#linux

Debian Linux Security Advisory 5763-1 - William Khem-Marquez discovered that Pymatgen, a Python library for materials analysis, could be tricked into running arbitrary code if a malformed CIF file is processed.

Loan Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

This Metasploit modules exploits the VMware Server Directory Traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files. Common VMware server ports 80/8222 and 443/8333 SSL. If you want to download the entire VM, check out the gueststealer tool.

MantisBT before 1.3.10, 2.2.4, and 2.3.1 are vulnerable to unauthenticated password reset.

This Metasploit module exploits a directory traversal vulnerability in the WebAdmin interface of Axigen, which allows an authenticated user to read and delete arbitrary files with SYSTEM privileges. The vulnerability is known to work on Windows platforms. This Metasploit module has been tested successfully on Axigen 8.10 over Windows 2003 SP2.

This Metasploit module exploits an authentication bypass vulnerability in different Netgear devices. It allows you to extract the password for the remote management interface.

This Metasploit module abuses a vulnerability in WebNMS Framework Server 5.2 that allows an unauthenticated user to download files off the file system by using a directory traversal attack on the FetchFile servlet. Note that only text files can be downloaded properly, as any binary file will get mangled by the servlet. Also note that for Windows targets you can only download files that are in the same drive as the WebNMS installation. This Metasploit module has been tested with WebNMS Framework Server 5.2 and 5.2 SP1 on Windows and Linux.

This Metasploit module exploits a vulnerability present in all versions of Telpho10 telephone system appliance. This Metasploit module generates a configuration backup of Telpho10, downloads the file and dumps the credentials for admin login, phpmyadmin, phpldapadmin, etc. This Metasploit module has been successfully tested on the appliance versions 2.6.31 and 2.6.39.

ManageEngine Password Manager Pro (PMP) has an authenticated blind SQL injection vulnerability in SQLAdvancedALSearchResult.cc that can be abused to escalate privileges and obtain Super Administrator access. A Super Administrator can then use his privileges to dump the whole password database in CSV format. PMP can use both MySQL and PostgreSQL databases but this module only exploits the latter as MySQL does not support stacked queries with Java. PostgreSQL is the default database in v6.8 and above, but older PMP versions can be upgraded and continue using MySQL, so a higher version does not guarantee exploitability. This Metasploit module has been tested on v6.8 to v7.1 build 7104 on both Windows and Linux. The vulnerability is fixed in v7.1 build 7105 and above.

This Metasploit module exploits an OS Command Injection vulnerability in some D-Link Routers like the DIR-600 rev B and the DIR-300 rev B. The vulnerability exists in command.php, which is accessible without authentication. This Metasploit module has been tested with the versions DIR-600 2.14b01 and below, DIR-300 rev B 2.13 and below. In order to get a remote shell the telnetd could be started without any authentication.