This Metasploit module exploits a code execution flaw in Novell ZENworks Configuration Management 10 SP3 and 11 SP2. The vulnerability exists in the ZEnworks Control Center application, allowing an unauthenticated attacker to upload a malicious file outside of the TEMP directory and then make a second request that allows for arbitrary code execution. This Metasploit module has been tested successfully on Novell ZENworks Configuration Management 10 SP3 and 11 SP2 on Windows 2003 SP2 and SUSE Linux Enterprise Server 10 SP3.
cac2ca5c89d3eedff27bc84da293cd736f6780ad4a09e145d499b111dfd7d70dThis Metasploit module exploits a vulnerability found in SharePoint Server 2007 SP2. The software contains a directory traversal, that allows a remote attacker to write arbitrary files to the filesystem, sending a specially crafted SOAP ConvertFile request to the Office Document Conversions Launcher Service, which results in code execution under the context of 'SYSTEM'. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of SharePoint on Windows 2003 Servers. It has been successfully tested on Office SharePoint Server 2007 SP2 over Windows 2003 SP2.
7ad8e7d26bc7d8213c68e74fdb77fb2a0f223d16965a4e6425e8d2f9797435cdInsomnia Security Vulnerability Advisory - An insecure URL handling vulnerability exists in Pidgin versions 2.9.0 and below that can be exploited to cause remote code execution. This vulnerability requires user interaction in the form of clicking a malicious crafted URL.
78f433609701f4f1da1ce29a348a9c690cd4095e97081d3ac07d88c61cd8c42fInsomnia Security Vulnerability Advisory - The ODBC service component of IGSS listens on port 20222/tcp by default. The application layer protocol runs over TCP and reads an initial packet that specifies the amount of data to follow. A second read then takes place and the data is copied into a variable length buffer. Next the data is parsed and during this process a buffer overflow occurs on the stack. At minimum this vulnerability leads to denial of service though remote code execution may be possible.
9b00196dabcaf93182f5a536e6c2c63ee2b1c359b79ac0f8472802f7bb57d00fInsomnia Security Vulnerability Advisory - One of the pages included in the admin interface of Up.time Systems Management software contains a function designed to set the administrator password when the interface is loaded for the first time. After this task has been completed the code which processes this request is left in the page. By sending a specially crafted request a remote attacker can abuse this functionality to bypass the servers authentication mechanism and reset the password for any account.
6c9f9fe29a5db7bd0c9e35ad56265abf778b16ff07e28d1298796b7d1a51ecf2Insomnia Security Vulnerability Advisory - EasyManage Content Management System suffers from a remote SQL injection vulnerability.
e5becb2b8475b0b2f94b2eb2b5bbdeb1104541b5cbec60eb630f4d3514ae6443
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed