This Metasploit module exploits the Oracle Job Scheduler to execute arbitrary commands. The Job Scheduler is implemented via the component extjob.exe which listens on a named pipe called "orcljsex<SID>" and execute arbitrary commands received throw this channel via CreateProcess(). In order to connect to the Named Pipe remotely SMB access is required. This Metasploit module has been tested on Oracle 10g Release 1 where the Oracle Job Scheduler runs as SYSTEM on Windows but it's disabled by default.
a5520991853dfba840715d948313a5ca0eee49a3177ec837c2761cf043b2c418Open Conference Systems versions 2.3.4 and below, Open Journal Systems version 2.3.6 and below and Open Harvester Systems versions 2.3.1 and below remote code execution exploit.
c8514bceee7ade59cbec79ac89af4009e9637eb3d5dcbf7b21c50429755f0ec6This Metasploit module exploits a SIP username enumeration vulnerability in Asterisk. Performs a REGISTER scan for numeric peer usernames having a nat setting different to global sip nat setting. Works even when alwaysauthreject=yes. For this exploit to work, the source port cannot be 5060.
54da0d99e312b44be212dc5220e9ea0fef3a31a1f8a4b91a6f8f48f53c53ca09Secunia Security Advisory - A vulnerability has been discovered in Whois.Cart, which can be exploited by malicious people to conduct cross-site scripting attacks.
2a8873fd498e4864aec167d8bf600d099f08566136857d5e4a2f66caca79f71eSecunia Security Advisory - Multiple vulnerabilities have been reported in HP Managed Printing Administration, which can be exploited by malicious people to compromise a vulnerable system.
9a68c26e6c8423e9131753236ea182eab70f56400c1c0677734986cd0affde57Secunia Security Advisory - Debian has issued an update for unbound. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
a5a00b15c00059d648cbd48c4ff05d6f977c75338250418f6a806ea9e05f5f03Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to gain escalated privileges.
635187466a9d994594e720ac93f94f792231827fad4311342c1ac4e7802bf083Secunia Security Advisory - A vulnerability has been discovered in Tiki Wiki CMS/Groupware, which can be exploited by malicious people to conduct cross-site request forgery attacks.
e09495fbd2214dc75e8da3a79c84401071d4d268c8ea782bfef8dab078f6929cSecunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a user's system.
d29a97290ba10d51b169d16b55b77f9fc68ba8534935da3f161abb98a80cd652Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows Phone, which can be exploited by malicious people to cause a DoS (Denial of Service).
d601ccb7ff992a42790dba8ecaa8246e8be0d11887d8ec7d2c601ebdbaab5794Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in Open Business Management, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose potentially sensitive information and conduct cross-site scripting and SQL injection attacks.
58a9baff3abf620f79e6309791bac2fc3c40860fe2d454c21233b53076509394Secunia Security Advisory - Multiple vulnerabilities have been reported in Websense products, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a vulnerable system.
19e07477de40c94c6fbe93ecaa6643e97f28171f4060f91f308de2017aad553bSecunia Security Advisory - MustLive has discovered a vulnerability in Android, which can be exploited by malicious people to conduct spoofing attacks.
9f5ebed4a21407733324342aa69e54c3632ebae0d43bf4a1200a062e07fc22b2Secunia Security Advisory - Two vulnerabilities have been reported in cApexWEB, which can be exploited by malicious people to conduct SQL injection attacks.
00ea78aeaa5454257f302418a42b455f38c25511417848d7e1e092798aea77b7Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to gain escalated privileges.
9b8166808c22162036618de8808ece544c2774872189246d46e6a80da9b38bf9Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Rational Rhapsody, which can be exploited by malicious people to compromise a user's system.
896533ff6f22bfac84355a38087c350a7a4e991d1ad5e8951dd4a138d9ef1f84Secunia Security Advisory - A vulnerability has been reported in IBM DB2 and IBM DB2 Connect, which can be exploited by malicious, local users to gain escalated privileges.
fdc3e931c8a06884e63283cfa0a7548e713f2d10c38e14243adf5f71941d198fSecunia Security Advisory - A vulnerability has been discovered in Public Knowledge Project Open Journal Systems and Open Conference Systems, which can be exploited by malicious people to conduct cross-site request forgery attacks.
ecfe1cf82a2d8092decef4bd7da9d7895960d89e85f0f2252af1c49fc353f846Secunia Security Advisory - Multiple vulnerabilities have been reported in BB FlashBack SDK, which can be exploited by malicious people to compromise a user's system.
a8970ac1ba41cdb7d29f4062abf18bb71929b92f51df8751a9dc6222d27221faThis Metasploit module exploits an arbitrary command execution vulnerability in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php.
2a414aa71e3429752f31a3f9f0ad17a08f3c3d290b612cfb08bbb15b1b14dea3This Metasploit module abuses a command execution vulnerability within the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists within the 'mappy' search command which allows to run python code. To exploit this vulnerability a valid Splunk user with the admin role is required. Unfortunately, Splunk uses a default credential of 'admin:changeme' for admin access, which is used to leverage our attack. The Splunk Web interface runs as SYSTEM on Windows and as root on Linux by default.
4cec15e9c8252677e5cd1bb453f1bd43e0c2eb409d8162a5ce458bb290116509Tiki Wiki CMS Groupware versions 8.2 and below suffer from a remote PHP code injection vulnerability in snarf_ajax.php.
b7307f459df54b9ed0978af284f064b18dafbeb2458c69e4c3625d1e42e39172
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed