Kong Gateway Admin API Remote Code Execution Exploit

This Metasploit module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute. After execution the route is deleted, which also deletes the plugin...

Kong Gateway Admin API Remote Code Execution

frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kong Gateway Admin API Remote Code Execution', 'Description' = ' This module uses the Kong admin API to create a route...

EulerOS Virtualization 3.0.6.6 : vim (EulerOS-SA-2020-2455)

According to the version of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces e.g.,...

CVE-2020-24342 affecting package lua 5.3.5-8

CVE-2020-24342 affecting package lua 5.3.5-8. A patched version of the package is available...

CVE-2020-15888 affecting package lua 5.3.5-9

CVE-2020-15888 affecting package lua 5.3.5-9. A patched version of the package is available...

CVE-2019-6706 affecting package lua 5.3.5-9

CVE-2019-6706 affecting package lua 5.3.5-9. A patched version of the package is available...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2020-2455)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

vim: users can execute arbitrary OS commands via scripting interfaces in the rvim restricted mode

A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found that users could still execute some arbitrary OS commands in the restricted mode. This flaw was fixed by filtering the functions that can call OS commands...

EulerOS 2.0 SP2 : vim (EulerOS-SA-2020-2404)

According to the version of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces e.g., Python, Ruby, o...

[ASA-202010-5] lua: arbitrary code execution

Arch Linux Security Advisory ASA-202010-5 ========================================= Severity: High Date : 2020-10-18 CVE-ID : CVE-2020-15888 CVE-2020-15889 Package : lua Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1207 Summary ======= The package lua...

Fedora 32 : prosody (2020-a48bf86c27)

Prosody 0.11.7 ============== This is a security release for the 0.11.x stable branch. It is strongly recommended that all users upgrade to this release, especially those whose deployments have enabled modwebsocket. As well as upgrading, we recommend all public deployments to review and configure...

Fedora 31 : prosody (2020-1e1b527524)

Prosody 0.11.7 ============== This is a security release for the 0.11.x stable branch. It is strongly recommended that all users upgrade to this release, especially those whose deployments have enabled modwebsocket. As well as upgrading, we recommend all public deployments to review and configure...

Fedora: Security Advisory for prosody (FEDORA-2020-1e1b527524)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for prosody (FEDORA-2020-a48bf86c27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 31 Update: prosody-0.11.7-1.fc31

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

[SECURITY] Fedora 32 Update: prosody-0.11.7-1.fc32

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

CVE-2020-15889 affecting package lua 5.3.5-9

CVE-2020-15889 affecting package lua 5.3.5-9. A patched version of the package is available...

PoetRAT: Malware targeting public and private sector in Azerbaijan evolves

By Warren Mercer, Paul Rascagneres and Vitor Ventura. The Azerbaijan public sector and other important organizations are still targeted by new versions of PoetRAT.This actor leverages malicious Microsoft Word documents alleged to be from the Azerbaijan government.The attacker has moved from Pytho...

[SECURITY] Fedora 33 Update: prosody-0.11.7-1.fc33

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

Cisco IOS XE Software Arbitrary Code Execution (cisco-sa-ios-lua-rce-7VeJX4f)

According to its self-reported version, Cisco IOS XE Software is affected by an arbitrary code execution vulnerability in its Lua interpreter due to insufficient permission checks on Lua function calls. An authenticated, local attacker can exploit this to bypass authentication and execute arbitra...