This Metasploit module exploits a vulnerability found in HP System Management Homepage. By supplying a specially crafted HTTP request, it is possible to control the 'tempfilename' variable in function JustGetSNMPQueue (found in ginkgosnmp.inc), which will be used in a exec() function. This results in arbitrary code execution under the context of SYSTEM. Please note: In order for the exploit to work, the victim must enable the 'tftp' command, which is the case by default for systems such as Windows XP, 2003, etc.
6266db27926cf39ef3e09f70d6ca685c96436473d8a501cfbd635527cd54d34cThis Metasploit module exploits a file upload vulnerability found in LibrettoCMS 1.1.7, and possibly prior. Attackers bypass the file extension check and abuse the upload feature in order to upload a malicious PHP file without authentication, which results in arbitrary remote code execution.
30ecd42376c5e4bb7dd7923719eb84398fa5da45f31326b369732ac687c9d496HP Security Bulletin HPSBUX02876 SSRT101148 2 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.
8b167f87f0c9355815506c7eeefa983f0028d1289171609aacb0fef7b45c84a6Alienvault OSSIM open source SIEM version 4.1 suffers from multiple remote SQL injection vulnerabilities.
cec5b0d081cb8bbd769dd87f67d17d9598653efb5fe766c3fed3b0ae82e30776Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
a78332ea4de870009fc30bdc04b1f2fa7b6f440fb098751e6ebd707f31d07f7eFacebook suffered from an information disclosure vulnerability. If a user uploaded their contacts to Facebook and then proceeded to download their expanded dataset from the DYI (Download Your Information) section, they would receive a file called addressbook.html in their downloaded archive. The addressbook.html is supposed to house the contact information they uploaded. However, due to a flaw in how Facebook implemented this, it also housed contact information from other uploads other users have performed for the same person, provided they had one piece of matching data. This effectively built large dossiers on users and disclosed their information to anyone that knew at least one piece of matching data.
07268c0e796ea6d21e794a4db3101dd9e38d23de66ebb9b581bb627fba66c532Google Translate suffers from a cross site request forgery vulnerability.
12c75e42342e2b5192e105b93d358210a34123108e4400ed7ac334119313f625Local SEH buffer overflow code execution exploit for Mediacoder products that generates a malicious .lst file.
bcb66ae72f4f684291f8faab4d2e165bb61d7ebc318e13bb1313b5ccd967ad9bMediaCoder PMP Edition version 0.8.17 buffer overflow exploit that generates a malicious .m3u file.
9fd7b6968573c582ace30ac22503f1f40315d198996d216a15f72fecb865e032Local SEH buffer overflow code execution exploit for Mediacoder products that generates a malicious .m3u file.
88cbe9f71bdd8f65081de116b10e0c8cff528229002bfcafc93c7a4c0255f52eThe Slash theme for WordPress suffers from cross site scripting, content spoofing, and path disclosure vulnerabilities.
a99cba04e795f7b79896872c6d6ff57f05ad21de70d7e533d95a3ebf48628267Prestige Software CMS suffers from a local file disclosure vulnerability.
a65103527976d07ca5756e57a286810cd917abeeb166383e9e823692a7ffbab9Ubuntu Security Notice 1887-1 - Sebastian Krahmer discovered that Swift used the loads function in the pickle Python module when it was configured to use memcached. A remote attacker on the same network as memcached could exploit this to execute arbitrary code. This update adds a new memcache_serialization_support option to support secure json serialization. For details on this new option, please see /usr/share/doc/swift-proxy/memcache.conf-sample. This issue only affected Ubuntu 12.04 LTS. Alex Gaynor discovered that Swift did not safely generate XML. An attacker could potentially craft an account name to generate arbitrary XML responses to trigger vulnerabilties in software parsing Swift's XML. Various other issues were also addressed.
5b0ad4a79955b664e4b569e89066b103b2e70a89a066264da404f903535c5dfaUbuntu Security Notice 1889-1 - David Torgerson discovered that HAProxy incorrectly parsed certain HTTP headers. A remote attacker could use this issue to cause HAProxy to stop responding, resulting in a denial of service.
170292e05c69610f96572ca3fc5b216de334532198eb00640de7931e0985c857Ubuntu Security Notice 1888-1 - It was discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code. Ilja van Sprundel discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code.
fb7ddb2e13b7cbcbdd9feed3cb6af9c5992db485bff28fb98a834c152dcbdaedRed Hat Security Advisory 2013-0963-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
fa788ed6640724a39a9d27888724662f9a0a62c5a8c9253349f00f832be6d023Red Hat Security Advisory 2013-0964-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the attacker's requests being processed as if they were sent by the user. Users of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect.
d96b4622d35295cb0cd295bda0028994ae0856b43e509797204db45817e27feaThis is a whitepaper called SMB Hijacking. Kerberos is defeated.
e4ebb0e6abe8e3336a32bbc733610105b1aadafc45ddc1ff3cd056d26d6b0904This Metasploit module exploits a file upload vulnerability found in Havalite CMS version 1.1.7. Prior versions are possibly affected. Attackers can abuse the upload feature in order to upload a malicious PHP file without authentication, which results in arbitrary remote code execution.
caf2d6ad9662842ffd45e96d09bc069561d43e22364b1adc6736d0aee2a8406cSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
ff9690317ee886b49eb5e9bd5faebdfdec570476e06a3bdaa52b88f18caaea19Cisco Security Advisory - Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate the Cisco TelePresence TC and TE Software SIP Denial of Service vulnerabilities are available.
ead88e974b036c9c7fbb50018682a7c6c17b58507aa6e49c8be0b7d9d6c659eeRSA BSAFE SSL-C version 2.8.7 contains a patch that is designed to help ensure that MAC checking is time invariant in servers in order to mitigate Lucky Thirteen attacks.
3705ff404e79e528a1d4c4f3b3ef61d1564a3c5b98e8c1e65707ec6fa9ccf3b9GLPI version 0.83.8 suffers from multiple error-based SQL injection vulnerabilities. Input passed via the POST parameter 'users_id_assign' in '/ajax/ticketassigninformation.php' script, POST parameter 'filename' in '/front/document.form.php' script, and POST parameter 'table' in 'glpi/ajax/comments.php' script is not properly sanitized before being used in SQL queries. This can be exploited by a malicious attacker to manipulate SQL queries by injecting arbitrary SQL code in the affected application.
d4ea648da5ce15f6a9a9ff70fced4a4c2d50218825a23a4be4c56ea5f0f90ee9Red Hat Security Advisory 2013-0958-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application.
3f77eaf4516bbe12c6edbe2aca993604898a19cfaad97a69e04c200768338d2bRed Hat Security Advisory 2013-0957-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application.
607e92095834e27b38b0876edb3515b60809151352fdfe7243f233f859b32927
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed