06afThis Metasploit module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer. Successful exploitation requires user interaction, but no CUPS services need to be reachable via accessible ports. Code execution occurs in the context of the lp user. Affected versions are cups-browsed less than or equal to 2.0.1, libcupsfilters versions 2.1b1 and below, libppd versions 2.1b1 and below, and cups-filters versions 2.0.1 and below.
16431cc7dbb038947f886cccbda9ff1e8abb4ffdc1cbb4066839871766422f13This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploading a malicious PHP file to the server.
e395c3372dc6eda5878d64b4b3e2b759c5bfaffe8d57ca9fdfd36a0bab7bf55bUbuntu Security Notice 7015-6 - USN-7015-5 fixed vulnerabilities in python2.7. The update introduced several minor regressions. This update fixes the problem. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.
667ae966414c566b7ba032fe92060c7e3cfb42504b259cece2ff73a5eb36f7f3This Metasploit module leverages an unauthenticated remote command execution vulnerability in Ivanti's EPM Agent Portal where an RPC client can invoke a method which will run an attacker-specified string on the remote target as NT AUTHORITY\SYSTEM. This vulnerability is present in versions prior to EPM 2021.1 Su4 and EPM 2022 Su2.
e0620d2d0515fa0c50ecc9895fe036f29df5b1ae1f77223209ef2489ec4d79b2Ubuntu Security Notice 7115-1 - It was discovered that Waitress could process follow up requests when receiving a specially crafted message. An attacker could use this issue to have the server process inconsistent client requests. Dylan Jay discovered that Waitress could be lead to write to an unexisting socket after closing the remote connection. An attacker could use this issue to increase resource utilization leading to a denial of service.
6ad6f923ea9cc45b7e046d6e571ff79657024a06937696cab8baf2ba282bbeb0Proof of concept code to exploit an authentication bypass in Palo Alto's PAN-OS that is coupled with remote command execution.
c8b10b5731e612b147d09c4e3d75d1869c7c85552ecae142103e7ca29fb1797bUbuntu Security Notice 7015-5 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2024-6232 and CVE-2024-6923 for python2.7 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.
08f60811c86141139bb27d0271c6dc8fb3d71d45f06454f487eabe3442ba3aa1Ubuntu Security Notice 7113-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
dd5f06682ca93a1fe2093e0af57570ec9766114fd67a9256775ecb3b152853a5CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape the sandbox, bypass pyimport restrictions and execute arbitrary commands on the host. At the time of this writing no patch has been released and version 0.74 is the latest version of js2py which was released Nov 6, 2022. CVE-2024-39205 is a remote code execution vulnerability in Pyload versions 0.5.0b3.dev85 and below. It is an open-source download manager designed to automate file downloads from various online sources. Pyload is vulnerable because it exposes the vulnerable js2py functionality mentioned above on the /flash/addcrypted2 API endpoint. This endpoint was designed to only accept connections from localhost but by manipulating the HOST header we can bypass this restriction in order to access the API to achieve unauthenticated remote code execution.
80427d657de061fee48a9f5adbb6c131d9fca4ddd53f67cf67ca1b3ed439fdddSOPlanning version 1.52.01 authenticated remote code execution exploit.
aa2b0281cd44426371fcd74740cdc742a4967b78355a65e5c712e22f50b852b6Ubuntu Security Notice 7108-1 - Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that AsyncSSH did not properly handle the user authentication request message. An attacker could possibly use this issue to control the remote end of an SSH client session via packet injection/removal and shell emulation.
879c1bba1c6e49f095f223b8a2b416c8ae15269b5259350aefb2b128068cebe4Ubuntu Security Notice 7049-2 - USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data.
1ef836801b877272adfe67ac7b50491e2b11f94aae8175ec4b8655236596a7edProof of concept remote code execution exploit for GravCMS 1.10.7 that leverages an arbitrary YAML write / update.
5cb1696418ca010542d02a039fd2e7ced0fb5abc292d2bf9e447350af4776e32Proof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.
a6b63ce9c93a3021236a9a584571d58798fe9d500b30228bb2141feca495c4d9This Metasploit module lets you obtain remote code execution in Palo Alto Expedition versions 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the second vulnerability, CVE-2024-9464, is an authenticated OS command injection. In a default installation, commands will get executed in the context of www-data. When credentials are provided, this module will only exploit the second vulnerability. If no credentials are provided, the module will first try to reset the admin password and then perform the OS command injection.
df2c6c91b0ec6249f500e20b70f386982ccf89ee425960ccceff8fd524cb14ffRed Hat Security Advisory 2024-9457-03 - An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 9. Issues addressed include a remote shell upload vulnerability.
8227c87ea3c4a2d6d25c74d77bc24b194c3a6bf80fbb99081bf8a9064998e024Red Hat Security Advisory 2024-9315-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow, denial of service, double free, information leakage, integer overflow, memory leak, null pointer, out of bounds access, out of bounds read, remote file inclusion, and use-after-free vulnerabilities.
32308f49513c3b581bb9c141ba5087f4778c169dc1ab2498edc6b4de6282aef1Red Hat Security Advisory 2024-9194-03 - An update for python3.11-PyMySQL is now available for Red Hat Enterprise Linux 9. Issues addressed include a remote SQL injection vulnerability.
b06c0e82d5c14385ecdaf3f54b54eea639160836d39876922e055fb7234b1b0bRed Hat Security Advisory 2024-9193-03 - An update for python3.12-PyMySQL is now available for Red Hat Enterprise Linux 9. Issues addressed include a remote SQL injection vulnerability.
6de9c7ed1fd52974da32baf4727a7a7f7a02a7a050c58109ef02a42ff151f5acUbuntu Security Notice 7094-1 - It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that QEMU incorrectly handled certain memory copy operations when loading ROM contents. If a user were tricked into running an untrusted kernel image, a remote attacker could possibly use this issue to run arbitrary code. This issue only affected Ubuntu 14.04 LTS.
0a3549b040f05e5f31b861b3a44ea0e7afe9f586f80ca702bb4d248e08d92775WS02 versions 4.0.0, 4.1.0, and 4.2.0 are susceptible to remote code execution via an arbitrary file upload vulnerability.
88bbb0e549a78d6ccac8792066a572155603f8e8b352a29a78237e92f01cd2a7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed