FTGate 2009 SR3 May 13 2010 Build 6.4.000 suffers from multiple cross site scripting vulnerabilities.

FTGate version 7 suffers from multiple cross site request forgery vulnerabilities.

This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This Metasploit module has been tested with Kaseya v7.0.0.17, v8.0.0.10 and v9.0.0.3.

This Metasploit module exploits the CnC web panel of Zemra Botnet which contains a backdoor inside its leaked source code. Zemra is a crimeware bot that can be used to conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra.

This Metasploit module exploits unauthenticated simple web backdoor shells by leveraging the common backdoor shell’s CMD parameter to execute commands. The SecLists project of Daniel Miessler and Jason Haddix has a lot of samples for these kind of backdoor shells which is categorized under Payloads.

Ubuntu Security Notice 2760-1 – It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

HP Security Bulletin HPSBPV03516 1 – A potential security vulnerability has been identified with the HP VAN SDN Controller running SSLv3. This is the SSLv3 vulnerability known as “Padding Oracle on Downgraded Legacy Encryption” also known as “Poodle”, which could be exploited remotely resulting in disclosure of privileged information. Revision 1 of this advisory.

Red Hat Security Advisory 2015-1858-01 – Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. The mod_proxy_fcgi package provides a proxy module for the Apache 2.2 HTTP server. A buffer overflow flaw was found in mod_proxy_fcgi’s handle_headers() function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash.

Red Hat Security Advisory 2015-1855-01 – Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. The mod_proxy_fcgi package provides a proxy module for the Apache 2.2 HTTP server. A buffer overflow flaw was found in mod_proxy_fcgi’s handle_headers() function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash.

Ubuntu Security Notice 2759-1 – It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.