4 - 2017 - :: Deepquest ::

>> Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation

USER: deepcore // 2017-04-25 // 0 CMT

An attacker can abuse functionality provided by a script which may be run with root privilege in order to elevate privilege on Solarwinds Log and Event Manager Virtual Appliance version…

[EXPLOIT]

>> Solarwinds LEM 6.3.1 Shell Escape Command Injection

USER: deepcore // 2017-04-25 // 0 CMT

Insufficient input validation in the management interface can be leveraged in order to execute arbitrary commands. This can lead to (root) shell access to the underlying operating system on Solarwinds…

[EXPLOIT]

>> Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read

USER: deepcore // 2017-04-25 // 0 CMT

The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for…

[EXPLOIT]

>> Solarwinds LEM 6.3.1 Hardcoded Credentials

USER: deepcore // 2017-04-25 // 0 CMT

The Postgres database on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has default hardcoded credentials. While some security measures were taken to ensure that network connectivity to the…

[EXPLOIT]

>> Microsoft Office Word Malicious Hta Execution

USER: deepcore // 2017-04-25 // 0 CMT

This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an olelink object…

[EXPLOIT]

>> Safari Browser Memory Corruption

USER: deepcore // 2017-04-22 // 0 CMT

Safari suffers from an out-of-bounds memcpy in Array.concat that can lead to memory corruption.

[EXPLOIT]

>> WordPress Connection Information Cross Site Request Forgery

USER: deepcore // 2017-04-22 // 0 CMT

The FTP/SSH form functionality of WordPress was found to be vulnerable to cross site request forgery. WordPress versions 4.5.3 through 4.7.4 are affected.