This Metasploit module exploits a directory traversal vulnerability in ATutor on an Apache/PHP setup with display_errors set to On, which can be used to allow us to upload a malicious ZIP file. On the web application, a blacklist verification is performed before extraction, however it is not sufficient to prevent exploitation. You are required to login to the target to reach the vulnerability, however this can be done as a student account and remote registration is enabled by default. Just in case remote registration isn't enabled, this module uses 2 vulnerabilities in order to bypass the authentication.
785e70dc713dbe9859a24caed94df37a4548874034fcd9af2cb5fcfe2e29d3b8
HP Security Bulletin HPSBGN03444 2 - Potential vulnerabilities have been identified in HPE Network Automation. The vulnerabilities could allow remote code execution and disclosure of sensitive information. Revision 2 of this advisory.
8825a302f1a200b2f6239bd036841adc3188f5ef702fd54e39a2aeb0732b7666
Debian Linux Security Advisory 3534-1 - Guido Vranken discovered several vulnerabilities in dhcpcd, a DHCP client, which may result in denial of service.
180e4ab5184446f56627604e2ffd71bdd1d2b5b45b77c3827eb4fd8571839142
Ubuntu Security Notice 2943-1 - It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code.
6cbac82f606750aa69956cb42539b0ebda39d70b7a7b4d1a637a32d433f9abaf
There is a remote debugger stub listening by default on a new install of TrendMicro Antivirus that can be exploited to launch executables.
191c3b9d20b797c02c3aeb399b9f99fed1f18221adf47c360e14714b35343f0c
Debian Linux Security Advisory 3533-1 - Kashyap Thimmaraju and Bhargava Shastry discovered a remotely triggerable buffer overflow vulnerability in openvswitch, a production quality, multilayer virtual switch implementation. Specially crafted MPLS packets could overflow the buffer reserved for MPLS labels in an OVS internal data structure. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially, execution of arbitrary code.
559ae703847f6849bf11664afeaad36e97e981adfe2d76de0bc1963a704f8f22
Manage Engine Desktop Central version 9.1.0 build 91099 suffers from a cross site scripting vulnerability.
f8ccfebb4e934635d94e79bd0f76926af384cafb4f57181e94a1a6e511b9d44e
Fireware XTM Web UI versions prior to 11.10.7 suffer from an open redirection vulnerability.
9cf0d50a76454efe4c350846c2758f2facd9d84fa66efc3f5409c80f01a2a26b