This Metasploit module exploits a file upload vulnerability in Kace K1000 versions 5.0 to 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 which allows unauthenticated users to execute arbitrary commands under the context of the ‘www’ user. This Metasploit module also abuses the ‘KSudoClient::RunCommandWait’ function to gain root privileges. This Metasploit module has been tested successfully with Dell KACE K1000 version 5.3.
Monthly Archives: April 2016
Texas Instruments Calculators Emulator 3.03-nogdb+dfsg-3 Buffer Overflow
Texas Instruments Calculators Emulator version 3.03-nogdb+dfsg-3 suffers from a buffer overflow vulnerability.
Webline CMS 2016Q2 SQL Injection
Webline CMS 2016Q2 suffers from a remote SQL injection vulnerability.
Broken IBM Java Patch Prompts Another Disclosure
Current versions of IBM SDK 7 and SDK 8 remain vulnerable to a 2013 Java vulnerability. Security Explorations discovered the original patch is broken and disclosed details on the flaw and a proof-of-concept exploit.
Qbot returns: New strain of data-stealing malware detected
Security researchers have detected a new, updated strain of the data-stealing trojan Qbot that is “harder to detect and intercept”.
The post Qbot returns: New strain of data-stealing malware detected appeared first on We Live Security.
So, FBI Director also Puts Tape Over His Webcam
What do you do to protect your ‘Privacy’ while using your computer?
FBI Director James Comey uses tape to cover up his laptop webcam to ensure Privacy.
Yes, you heard it right. During the Q&A session at Kenyon College last week, Comey said that he uses tape to cover his laptop webcam in order to mitigate the danger of secret surveillance.
While giving a speech about encryption and
CVE-2014-6276
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
CVE-2014-9766
Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values.
CVE-2015-8304
Integer overflow in Huawei P7 phones with software before P7-L07 V100R001C01B606 allows remote attackers to gain privileges via a crafted application with the system or camera permission.
CVE-2015-8620
Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privileges via a Unicode file path in an IOCTL request.