Trend Micro Deep Security Agent 11 suffers from an arbitrary file overwrite vulnerability.
893eaef24a4ca96041577727c07da9c8823de03e147d276420609d0067521440Broadcom CA Privileged Access Manager version 2.8.2 suffers from a remote command execution vulnerability.
b57c9d05247aeec50f84b6f1d59466d0e7e19320e75ac48a4c045bb8ffba4b6bHP Connected Backup versions 8.6 and 8.8.6 suffer from a local privilege escalation vulnerability.
4ec9745a0caf80870df4736931099f57d3387759529f891827958c5514239ef7This Metasploit module exploits an unauthenticated command injection in Alienvault USM/OSSIM versions 5.3.4 and 5.3.5. The vulnerability lies in an API function that does not check for authentication and then passes user input directly to a system call as root.
d72c139011d02b5dd53490824fea6a9d33d4ea93c69d1eaa4c8702f390b4d945Alienvault OSSIM / USM versions 5.3.0 and below suffer from an authentication bypass vulnerability.
ccc7d25b13cf43b235374996a93e7e29606307a1b963ca5677daa1e44f30002dThis Metasploit module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object injection vulnerability which leads to SQL injection attack that leaks an administrator session token. Attackers can create a rogue action and policy that enables to execute operating system commands by using captured session token. As a final step, SSH login attempt with a invalid credentials can trigger a created rogue policy which triggers an action that executes operating system command with root user privileges. This Metasploit module was tested against following product and versions: AlienVault USM 5.3.0, 5.2.5, 5.0.0, 4.15.11, 4.5.0 AlienVault OSSIM 5.0.0, 4.6.1
ac4cd7158b0ae42d40bce75202d5221b0347a49712ff529804a31fe058562cf0Alienvault OSSIM/USM versions 5.3.1 and below suffer from a php object injection vulnerability.
15c73504476ef61ce3f78973018cb8b2513108fb8a4f815dca1ef6a0da27f672Alienvault OSSIM/USM versions 5.3.1 and below suffer from a stored cross site scripting vulnerability.
373697a8bc5814e72590ca5c5ffda41e105c91a84d2e74b0d4e25fb2659889b6Alienvault OSSIM/USM versions 5.3.1 and below suffer from a remote SQL injection vulnerability.
30fc087a9e2c28203acf4fa8bf0c93d8dbf91426b95c05cb6c56d71080f5ecdcAlienvault OSSIM/USM versions 5.3.1 and below suffer from a cross site scripting vulnerability.
67edb0c1f8dc320c504c4dc2955487eacc3b39dcbb0d2dd72fa7e4322b63bd3eEasyDNNnews versions prior to 7.5 suffer from a cross site scripting vulnerability.
c301e8eddd3eb44f1d899c7ce2722b610bd164ac4b7e465bd2cb23277bc8e516Alienvault OSSIM/USM versions 4.14, 4.15, and 5.0 suffer from cross site scripting, remote command execution, and remote SQL injection vulnerabilities.
05fedd0172a711f1b3ebccf206431da754dbc59c1c66baabdd88b6a813ba1830The F5 ASM is a web application firewall designed to protect web applications from attacks. Due to the way that the system processes JSON content, it's possible to bypass the ASM using a crafted request to a URL that processes both JSON and regular URL encoded requests. Versions 11.4.0 and 11.4.1 are confirmed vulnerable.
e6abe385fd18e2857c231bede6a8524e4d82cb8ad1197e2ab340759994fa7badAlienvault OSSIM/USM versions 4.14.x and below suffer from a remote command execution vulnerability. Proof of concept included.
a68baa3bbf3f63879d7b7f3eaa8c9b8bc017abc0c0112daba2b272eca6043950F5 BIG-IP Application Security Manager (ASM) versions 11.4.0, 11.4.1, and likely 11.4.x-11.5.x suffer from a stored cross site scripting vulnerability.
16576032ddeda7555602b8798ffb21e9ce47e0cba867050f523c045d39124b0d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed