This Metasploit module exploits a vulnerability found in HP System Management Homepage. By supplying a specially crafted HTTP request, it is possible to control the 'tempfilename' variable in function JustGetSNMPQueue (found in ginkgosnmp.inc), which will be used in a exec() function. This results in arbitrary code execution under the context of SYSTEM. Please note: In order for the exploit to work, the victim must enable the 'tftp' command, which is the case by default for systems such as Windows XP, 2003, etc.
6266db27926cf39ef3e09f70d6ca685c96436473d8a501cfbd635527cd54d34c
This Metasploit module exploits a file upload vulnerability found in LibrettoCMS 1.1.7, and possibly prior. Attackers bypass the file extension check and abuse the upload feature in order to upload a malicious PHP file without authentication, which results in arbitrary remote code execution.
30ecd42376c5e4bb7dd7923719eb84398fa5da45f31326b369732ac687c9d496
HP Security Bulletin HPSBUX02876 SSRT101148 2 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.
8b167f87f0c9355815506c7eeefa983f0028d1289171609aacb0fef7b45c84a6
Alienvault OSSIM open source SIEM version 4.1 suffers from multiple remote SQL injection vulnerabilities.
cec5b0d081cb8bbd769dd87f67d17d9598653efb5fe766c3fed3b0ae82e30776
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
a78332ea4de870009fc30bdc04b1f2fa7b6f440fb098751e6ebd707f31d07f7e
Facebook suffered from an information disclosure vulnerability. If a user uploaded their contacts to Facebook and then proceeded to download their expanded dataset from the DYI (Download Your Information) section, they would receive a file called addressbook.html in their downloaded archive. The addressbook.html is supposed to house the contact information they uploaded. However, due to a flaw in how Facebook implemented this, it also housed contact information from other uploads other users have performed for the same person, provided they had one piece of matching data. This effectively built large dossiers on users and disclosed their information to anyone that knew at least one piece of matching data.
07268c0e796ea6d21e794a4db3101dd9e38d23de66ebb9b581bb627fba66c532
Google Translate suffers from a cross site request forgery vulnerability.
12c75e42342e2b5192e105b93d358210a34123108e4400ed7ac334119313f625
Local SEH buffer overflow code execution exploit for Mediacoder products that generates a malicious .lst file.
bcb66ae72f4f684291f8faab4d2e165bb61d7ebc318e13bb1313b5ccd967ad9b
MediaCoder PMP Edition version 0.8.17 buffer overflow exploit that generates a malicious .m3u file.
9fd7b6968573c582ace30ac22503f1f40315d198996d216a15f72fecb865e032
Local SEH buffer overflow code execution exploit for Mediacoder products that generates a malicious .m3u file.
88cbe9f71bdd8f65081de116b10e0c8cff528229002bfcafc93c7a4c0255f52e
The Slash theme for WordPress suffers from cross site scripting, content spoofing, and path disclosure vulnerabilities.
a99cba04e795f7b79896872c6d6ff57f05ad21de70d7e533d95a3ebf48628267
Prestige Software CMS suffers from a local file disclosure vulnerability.
a65103527976d07ca5756e57a286810cd917abeeb166383e9e823692a7ffbab9
Ubuntu Security Notice 1887-1 - Sebastian Krahmer discovered that Swift used the loads function in the pickle Python module when it was configured to use memcached. A remote attacker on the same network as memcached could exploit this to execute arbitrary code. This update adds a new memcache_serialization_support option to support secure json serialization. For details on this new option, please see /usr/share/doc/swift-proxy/memcache.conf-sample. This issue only affected Ubuntu 12.04 LTS. Alex Gaynor discovered that Swift did not safely generate XML. An attacker could potentially craft an account name to generate arbitrary XML responses to trigger vulnerabilties in software parsing Swift's XML. Various other issues were also addressed.
5b0ad4a79955b664e4b569e89066b103b2e70a89a066264da404f903535c5dfa
Ubuntu Security Notice 1889-1 - David Torgerson discovered that HAProxy incorrectly parsed certain HTTP headers. A remote attacker could use this issue to cause HAProxy to stop responding, resulting in a denial of service.
170292e05c69610f96572ca3fc5b216de334532198eb00640de7931e0985c857
Ubuntu Security Notice 1888-1 - It was discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code. Ilja van Sprundel discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code.
fb7ddb2e13b7cbcbdd9feed3cb6af9c5992db485bff28fb98a834c152dcbdaed
Red Hat Security Advisory 2013-0963-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
fa788ed6640724a39a9d27888724662f9a0a62c5a8c9253349f00f832be6d023
Red Hat Security Advisory 2013-0964-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the attacker's requests being processed as if they were sent by the user. Users of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect.
d96b4622d35295cb0cd295bda0028994ae0856b43e509797204db45817e27fea
This is a whitepaper called SMB Hijacking. Kerberos is defeated.
e4ebb0e6abe8e3336a32bbc733610105b1aadafc45ddc1ff3cd056d26d6b0904
This Metasploit module exploits a file upload vulnerability found in Havalite CMS version 1.1.7. Prior versions are possibly affected. Attackers can abuse the upload feature in order to upload a malicious PHP file without authentication, which results in arbitrary remote code execution.
caf2d6ad9662842ffd45e96d09bc069561d43e22364b1adc6736d0aee2a8406c
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
ff9690317ee886b49eb5e9bd5faebdfdec570476e06a3bdaa52b88f18caaea19
Cisco Security Advisory - Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate the Cisco TelePresence TC and TE Software SIP Denial of Service vulnerabilities are available.
ead88e974b036c9c7fbb50018682a7c6c17b58507aa6e49c8be0b7d9d6c659ee
RSA BSAFE SSL-C version 2.8.7 contains a patch that is designed to help ensure that MAC checking is time invariant in servers in order to mitigate Lucky Thirteen attacks.
3705ff404e79e528a1d4c4f3b3ef61d1564a3c5b98e8c1e65707ec6fa9ccf3b9
GLPI version 0.83.8 suffers from multiple error-based SQL injection vulnerabilities. Input passed via the POST parameter 'users_id_assign' in '/ajax/ticketassigninformation.php' script, POST parameter 'filename' in '/front/document.form.php' script, and POST parameter 'table' in 'glpi/ajax/comments.php' script is not properly sanitized before being used in SQL queries. This can be exploited by a malicious attacker to manipulate SQL queries by injecting arbitrary SQL code in the affected application.
d4ea648da5ce15f6a9a9ff70fced4a4c2d50218825a23a4be4c56ea5f0f90ee9
Red Hat Security Advisory 2013-0958-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application.
3f77eaf4516bbe12c6edbe2aca993604898a19cfaad97a69e04c200768338d2b
Red Hat Security Advisory 2013-0957-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application.
607e92095834e27b38b0876edb3515b60809151352fdfe7243f233f859b32927