This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute arbitrary code.
1f41176251557dfc0d1185653a49b2e6
This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.0 and 7.53. By sending a CGI request with a specially OvOSLocale cookie to Toolbar.exe, an attacker may be able to execute arbitrary code. Please note that this module only works against a specific build (ie. NNM 7.53_01195)
1a32c91dbc2998a78f72a8842250d61e
This Metasploit module takes advantage of the default configuration of the RMI Registry and RMI Activation services, which allow loading classes from any remote (HTTP) URL. As it invokes a method in the RMI Distributed Garbage Collector which is available via every RMI endpoint, it can be used against both rmiregistry and rmid, and against most other (custom) RMI endpoints as well. Note that it does not work against Java Management Extension (JMX) ports since those do not support remote class loading, unless another RMI endpoint is active in the same Java process. RMI method calls do not support or require any sort of authentication.
199c79c7d7f3ff41f8d63cc362f3614f
Ubuntu Security Notice 1150-1 - Multiple vulnerabilities were fixed in Thunderbird. Multiple memory vulnerabilities were discovered in the browser rendering engine. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. Various other issues were also addressed.
4c16eeb5bca0f2eb1af17bfc737f43ec
Ubuntu Security Notice 1170-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. It was discovered that Xen did not correctly handle certain block requests. A local attacker in a Xen guest could cause the Xen host to use all available CPU resources, leading to a denial of service. Various other issues were also addressed.
909b3fb287fb01361d24f320d5126426
MyST BlogSite suffers from arbitrary URL redirection and information leakage vulnerabilities.
665c3752c7c7967cff34847c9a64c9ef
Debian Linux Security Advisory 2254-2 - Jamie Strandboge noticed that the patch proposed to fix CVE-2011-1760 in OProfile has been incomplete. OProfile is a performance profiling tool which is configurable by opcontrol, its control utility. Stephane Chauveau reported several ways to inject arbitrary commands in the arguments of this utility. If a local unprivileged user is authorized by sudoers file to run opcontrol as root, this user could use the flaw to escalate his privileges.
e0e739c5dff9867a6e0776fef8707ff8
Whitepaper called Using Metasploit With Nessus Bridge On Ubuntu. The author discusses using the autopwn feature in Metasploit, running Nessus from within Metasploit, choices of databases to use, and the benefits of each.
766f4a856aa3f0e813b475eecaa34efc
Malware Analyser is freeware tool to perform static and dynamic analysis on malwares.
ba35d7a06043feac7b076c2e2f472468
This is a brief whitepaper called HTTP Parameter Contamination (HPC) Attack / Research.
b2608b0ad6615d2db4c78b1e09a4df76
Interactive World suffers from cross site scripting and remote SQL injection vulnerabilities.
133531cc7ce814e3946a3b3e04942ca3
Slackware Security Advisory - New mozilla-firefox packages have been released for Slackware 13.0 and 13.1 to address security issues.
b7765619815124262458c7d4f9efba5b
iDefense Security Advisory 07.14.11 - Remote exploitation of a buffer overflow in Citrix Systems, Inc.'s Access Gateway Client ActiveX control allows remote attackers to execute arbitrary code. To exploit this vulnerability, a targeted user must load a malicious Web page created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. Versions affected are 8.1 prior to 8.1-67.7, 9.0 prior to 9.0-70.5, and 9.1 prior to 9.1-96.4.
31b1032c478986d6ec9d6fe7a11ba3ea
Chyrp versions 2.1 and below suffer from cross site scripting, local file inclusion, shell upload, and directory traversal vulnerabilities. Both the oCERT and original advisories are included here.
d2e9d03bb363c9b30358d7e88edeeb59
Slackware Security Advisory - New seamonkey packages have been released for Slackware 13.37 and -current to address security issues.
9078eea11c95bba500abc71e179af613
Ubuntu Security Notice 1168-1 - Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. Neil Horman discovered that NFSv4 did not correctly handle certain orders of operation with ACL data. A remote attacker with access to an NFSv4 mount could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.
008971a8f4ff5922d49f6b7f64cd0166
Tomcat versions 7.0.0 through 7.0.18, 6.0.0 through 6.0.32, and 5.5.0 through 5.5.33 suffer from an information disclosure vulnerability. Tomcat provides support for sendfile with the HTTP NIO and HTTP APR connectors. sendfile is used automatically for content served via the DefaultServlet and deployed web applications may use it directly via setting request attributes. These request attributes were not validated.
aec71d20e0bebf4161b75c359a8d9a9c
Dell IT Assistant detectIESettingsForITA.ocx Active-X control readRegVal() remote registry dump exploit.
649c55abd626a502b88a188681be5acd
Paltalk Messenger version 10.0 suffers from an Active-X insecure method vulnerability.
78732181ef46408d3d6dc9ff1e6aaec0
A persistent cross site scripting vulnerability exists in the Oracle I-Recruitment portal. The account information page allows the user to upload his resume in Microsoft Word document. An attacker can construct a malicious MSWord file to conduct the attack by setting a cross site scripting payload in hyperlinks in order to bypass conversion filters. Versions 11.5.10.2, 12.0.6, and 12.1.3 are affected.
915143d62fe7b7aa1ae2e6f7397f485b
Etoshop suffers from a remote blind SQL injection vulnerability.
6f7bd38d14e377ac6a7a70af7250fb2a