| Real Name | Jack |
|---|---|
| Email address | private |
| First Active | 2006-05-21 |
| Last Active | 2016-04-09 |
Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To execute system commands, loading the "untrusted" version of the language is necessary. This requires a superuser. This is usually postgres. The execution should be platform-agnostic, and has been tested on OS X, Windows, and Linux. This Metasploit module attempts to load Perl or Python to execute system commands. As this dynamically loads a scripting language to execute commands, it is not necessary to drop a file on the filesystem. Only Postgres 8 and up are supported.
35a6a49124ad62dab21bd8ac5c63333438e1b0e3ebfa9c2ae8f568b3ec88f1c1MyBB version 1.4.2 suffers from cross site scripting and remote code execution vulnerabilities.
7cd7c424c1fe432f5291c6c5a945c4b21961ebd7c63f0678a83419ea7b5c08fcZDI-06-013 - A flaw in TippingPoint SMS servers exists within the web management interface. Due to insufficient protections on specific directories, an attacker with access to the web interface may be able to view benign data such as the user manual. In the event that the device was being used for backup purposes, it may be possible for an attacker to identify additional information such as configuration settings.
22e745de119fd16e72ea102484da600590711500bd803c123254c0378073e114
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed