This Metasploit module exploits a vulnerability in AdminStudio LaunchHelp.dll ActiveX control. The LaunchProcess function found in LaunchHelp.HelpLauncher.1 allows remote attackers to run arbitrary commands on the victim machine. This Metasploit module has been successfully tested with the ActiveX installed with AdminStudio 9.5, which also comes with Novell ZENworks Configuration Management 10 SP2, on IE 6 and IE 8 over Windows XP SP 3.
66c6a3ef11bb525cd8be0342facce81fRed Hat Security Advisory 2012-1060-01 - Cobbler is a network install server. Cobbler supports PXE, virtualized installs, and re-installing existing Linux machines. A command injection flaw was found in Cobbler's power management XML-RPC method. A remote, authenticated user who is permitted to perform Cobbler configuration changes via the Cobbler XML-RPC API, could use this flaw to execute arbitrary code with root privileges on the Red Hat Network Satellite server. Note: Red Hat Network Satellite uses a special user account to configure Cobbler. By default, only this account is permitted to perform Cobbler configuration changes, and the credentials for the account are only accessible to the Satellite host's administrator. As such, this issue only affected environments where the administrator allowed other users to make Cobbler configuration changes.
fe9045b8f0d6abd85965decfc6a0906cUbuntu Security Notice 1500-1 - Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. Thijs Alkemade discovered that Pidgin incorrectly handled malformed voice and video chat requests in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. Various other issues were also addressed.
422fcc2933191191cceade8eaab9a688Sites Powered By Digiport suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
956ea85835d65397c2473260f4d4b3bfphpList version 2.18.18 suffers from a cross site scripting vulnerability in the footer parameter.
3b0cfc2027e9abc5d1320e55d464ca8eFlogr version 1.7 suffers from a cross site scripting vulnerability.
a6274b021c9b4f6ff903b28a77d0124fDebian Linux Security Advisory 2509-1 - Ulf Harnhammar found a buffer overflow in Pidgin, a multi protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution.
115936ee5b8ee3811dfb2899a15d662bUbuntu Security Notice 1499-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).
e221c67fa698ace0843202d4112b9da9Python versions 2.7.2 and 3.2.1 suffer from an untrusted search path / code execution vulnerability.
9482d76012a47edaedc5e866c76a134cdigiGALLERY as distributed by Digiport suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
3ebce63313c6675208bc03182ec5fc42Secunia Security Advisory - Multiple vulnerabilities have been reported in Leaflet Maps Marker, which can be exploited by malicious users to conduct SQL injection and script insertion attacks and by malicious people to conduct cross-site scripting attacks.
1fc3bda665b566b45d0e7c01451ef3beSecunia Security Advisory - A vulnerability has been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
1b834020f6783d77dc9888c5330e94dcSecunia Security Advisory - Hitachi has acknowledged a vulnerability in Hitachi IT Operations Analyzer, which can be exploited by malicious people to cause a DoS (Denial of Service).
495566907b2b26c55a5af1251a0e5b87Secunia Security Advisory - Stefan Schurtz has discovered multiple vulnerabilities in MGB, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
d41d9fe27e242073d7a68286890e6660Secunia Security Advisory - A vulnerability has been reported in the Artiss Code Embed plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
7534d851e31a02ece13755a7276e3c88Secunia Security Advisory - Two vulnerabilities have been reported in Netsweeper, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.
38c95658e9f5d41daa680b5a5e6a2bc7Secunia Security Advisory - A vulnerability has been reported in Apache Sling, which can be exploited by malicious people to cause a DoS (Denial of Service).
ae5ce87b3dc6e9f926bc85cb83867bfaSecunia Security Advisory - A vulnerability has been reported in eZ Publish, which can be exploited by malicious people to conduct cross-site request forgery attacks.
df5c1f6455cc6a782e318d062ad26d90Secunia Security Advisory - Sammy Forgit has reported a vulnerability in the Flip Book plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
2166a38014e618dece4e47b9c0e9ec2fSecunia Security Advisory - A vulnerability has been reported in Mono, which can be exploited by malicious people to conduct cross-site scripting attacks.
60ff6834899a8ca36ee4fe632d443fbcSecunia Security Advisory - A vulnerability has been reported in IBM WebSphere Portal, which can be exploited by malicious people to disclose potentially sensitive information.
a1705ac1be185850ed0d3ff96dca427eSecunia Security Advisory - Avaya has acknowledged a weakness in Avaya Products, which can be exploited by malicious people to conduct brute force attacks.
ce423d222dfdd763d19588803e10ae36Secunia Security Advisory - A weakness has been reported in WebsitePanel, which can be exploited by malicious people to conduct spoofing attacks.
b74c54b27e49857a602cf55a8fdf54aaSecunia Security Advisory - A vulnerability has been reported in KingHistorian, which can be exploited by malicious people to compromise a vulnerable system.
b9a0675088d37afa7b92b0225690c398
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed