Multiple Vulnerabilities in South River Technologies Titan MFT and Titan SFTP [FIXED]

As part of our continuing research project into managed file transfer risk, including JSCAPE MFT and Fortra Globalscape EFT Server, Rapid7 discovered several vulnerabilities in South River Technologies’ Titan MFT and Titan SFTP servers. Although these require unusual circumstances or non-default...

CVE-2023-3967

Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception due to the lack of error handling in the TCP server. An attacker can cause a denial of service by initiating a significant number of connections with the server. Note: This is only exploitable if the server is running...

CVE-2023-4801

An improper certification validation vulnerability in the Insider Threat Management ITM Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to...

PT-2023-30643

Name of the Vulnerable Software and Affected Versions gRPC versions 1.23 and later Description The issue is related to a lack of error handling in the TCP server in Google's gRPC, which allows an attacker to cause a denial of service by initiating a significant number of connections with the...

PT-2023-4835 · Mozilla · Vpn

Name of the Vulnerable Software and Affected Versions: Mozilla VPN client for Linux versions prior to 2.16.1 Description: The issue is related to an invalid Polkit Authentication check and missing authentication requirements for D-Bus methods, allowing any local user to configure arbitrary VPN...

CVE-2023-25841

There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 11.0 and below on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

IBM DB2 安全漏洞

IBM DB2 is a relational database management system from International Business Machines IBM. The system is implemented in UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2 that stems from vulnerability to insufficient audit logging...

HTTPS Fetch, Linux Command Shell, Bind TCP Random Port Inline

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options msf use payload/cmd/linux/https/x86/shellbindtcprandomport msf payloadshellbindtcprandomport show...

HTTPS Fetch, Linux Meterpreter Service, Bind TCP

Fetch and execute an x86 payload from an HTTPS server. Stub payload for interacting with a Meterpreter Service Module Options msf use payload/cmd/linux/https/x86/metsvcbindtcp msf payloadmetsvcbindtcp show actions ...actions... msf payloadmetsvcbindtcp set ACTION msf payloadmetsvcbindtcp show...

HTTP Fetch, Bind TCP Stager

Fetch and execute a x86 payload from an HTTP server. Listen for a connection Module Options msf use payload/cmd/linux/http/x86/meterpreter/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and set options...

HTTPS Fetch, Bind TCP Stager (Linux x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Linux x86 Module Options msf use payload/cmd/linux/https/x86/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... ms...

HTTP Fetch, Bind TCP Stager (Linux x86)

Fetch and execute a x86 payload from an HTTP server. Listen for a connection Linux x86 Module Options msf use payload/cmd/linux/http/x86/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... msf...

HTTP Fetch, Linux Command Shell, Bind TCP Stager with UUID Support (Linux x86)

Fetch and execute a x86 payload from an HTTP server. Spawn a command shell staged. Listen for a connection with UUID Support Linux x86 Module Options msf use payload/cmd/linux/http/x86/shell/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf...

TFTP Fetch, Linux Meterpreter Service, Reverse TCP Inline

Fetch and execute a x86 payload from a TFTP server. Stub payload for interacting with a Meterpreter Service Module Options msf use payload/cmd/linux/tftp/x86/metsvcreversetcp msf payloadmetsvcreversetcp show actions ...actions... msf payloadmetsvcreversetcp set ACTION msf payloadmetsvcreversetcp...

HTTPS Fetch, Linux Command Shell, Find Tag Inline

Fetch and execute an x86 payload from an HTTPS server. Spawn a shell on an established connection proxy/NAT safe Module Options msf use payload/cmd/linux/https/x86/shellfindtag msf payloadshellfindtag show actions ...actions... msf payloadshellfindtag set ACTION msf payloadshellfindtag show optio...

Security Bulletin: "Administration Console can be switched to debug mode" may affect IBM CICS TX Standard

Summary "Administration Console can be switched to debug mode" may affect IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-33848 DESCRIPTION: IBM CICS TX could allow a privileged user to obtain highly sensitive information by enabli...

CVE-2023-0635

Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux 2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules, ABB Ltd. NEXUS Series on NEXUS Series, Linux 2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021,...

TFTP Fetch

Fetch and execute an x64 payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/x64/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...

TFTP Fetch, Linux x64 Command Shell, Bind TCP Inline (IPv6)

Fetch and execute an x64 payload from a TFTP server. Listen for an IPv6 connection and spawn a command shell Module Options msf use payload/cmd/linux/tftp/x64/shellbindipv6tcp msf payloadshellbindipv6tcp show actions ...actions... msf payloadshellbindipv6tcp set ACTION msf payloadshellbindipv6tcp...