CentOS 7 : nss and nspr (RHSA-2020:4076)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4076 advisory. - When importing a curve25519 private key in PKCS8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Securi...

CentOS 7 : cpio (RHSA-2020:3908)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:3908 advisory. - In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths a...

CentOS 7 : openldap (RHSA-2020:4041)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4041 advisory. - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash. CVE-2020-122...

CentOS 7 : libpng (RHSA-2020:3901)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3901 advisory. - libpng before 1.6.32 does not properly check the length of chunks against the user limit. CVE-2017-12652 Note that Nessus has not tested for this issue but ha...

CentOS 7 : freerdp (RHSA-2020:4031)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4031 advisory. - In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound...

CentOS 7 : dbus (RHSA-2020:4032)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4032 advisory. - dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 and in some, less common, us...

CentOS 6 : firefox (RHSA-2020:3558)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3558 advisory. - By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object whi...

CentOS 7 : firefox (RHSA-2020:3556)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3556 advisory. - By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object whi...

CentOS 7 : java-11-openjdk (RHSA-2020:2969)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2969 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u25...

CentOS 6 : firefox (RHSA-2020:2824)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2824 advisory. - Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This...

Netsweeper WebAdmin unixlogin.php Python Code Injection

This module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based...

Netsweeper WebAdmin unixlogin.php Python Code Injection Exploit

This Metasploit module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS...

Netsweeper WebAdmin unixlogin.php Python Code Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netsweeper WebAdmin unixlogin.php Python Code Injection', 'Description' = %q This module exploits a Python code injection in the Netsweeper...

CVE-2017-5972

The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service CPU consumption by sending many TCP SYN packets, as demonstrated by an attack against the...

Micro Focus (HPE) Data Protector SUID Privilege Escalation

This module exploits the trusted $PATH environment variable of the SUID binary omniresolve in Micro Focus HPE Data Protector A.10.40 and prior. The omniresolve executable calls the oracleasm binary using a relative path and the trusted environment $PATH, which allows an attacker to execute a cust...

Qualys Policy Compliance Notification: Policy Library Updates (June)

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

Keybase keybase-redirector - ($PATH) Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits keybase-redirector is a setuid root binary. keybase-redirector calls the fusermount binary using a relative path and the application trusts the value of $PATH. This allows a local, unprivileged user to trick the application to executing a cust...

Keybase keybase-redirector - '$PATH' Local Privilege Escalation

keybase-redirector is a setuid root binary. keybase-redirector calls the fusermount binary using a relative path and the application trusts the value of $PATH. This allows a local, unprivileged user to trick the application to executing a custom fusermount binary as root. Environment CentOS Linux...

NethServer 7.3.1611 (Upload.json) CSRF Script Insertion Vulnerability

Description NethServer suffers from an authenticated stored XSS vulnerability. Input passed to the 'BackupConfigUploadDescription' POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser sessio...

NethServer 7.3.1611 - Cross-Site Request Forgery (Create User Enable SSH Access)

NethServer 7.3.1611 - Cross-Site Request Forgery Create User Enable SSH Access HTML Decoded PoC: history.pushState'', '', '/' input type="hidden" name="AccountUsercreategrou...