The tunnel-server component of the VMware View Connection Server fails to ensure that each requested URL refers to a file that is both located within the web root of the server and is of a type that is allowed to be served. A remote unauthenticated attacker can use this weakness to retrieve arbitrary files from the affected server's underlying root file system. This can be accomplished by submitting URL encoded HTTP GET requests that traverse out of the affected subdirectory. Vulnerable versions are VMware View 5.x prior to version 5.1.2 and VMware View 4.x prior to version 4.6.2.
14e01b0fa8f4481ea0b38ddb0478d93a93097b2da5dc0b8af3f6b84b2bbe854aLast Door is a utility written to wipe specific entries in arbitrary log files and if setuid, will also execute arbitrary commands without logging any history.
c77d9cd0a6f0cecd8e0186eae6512b85a7e83701893271954a6e51376756c1d1TWiki versions 4.x and 5.1.0 through 5.1.2 suffers from a remote command execution vulnerability due to an underlying security issue in the Locale::Maketext CPAN module.
cb72251d574c616e51ff36e8cd83c9ea7e2a8b758b68d28544a8988cc1c489f9On some default Linux installations of PostgreSQL, the postgres service account may write to the /tmp directory, and may source UDF Shared Libraries from there as well, allowing execution of arbitrary code. This Metasploit module compiles a Linux shared object file, uploads it to the target host via the UPDATE pg_largeobject method of binary injection, and creates a UDF (user defined function) from that shared object. Because the payload is run as the shared object's constructor, it does not need to conform to specific Postgres API versions.
c51dddadd2b2d88c86fc65284de0c6ecc7a31786c8b947b7ba7c753e87036e3f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed