This update includes a module exploiting a vulnerability found in Bash. When using PureFTPd in conjuntion with the vulnerable Bash version for user authentication, a Core Impact agent is installed.
On x86_64 Intel CPUs, sysret to a non-canonical address causes a fault on the sysret instruction itself after the stack pointer has been set to a usermode-controlled value, but before the current privilege level (CPL) is changed.
A flaw in the ptrace subsystem of the Linux kernel allows a tracer process to set the RIP register of the tracee to a non-canonical address, which is later used when returning to user space with a sysret instruction instead of iret after a system call, thus bypassing sanity checks that were previously introduced to fix related vulnerabilities.
This vulnerability can be used by a local unprivileged attacker to corrupt kernel memory and gain root privileges on the affected system.
A flaw in the ptrace subsystem of the Linux kernel allows a tracer process to set the RIP register of the tracee to a non-canonical address, which is later used when returning to user space with a sysret instruction instead of iret after a system call, thus bypassing sanity checks that were previously introduced to fix related vulnerabilities.
This vulnerability can be used by a local unprivileged attacker to corrupt kernel memory and gain root privileges on the affected system.
Insufficient sanitization in Openfile's /admin/system.html 'Hostname' field, leads to remote code execution.
This update fixes the exploit category.
This update fixes the exploit category.
A missing boundary check in the TLS Heartbeat extension in OpenSSL can be abused by remote attackers to read up to 64 kb of memory from the server.
This memory disclosure vulnerability can be used by remote unauthenticated attackers to obtain sensitive information from the affected server, including private keys and session cookies.
This update adds features to the module, like the ability to read 64 kb of data from vulnerable services, reporting the results in the Module Output window, and saving the memory dumps to disk. It also improves the compatibility with OpenSSL services and adds support for FTPS.
This memory disclosure vulnerability can be used by remote unauthenticated attackers to obtain sensitive information from the affected server, including private keys and session cookies.
This update adds features to the module, like the ability to read 64 kb of data from vulnerable services, reporting the results in the Module Output window, and saving the memory dumps to disk. It also improves the compatibility with OpenSSL services and adds support for FTPS.
Insufficient sanitization in Openfile's /admin/system.html 'Hostname' field, leads to remote code execution.
The /CFIDE/adminapi/customtags/l10n.cfm page in Adobe ColdFusion does not properly validate its attributes.file parameter. This can be abused by a remote unauthenticated attacker to execute arbitrary code on vulnerable servers.
The best practice for web applications built on top of the Apache Struts 2 framework is to switch off Developer Mode (struts.devMode parameter in the struts.xml configuration file) before going into production.
When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter.
This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system.
This update fixes the CVE identifier associated with the vulnerability exploited by this module.
When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter.
This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system.
This update fixes the CVE identifier associated with the vulnerability exploited by this module.
This module exploits a vulnerability in the Linux Kernel. The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local attackers to escalate privileges triggering a race condition involving read and write operations with long strings.
The best practice for web applications built on top of the Apache Struts 2 framework is to switch off Developer Mode (struts.devMode parameter in the struts.xml configuration file) before going into production.
When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter.
This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system.
When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter.
This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system.
This module exploits a vulnerability in OpenSSL by sending a "Change Ciper Spec" message to the server.
This vulnerability allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake.
This vulnerability allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake.