This Metasploit module exploits a SQL query functionality in ManageEngine EventLog Analyzer v10.6 build 10060 and previous versions. Every authenticated user, including the default “guest” account can execute SQL queries directly on the underlying Postgres database server. The queries are executed as the “postgres” user which has full privileges and thus is able to write files to disk. This way a JSP payload can be uploaded and executed with SYSTEM privileges on the web server. This Metasploit module has been tested successfully on ManageEngine EventLog Analyzer 10.0 (build 10003) over Windows 7 SP1.

Proof of concept exploit code for the Linux Rowhammer DRAM privilege escalation vulnerability.

Centreon version 2.6.1 suffers from a remote shell upload vulnerability.

WordPress Appointment Booking Calendar plugin version 1.1.7 suffers from multiple cross site scripting vulnerabilities.

ProjeQtor version 4.5.2 suffers from a remote shell upload vulnerability.

DNS Spider is a multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.

Ubuntu Security Notice 2747-1 – Dario Weisser discovered that the NVIDIA graphics drivers incorrectly handled certain IOCTL writes. A local attacker could use this issue to possibly gain root privileges.

Open Source Point of Sale version 2.3.1 suffers from a persistent cross site scripting vulnerability.

Collabtive version 2.0 suffers from an arbitrary file upload vulnerability.

Mango Automation version 2.6.0 file upload and arbitrary JSP code execution cross site request forgery exploit.