89 matches found
EUVD-2023-32175
Malicious code in bioql PyPI...
EUVD-2023-32179
Malicious code in bioql PyPI...
EUVD-2023-32176
Malicious code in bioql PyPI...
EUVD-2024-54838
Malicious code in bioql PyPI...
EUVD-2023-32178
Malicious code in bioql PyPI...
EUVD-2023-32174
Malicious code in bioql PyPI...
EUVD-2023-32171
Malicious code in bioql PyPI...
EUVD-2023-32177
Malicious code in bioql PyPI...
CVE-2024-45955
Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter...
CVE-2024-45955
Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter...
CVE-2024-45955
Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter...
CVE-2024-45955
CVE-2024-45955 affects Rocket Software Rocket Zena 4.4.1.26, vulnerable to SQL Injection via the filter parameter. The root cause is described as improper handling of the filter parameter, enabling SQL injection attempts. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) yields a base sco...
CVE-2024-45955
Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter...
Metasploit Weekly Wrap-Up
Rocket Software UniRPC Exploits Ron Bowes submitted two exploit modules for vulnerabilities he discovered in the UniRPC server for Rocket Software’s UniData product. The first exploit module, exploit/linux/misc/unidataudadminauthbypass exploits an authentication bypass to ultimately gain remote...
Rocket Software Unidata udadmin_server Stack Buffer Overflow in Password
This modlue exploits an authentication bypass vulnerability in the Linux version of udadminserver, which is an RPC service that comes with the Rocket Software UniData server, which runs as root. This vulnerability affects UniData versions 8.2.4 build 3003 and earlier for Linux, but this module...
Rocket Software Unidata udadmin_server Authentication Bypass
This module exploits an authentication bypass vulnerability in the Linux version of udadminserver, which is an RPC service that comes with the Rocket Software UniData server. This affects versions of UniData prior to 8.2.4 build 3003. This service typically runs as root. It accepts a username of...
Rocket Software Unidata 8.2.4 Build 3003 Buffer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule The amount of padding required to overwrite the return addr 'offset' = 0x2b8, This returns to "mov rdi, rsp / call system", which means the...
CVE-2023-28506
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow, where a string is copied into a buffer using a memcpy-like function and a user-provided length. This requires a valid login t...
CVE-2023-28504
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow that can lead to remote code execution as the root user...
CVE-2023-28503
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute ...