|
0 members (),
383
guests, and
29
robots. |
Key:
Admin,
Global Mod,
Mod
|
S |
M |
T |
W |
T |
F |
S |
|
1
|
2
|
3
|
4
|
5
|
6
|
7
|
8
|
9
|
10
|
11
|
12
|
13
|
14
|
15
|
16
|
17
|
18
|
19
|
20
|
21
|
22
|
23
|
24
|
25
|
26
|
27
|
28
|
29
|
30
|
|
|
|
|
There are no members with birthdays on this day. |
#470618
Thu 22 Sep 2016 03:56:PM
|
Joined: Feb 2001
Posts: 381,903
Launch Director
|
OP
Launch Director
Joined: Feb 2001
Posts: 381,903 |
This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized function parameter. The constructed object is based on the SektionEins Zend code execution POP chain PoC, with a minor modification to ensure Kaltura processes it and the Zend_Log function's __destruct() method is called. Kaltura versions prior to 11.1.0-2 are affected by this issue. This Metasploit module was tested against Kaltura 11.1.0 installed on CentOS 6.8. Source: Kaltura Remote PHP Code Execution
David Cottle
UBB Owner & Administrator
|
|
CMS The Best Conveyancing solicitors conveyancing quotes throughout the UK
For any webhosting enquiries please email webmaster@aus-city.com
|
Forums60
Topics683,319
Posts717,927
Members2,957
|
Most Online3,142 Jan 16th, 2023
|
|
|
|
Copyright 1996 - 2023 by David Cottle. Designed by David Bate Jr. All Rights Reserved.
By using this forum, the user agrees not to transfer any data or technical information received under the agreement, to any other entity without the express approval of the AUS-CITY Forum Admins and/or authors of individual posts (Forum Admins and DoD/USSPACECOM for the analysis of satellite tracking data).
Two-line elements (TLE) and all other satellite data presented and distributed via this forum and e-mail lists of AUS-CITY are distributed with permission from DoD/USSTRATCOM.
Reprise Hosting
|
|