This Metasploit modules exploits a vulnerability found in the Honeywell HSC Remote Deployer ActiveX. This control can be abused by using the LaunchInstaller() function to execute an arbitrary HTA from a remote location. This Metasploit module has been tested successfully with the HSC Remote Deployer ActiveX installed with HoneyWell EBI R410.1.
b1fd8d046d8eca6aa668e9a64beffa6c
Local root exploit for Ubuntu 12.10 64bit that leverages the sock_diag_handlers[] vulnerability in Linux kernels before 3.7.10.
5f673f27f9b0738cf2ccc7e04fdf9ac2
A module "pm" provided in the standard installation of jforum includes the action "sendSave", which suffers from a persistent cross site scripting vulnerability due to insufficient validation of user supplied data. Version 2.1.9 is affected.
6c251f44324c81032210a3676e841179
Privoxy version 3.0.20-1 suffers from an authentication credential exposure vulnerability.
12dbda38e1b50f339f1398705cc49d3c
TinyMCE version 3.5.8 suffers from a cross site scripting vulnerability.
c4415aebe3b26671b5804c094eba8298
Asteriskguru Queue Statistics suffers from a cross site scripting vulnerability.
b97c5ff41de908375bc174e0a5c1e2c9
Red Hat Security Advisory 2013-0631-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation.
d1d64ea1721d275a197b2194dc37785f
Red Hat Security Advisory 2013-0629-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation.
ab18a07f835e5c7dc7178986ad58a8c3
Red Hat Security Advisory 2013-0628-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way LDAPv3 control data was handled by 389 Directory Server. If a malicious user were able to bind to the directory and send an LDAP request containing crafted LDAPv3 control data, they could cause the server to crash, denying service to the directory. The CVE-2013-0312 issue was discovered by Thierry Bordaz of Red Hat.
87cf9754a3a1b5a1ef9b543cf10a4630
Red Hat Security Advisory 2013-0627-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird.
1f45a852c9ff239e7b1b296dd3aa934a
Red Hat Security Advisory 2013-0625-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
4a6204362602b5e0a5bb6374f8ea3c62
Red Hat Security Advisory 2013-0623-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.
31025b6441baef70030da292ece0ed84
Red Hat Security Advisory 2013-0632-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation .
792035170138434b6014f728112503bb
Red Hat Security Advisory 2013-0633-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation .
46540d5f95513b3831dbf9ff6271dce9
Red Hat Security Advisory 2013-0626-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
0f590ef93e5b1fe8930581f4a9520167
Red Hat Security Advisory 2013-0624-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
bb5bbbd5af6224724a0f59929af0e47e
Red Hat Security Advisory 2013-0621-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments. A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register.
045b34d2120785c77b90c802233ee097
Red Hat Security Advisory 2013-0622-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments. A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register.
a1843242502a05a5aeacfc1142749011
KindEditor version 4.1.5 suffers from a remote shell upload vulnerability.
186795a4f7c86dbf4674631f448b3511
PHPBoost version 4.0 suffers from shell upload and information disclosure vulnerabilities.
a2c943967ceeb167e099b3d244b48433
This toolkit houses various IPv6 tools that have been tested to compile and run on Debian GNU/Linux 6.0, FreeBSD 9.0, NetBSD 5.1, OpenBSD 5.0, Mac OS 10.8.0, and Ubuntu 11.10.
2c7f9cfc0a8845694439a2bbdb6b9446