Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Validates the count of the command buffer payload. The count field in the command header is used to determine the valid payload size. Verify that the valid payload does not exceed the remaining buffer space...

Astra Linux - уязвимость в linux-5.15

A issue was discovered in the Linux kernel before version 6.3.10. The file fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, resulting in a out-of-bounds read...

CVE-2026-23424

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Validate command buffer payload count The count field in the command header is used to determine the valid payload size. Verify that the valid payload does not exceed the remaining buffer space...

CVE-2019-25329 FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)

FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler SEH with malicious input. Attackers can generate a payload of 4108 'A' characters followed by 4 'B' characters and 40 'C' characters to trigger ...

CVE-2023-53921

SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands...

CVE-2021-1979

Possible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2022-25655

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload...

Ubuntu 20.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6445-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6445-2 advisory. It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker...

An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification leading to an out-of-bounds read.

...

CVE-2022-25655

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload...

CVE-2022-25655 Buffer copy without checking the size of input in WLAN HAL.

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload...

CVE-2021-1979

Possible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2021-1979

Possible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

Citrix ADC (NetScaler) Directory Traversal RCE

This module exploits a directory traversal in Citrix Application Delivery Controller ADC, aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command payload. Module Options msf use exploit/freebsd/http/citrixdirtraversalrce msf exploitcitrixdirtraversalrce show...

Apache Shiro v1.2.4 Cookie RememberME Deserial RCE

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Shiro v1.2.4. Note that other versions of Apache Shiro may also be exploitable if the encryption key used by Shiro to encrypt rememberMe cookies is known. This module requires Metasploit:...

Apple Mac OS X - Feedback Assistant Race Condition (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mac OS X Feedback Assistant Race Condition', 'Description' = %q This module exploits a race condition vulnerability in Mac's Feedback Assistant. ...

Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle WebLogic wls-wsat Component Deserialization RCE', 'Description' = %q The Oracle WebLogic WLS WSAT Component is vulnerable to a XML...

GoAhead Web Server LD_PRELOAD Arbitrary Module Load

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GoAhead Web Server LDPRELOAD Arbitrary Module Load', 'Description' = %q This module triggers an arbitrary shared library load vulnerability in...

JCL to Escalate Privileges

Elevate privileges for user. Adds SYSTEM SPECIAL and BPX.SUPERUSER to user profile. Does this by using an unsecured/updateable APF authorized library APFLIB and updating the user's ACEE using this program/library. Note: This privesc only works with z/OS systems using RACF, no other ESM is...

Xerox Multifunction Printers (MFP) "Patch" DLM Vulnerability

This module exploits a vulnerability found in Xerox Multifunction Printers MFP. By supplying a modified Dynamic Loadable Module DLM, it is possible to execute arbitrary commands under root privileges. This module requires Metasploit: https://metasploit.com/download Current source:...