- Advertisement -
Current Threats
Vuln: Mozilla Firefox MFSA2019-01 Multiple Security VulnerabilitiesVuln: Gemalto Sentinel UltraPro ICSA-19-073-02 Security VulnerabilityVBScript VbsErase Memory CorruptionMicrosoft Edge Flash click2play BypassJFrog Artifactory Pro 6.5.9 Signature ValidationGNU Privacy Guard 2.2.14Vuln: Oracle Web Cache CVE-2019-2438 Remote Security VulnerabilityVuln: Oracle E-Business Suite Cpujan2019 Multiple Security VulnerabilitiesVuln: Oracle PeopleSoft Enterprise PeopleTools Multiple Remote Security Vulnerabilities[remote] BMC Patrol Agent – Privilege Escalation Code Execution Execution (Metasploit)Vuln: Oracle Java SE/Java SE Embedded/JRockit CVE-2018-3180 Remote Security VulnerabilityUbuntu Security Notice USN-3906-2Jenkins ACL Bypass / Metaprogramming Remote Code ExecutionVuln: PHP Information Disclosure and Heap Buffer Overflow Vulnerabilities[local] WinRAR 5.61 – Path TraversalVuln: Microsoft Azure Linux Guest Agent CVE-2019-0804 Local Information Disclosure VulnerabilityVuln: RSA Archer GRC Platform CVE-2019-3716 Local Information Disclosure VulnerabilityVuln: IBM Spectrum Scale CVE-2018-1723 Information Disclosure VulnerabilityVuln: Oracle Java SE CVE-2018-2973 Remote Security Vulnerability[local] Microsoft Windows MSHTML Engine – “Edit” Remote Code Execution[webapps] pfSense 2.4.4-p1 (HAProxy Package 0.59_14) – Persistent Cross-Site Scripting[remote] elFinder PHP Connector < 2.1.48 – exiftran Command Injection (Metasploit)[remote] Apache Tika-server < 1.18 – Command Injection[webapps] Intel Modular Server System 10.18 – Cross-Site Request Forgery (Change Admin Password)[webapps] Pegasus CMS 1.0 – ‘extra_fields.php’ Plugin Remote Code Execution[remote] FTPGetter Standard 5.97.0.177 – Remote Code Execution[remote] Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API – Remote Code Execution[webapps] NetData 1.13.0 – HTML Injection[webapps] CMS Made Simple Showtime2 Module 3.6.2 – Authenticated Arbitrary File Upload[remote] Mail Carrier 2.5.1 – ‘MAIL FROM’ Buffer Overflow[webapps] ICE HRM 23.0 – Multiple Vulnerabilities[webapps] Vembu Storegrid Web Interface 4.4.0 – Multiple VulnerabilitiesUbuntu Security Notice USN-3910-2[webapps] Laundry CMS – Multiple VulnerabilitiesUbuntu Security Notice USN-3910-1[webapps] Moodle 3.4.1 – Remote Code ExecutionFujitsu LX901 GK900 Keystroke InjectionBMC Patrol Agent Privilege Escalation / Command ExecutionWebmin 1.900 Upload Authenticated Remote Command ExecutionVuln: Microsoft Windows Win32k CVE-2019-0808 Local Privilege Escalation VulnerabilityVuln: Google Chrome Prior to 73.0.3683.75 Multiple Security VulnerabilitiesIPv6 Security For IPv4 EngineersPegasus CMS 1.0 Remote Code ExecutionApache UNO API Remote Code ExecutionUbuntu Security Notice USN-3908-2Ubuntu Security Notice USN-3909-1Cisco Common Service Platform Collector Hardcoded CredentialsRoot Cause Of The CVE-2019-0808 Kernel Privilege EscalationVuln: Oracle Java SE CVE-2019-2449 Remote Security VulnerabilityVuln: Oracle Java SE CVE-2018-11212 Remote Security VulnerabilityVuln: Apache Solr CVE-2017-3164 Server Side Request Forgery Security Bypass Vulnerability[local] Sony Playstation 4 (PS4) < 6.20 – WebKit Code Execution (PoC)[shellcode] Linux/x86 – MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes)[shellcode] Linux/x86 – Polymorphic execve(/bin/sh) Shellcode (63 bytes)[webapps] Liferay CE Portal < 7.1.2 ga3 – Remote Command Execution (Metasploit)ntopng 3.8.190307 Community Edition Cross Site Scripting[webapps] OpenKM 6.3.2 < 6.3.7 – Remote Command Execution (Metasploit)Intel Modular Server System 10.18 Cross Site Request Forgery[webapps] PRTG Network Monitor 18.2.38 – Authenticated Remote Code Execution[webapps] Flexpaper PHP Publish Service 2.3.6 – Remote Code Execution[dos] Linux Kernel 4.4 (Ubuntu 16.04) – ‘snd_timer_user_ccallback()’ Kernel Pointer Leak[local] NetSetMan 4.7.1 – Local Buffer Overflow (SEH Unicode)[webapps] PilusCart 1.4.1 – Cross-Site Request Forgery (Add Admin)[dos] Core FTP 2.0 build 653 – ‘PBSZ’ Denial of Service (PoC)[dos] Microsoft Windows – .reg File / Dialog Box Message Spoofing[dos] Core FTP Server FTP / SFTP Server v2 Build 674 – ‘MDTM’ Directory Traversal[dos] Core FTP Server FTP / SFTP Server v2 Build 674 – ‘SIZE’ Directory TraversalVuln: Vixie Cron CVE-2019-9705 Denial of Service Vulnerability[webapps] WordPress Plugin GraceMedia Media Player 1.0 – Local File InclusionVuln: Wibu Systems WibuKey DRM Multiple Input Validation VulnerabilitiesVuln: Microsoft NuGet Package Manager CVE-2019-0757 Tampering Security Bypass VulnerabilityUbuntu Security Notice USN-3907-1Ubuntu Security Notice USN-3902-2Ubuntu Security Notice USN-3908-1Vuln: SAP BusinessObjects Business Intelligence CVE-2019-0265 XML External Entity Injection VulnerabilityCore FTP 2.0 Build 653 PBSZ Denial Of ServiceVuln: SAP Netweaver ABAP CVE-2019-0265 XML External Entity Injection VulnerabilityPilusCart 1.4.1 Cross Site Request ForgeryVuln: SAP Work and Inventory Manager CVE-2019-0274 Denial of Service Vulnerabilityrobinbhandari FTP Remote Denial Of ServiceVuln: SAP NetWeaver Java AS CVE-2019-0275 Cross Site Scripting VulnerabilityUbuntu Security Notice USN-3906-1elFinder PHP Connector exiftran Command InjectionVuln: SAP Netweaver ABAP Server CVE-2019-0271 XML External Entity Injection VulnerabilityVuln: Adobe Photoshop CC CVE-2019-7094 Arbitrary Code Execution VulnerabilityVuln: SAP HANA Extended Application Services CVE-2019-0277 XML External Entity Injection VulnerabilityVuln: NTP CVE-2019-8936 Denial of Service VulnerabilityVuln: EDK2 CVE-2018-12181 Stack Buffer Overflow Vulnerability[webapps] DirectAdmin 1.55 – ‘CMD_ACCOUNT_ADMIN’ Cross-Site Request Forgery[papers] Flexpaper[webapps] OrientDB 3.0.17 GA Community Edition – Cross-Site Request Forgery / Cross-Site Scripting[webapps] McAfee ePO 5.9.1 – Registered Executable Local Access Bypass[shellcode] Linux/x86 – INSERTION Encoder / Decoder execve(/bin/sh) Shellcode (88 bytes)[webapps] WordPress Core 5.0 – Remote Code Execution[webapps] phpBB 3.2.3 – Remote Code ExecutionVuln: Cisco NX-OS Software CVE-2019-1603 Local Privilege Escalation Vulnerability[remote] Oracle Weblogic Server – Deserialization Remote Command Execution (Patch Bypass)Vuln: Cisco NX-OS Software CVE-2019-1602 Local Insecure File Permissions Vulnerability[remote] TeamCity < 9.0.2 – Disabled Registration Bypass[papers] File transfer skills in the red team post penetration test

Cyber Watch

- Advertisement -

Deeper Learning