This whitepaper discusses the insecurity of poorly designed remote file inclusion payloads. This is part one.
0ad627634c11abc77c0211c9fe0d4a8c8b65595f116f610eceb4b969e304e19dMicrosoft IIS versions 6.0 and 7.5 suffer from various authentication bypass vulnerabilities. 7.5 also suffers from a source code disclosure flaw.
31f691d3442ef019996f5131a36d46a349b82fb445d8c3c399201566683d7edbMandriva Linux Security Advisory 2012-088 - Security issues were identified and fixed in mozilla firefox and thunderbird. Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns. Various other issues were also addressed.
e45d0a9ecaaa6aa2057a7a0d53316462d0da0cafa4345f6f72cf7e998d9be6ecThe Joomla Joomsport component suffers from remote shell upload and remote SQL injection vulnerabilities.
e9a76ab29955a0166d426cadbc1fb84359eeca77c4401ff86095bc6d467591eeThis Metasploit module exploits a file upload vulnerability found in Symantec Web Gateway's HTTP service. Due to the incorrect use of file extensions in the upload_file() function, this allows us to abuse the spywall/blocked_file.php file in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution.
cf93b4b95c23f5407ba012edff8b93021d9cf2a529de505d5f968bbc6cf64f26This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service due to the insecure usage of the exec() function. This Metasploit module abuses the spywall/ipchange.php file to execute arbitrary OS commands without authentication.
b0b67649c40ca029b22826b4a8885851ba50ca7ed212e036f2e5e4e0db93816fThis Metasploit module exploits a remote code execution vulnerability in the tsgetx71ex553.dll ActiveX control installed with Tom Sawyer GET Extension Factory due to an incorrect initialization under Internet Explorer. While the Tom Sawyer GET Extension Factory is installed with some versions of VMware Infrastructure Client, this module has been tested only with the versions installed with Embarcadero Technologies ER/Studio XE2 / Embarcadero Studio Portal 1.6. The ActiveX control tested is tsgetx71ex553.dll, version 5.5.3.238. This Metasploit module achieves DEP and ASLR bypass using the well known msvcr71.dll rop chain. The dll is installed by default with the Embarcadero software, and loaded by the targeted ActiveX.
9ea26d2b6cb47fda41b9580e28eab68d2c736833da3e4ee9317fb28219b79c3fThis Metasploit module exploits a vulnerability found in Microsoft Office's ClickOnce feature. When handling a Macro document, the application fails to recognize certain file extensions as dangerous executables, which can be used to bypass the warning message. This allows you to trick your victim into opening the malicious document, which will load up either a python or ruby payload based on your choosing, and then finally download and execute our executable.
0a79ccc75253fc54a4cbf99a7599c06f3f75c9e59c1385bd9c4f718868f83665Debian Linux Security Advisory 2492-1 - The Phar extension for PHP does not properly handle crafted tar files, leading to a heap-based buffer overflow. PHP applications processing tar files could crash or, potentially, execute arbitrary code.
deb55cad739d879e271b8fcdefd66474772fb3e4d74c4b94ab20d59dfc18e50cDebian Linux Security Advisory 2491-1 - Two vulnerabilities were discovered in PostgreSQL, an SQL database server.
08cee1118490a95890ce39cec136e45a1e76b0f30a416aecbf838f863b61cc51AdSpy Pro version 2.0 suffers from a cross site request forgery vulnerability.
42c3a8510f506adcfcb0f5c40b7d7f4704875302576570762e81040e45d11f7eSecunia Security Advisory - Multiple vulnerabilities have been reported in HP Onboard Administrator, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
8d1911634e157101a1ad0325ae2c325e52fea6bdd9480e4028992ef0bc5c0a91Secunia Security Advisory - A security issue has been reported in MariaDB, which can be exploited by malicious people to bypass certain security restrictions.
92bb4c20061a285a50c1cd2e48c8b27c121123f3fa4f617c423fd5ab491e1b0dSecunia Security Advisory - Debian has issued an update for postgresql-8.4. This fixes a weakness, which can be exploited by malicious people to conduct brute force attacks.
2795521e0707f6203c022f38bda6a80e5396b0ea2a2fb0739963cb442e4979cdSecunia Security Advisory - SUSE has issued an update for pidgin-otr. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
483458260d2a434fbc2d69dc043124295476988c8697f5b0d5f95c0711f1d3d1Secunia Security Advisory - A vulnerability has been discovered in the Mac Photo Gallery plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
31f29d19ac9fcd79d9783495351c114c2d363601d1710085881e262c5c184780Secunia Security Advisory - A vulnerability has been discovered in the Front File Manager plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
954e8ca279ea258a073c36d368592a4a4a45bf4147977cc1fd4deeed4342d44eSecunia Security Advisory - A vulnerability has been discovered in Agora Project, which can be exploited by malicious users to compromise a vulnerable system.
ed41b10fb1a228659004218efe2b0f9cab0ea212ed8644611aadb45c4d7dbf78Secunia Security Advisory - A vulnerability has been discovered in the Top Quark Architecture plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
3c9b10deaf9f535372190db3f221805a61f5dfcdbe3a5cbb796a521609c84973Secunia Security Advisory - Two vulnerabilities have been reported in ForeScout CounterACT, which can be exploited by malicious people to conduct cross-site scripting attacks.
e5a1d43aca1f8189077c1b2b697b652a25ad91636032344ff590cd1ccad9b5dcSecunia Security Advisory - Two vulnerabilities have been discovered in the PICA Photo Gallery plugin for WordPress, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system.
6b28cb27d1e16b73332bd370c3ea62a988ebea91db3decc5d5ade6a5af1d1a10Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the RBX Gallery plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
5ec5460f29199322a43d91b013e30a15c5a330a7cb79af18c277efa197063336Secunia Security Advisory - Sammy Forgit has reported a vulnerability in the Tinymce Thumbnail Gallery plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
c9146dd2d8cd774a3bf7118fc191ec807c46052c46db14e2c55ae98168ba4febSecunia Security Advisory - Sammy Forgit has discovered a vulnerability in the PDW File Browser plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
3b51062446dadf082e2632f62025ff2b6843929a178904c48ce576be4d0a0f08Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Simple Download Button Shortcode plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
e1a460c937f6f04c09d9dd0c5160dec2552f2c01757a653a5eb1f1b32c732f5f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed