This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Spark with standalone cluster mode through the REST API. It uses the function CreateSubmissionRequest to submit a malicious java class and triggers it.
116bdb53e7d35e2318c64aa8641d121ced48eb91bde9f964beb39633e269de98Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
0ec78d708724453829c9465451c82dc8d712a34c9c857a118e0e366b1eced29dSiglent Technologies SDS 1202X-E Digital Oscilloscope version 5.1.3.13 suffers from multiple security vulnerabilities including hardcoded backdoor accounts, missing authentication, and more.
9c2308d462e08188151b5811bf316c27b479ee4b0ffda09667d3a3e6d83074a1Tarantella Enterprise versions prior to 3.11 suffer from an access control bypass vulnerability.
59d4ebbbea05011ff88766420702f8c2dafb0908c02498e7d43b760d1ce3aa40Tarantella Enterprise versions prior to 3.11 suffer from a directory traversal vulnerability.
1faac68fc7546fad92fea083e6fe9d139ab5f2586fd75dc9512567d04e89bf3cThe fix Ubuntu applied to address the Ghostscript vulnerability identified in CVE-2018-16510 appears to be insufficient.
0ac0bf39a81253812182b1698273af4235df1fa484a59f5032b8a187be3fe340There is an out-of-bounds vulnerability in Microsoft VBScript in rtFilter. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied.
787b477ccfcf4e5ec10751b188d5bc87141748ffcd37526a29a5654c900f7593WebKit JSC has an issue where BytecodeGenerator::hoistSloppyModeFunctionIfNecessary does not invalidate the ForInContext object.
2751e0f6a8f902aff80fed20940889e7b425689a3222eb806fc6878759565dbcThere is a use-after-free vulnerability in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied. There are possibly two vulnerabilities triggerable by the same proof of concept included.
4d368e653a42596f0318f358cc51225567ac7ae3f445045de8e6e98d697a4007WebKit JIT has type confusion bugs in ByteCodeParser::handleIntrinsicCall.
80230144bdea861cdd786d198f4417655144fdae813a68d336ee57b1a9cea2fdWhen a for-in loop is executed, a JSPropertyNameEnumerator object is created at the beginning and used to store the information of the input object to the for-in loop. Inside the loop, the structure ID of the "this" object of every get_by_id expression taking the loop variable as the index is compared to the cached structure ID from the JSPropertyNameEnumerator object. If it's the same, the "this" object of the get_by_id expression will be considered having the same structure as the input object to the for-in loop has. The problem is, it doesn't have anything to prevent the structure from which the cached structure ID from being freed. As structure IDs can be reused after their owners get freed, this can lead to type confusion.
8f4f4959d722f37276fc6cd1ba9725d214fa2d1eafa97af721346d7487bda487Gentoo Linux Security Advisory 201811-24 - A SQL injection in PostgreSQL may allow attackers to execute arbitrary SQL statements. Many versions are affected.
a087bea7df518fee4c512dab8b1b7128152a68b584f11bf25fcd2f30c6ea069dGentoo Linux Security Advisory 201811-23 - Multiple vulnerabilities have been found in libsndfile, the worst of which might allow remote attackers to cause a Denial of Service condition. Versions less than 1.0.28-r4 are affected.
53c9e768ab556258485ffacf946632c5c77d01764fb08f0a3ef5bf547479fbe5Ubuntu Security Notice 3833-1 - Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
a245ddd2e063e75ae9b8cd656c2ba843ed10ef466025e17abe119b7bfbe3080aUbuntu Security Notice 3832-1 - Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Jann Horn discovered that the mremap system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service , expose sensitive information, or possibly execute arbitrary code. Various other issues were also addressed.
b57e39d7a6b2621e28ea09c25523ef6ffe045219afabe19ad27f96586c416cd1Debian Linux Security Advisory 4347-1 - Multiple vulnerabilities were discovered in the implementation of the Perl programming language.
693b5b860a9f8cea84d3e3b377ab5b2c4b932965f11e4d4715f272144663f79bSlackware Security Advisory - New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
671fbca86bbc5a91ba38e250555985ef427c47025b7d59bbb3bd26f4e94c089cRed Hat Security Advisory 2018-3738-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a name equality check.
eb0ce715cf844684ef01e1980a5cde4f3ad3c61658a96a7c429bb1f1502520dbUbuntu Security Notice 3795-3 - USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Various other issues were also addressed.
0db1887001641d8acf759d27b5cb2ddd82af752d469ef1b920b7bdce098289b4Ubuntu Security Notice 3831-1 - It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.
f393db61267526f9bb9a3e7c882bd9b3c0c9096a7343ce75fd00bbb4b1ff4263Red Hat Security Advisory 2018-3731-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.
67960d69e88fb6e819f1aed911deeb9a04df23e739ae31cebcff7618004f0b0fRed Hat Security Advisory 2018-3730-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.
5974e59d03ede1e205bc6f92b04e3d4d0be271c53073850c54f2227ff9bf7374Red Hat Security Advisory 2018-3729-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.
50842ce6db655529d85f25aace87d1c36085f22eb7f5436231ccd6f4207b1c4a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed