54 matches found
RHCOS 4 : Red Hat build of MicroShift 4.16.24 (RHSA-2024:10149)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10149 advisory. - runc: file descriptor leak CVE-2024-21626 Note that Nessus has not tested for this issue but has instead relied only on the application's...
CVE-2024-10149
The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Social Slider Feed plugin < 2.2.9 - Admin+ Stored XSS via Widgets vulnerability
Admin+ Stored XSS via Widgets vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Social Slider Feed versions 2.2.9...
CVE-2024-10149 Social Slider Feed < 2.2.9 - Admin+ Stored XSS via Widgets
The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10149 Social Slider Feed < 2.2.9 - Admin+ Stored XSS via Widgets
The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10149
The CVE-2024-10149 entry concerns the WordPress Social Slider Feed plugin prior to version 2.2.9. The root cause is that certain settings are not properly sanitized or escaped, enabling Stored XSS by high‑privilege users (e.g., administrators) even when unfiltered_html is disallowed (such as in m...
Exploit for OS Command Injection in Exim
Exim CVE Data Collection Data Collection Related to Exim Vuln...
NSA Warns of Sandworm Backdoor Attacks on Mail Servers
The Russia-linked APT group Sandworm has been spotted exploiting a vulnerability in the internet’s top email server software, according to the National Security Agency NSA. The bug exists in the Exim Mail Transfer Agent MTA software, an open-source offering used on Linux and Unix-like systems. It...
NSA Releases Advisory on Sandworm Actors Exploiting an Exim Vulnerability
The National Security Agency NSA has released a cybersecurity advisory on Russian advanced persistent threat APT group Sandworm exploiting a vulnerability—CVE-2019-10149—in Exim Mail Transfer Agent MTA software. An unauthenticated remote attacker can use this vulnerability to send a specially...
CVE-2019-10149
Exim unauthenticated RCE with reports that it’s been used by Sandworm since August 2019 Recent assessments: ericalexanderorg at May 28, 2020 4:49pm UTC reported: Untested POC exists https://github.com/MNEMO-CERT/PoC—CVE-2019-10149Exim/blob/master/PoCCVE-2019-10149.py gwillcox-r7 at November 04,...
Exploit for OS Command Injection in Exim
CVE-2019-10149 CVE-2019-10149 : A flaw was found in Exim versi...
Exploit for OS Command Injection in Exim
CVE-2019-10149 - Exim 4.87 Local/Makefile cp eximmonitor...
Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'expect' class MetasploitModule 'Exim 4.87 - 4.91 Local Privilege Escalation', 'Description' = %q This module exploits a flaw in Exim versions 4.87 to 4.91...
Exim 4.87 / 4.91 - Local Privilege Escalation Exploit
This Metasploit module exploits a flaw in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to command execution with root privileges. This module requires Metasploit: https://metasploit.com/download Current source...
Exim 4.91 Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'expect' class MetasploitModule 'Exim 4.87 - 4.91 Local Privilege Escalation', 'Description' = %q This module exploits a flaw in Exim versions 4.87 to 4.91...
Exim 4.87 - 4.91 Local Privilege Escalation
This module exploits a flaw in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to command execution with root privileges CVE-2019-10149. This module requires Metasploit: https://metasploit.com/download Current...
Microsoft Pushes Azure Users to Patch Linux Systems
Microsoft is warning customers that some Azure installations are vulnerable to a recently-disclosed critical Linux Exim mail server flaw that is under active attack. The warning comes after a widespread worm campaign was disclosed on Friday, targeting a flaw in the Exim mail transport agent MTA,...
Exim 4.87 - 4.91 - Local Privilege Escalation
Exim 4.87 - 4.91 - Local Privilege Escalation !/bin/bash raptoreximwiz - "The Return of the WIZard" LPE exploit Copyright c 2019 Marco Ivaldi A flaw was found in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to...
Exim 4.87 - 4.91 - Local Privilege Escalation
!/bin/bash raptoreximwiz - "The Return of the WIZard" LPE exploit Copyright c 2019 Marco Ivaldi A flaw was found in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to remote command execution. CVE-2019-10149 This...
Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149)
This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution RCE vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91. Microsoft Azure infrastructure and Services are not affected; only customer’s Linux IaaS...