what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2013-05-09

SAP SOAP RFC SXPG_CALL_SYSTEM Remote Command Execution
Posted May 9, 2013
Authored by nmonkee | Site metasploit.com

This Metasploit module abuses the SAP NetWeaver SXPG_CALL_SYSTEM function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.

tags | exploit, remote
systems | linux, windows
SHA-256 | 07e4fa901be9cc50c8930727a69a8c8e30098c5150d37c5a93fa5928c0123236
SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution
Posted May 9, 2013
Authored by nmonkee | Site metasploit.com

This Metasploit module abuses the SAP NetWeaver SXPG_COMMAND_EXECUTE function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.

tags | exploit, remote
systems | linux, windows
SHA-256 | 9c4b5e90a96b549626431074b175b223177580d1d90db57236152e6e60113583
Securimage 3.5 Cross Site Scripting
Posted May 9, 2013
Authored by LiquidWorm | Site zeroscience.mk

Securimage suffers from a cross site scripting issue in 'example_form.php' that uses the 'REQUEST_URI' variable. The vulnerability is present because there isn't any filtering to the mentioned variable in the affected script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

tags | exploit, arbitrary, php, xss
SHA-256 | 743f9fc637708cf172570cb700ddffe5481bfb59d99d052f41f7beceae996239
EMC AlphaStor 4.0 Build 116 Buffer Overflow
Posted May 9, 2013
Site emc.com

A buffer overflow vulnerability exists in EMC AlphaStor that could potentially be exploited by a malicious user to create a denial of service condition or execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
advisories | CVE-2013-0946
SHA-256 | 404c2ed57cf66622d085924cf32617827a359da5b06dc524e83d1ec35939780f
Actuate 10 Service Pack 1 Fix 4 File Retrieval / Directory Browsing
Posted May 9, 2013
Authored by Digital Defense, r@b13$, Dennis Lavrinenko, Bobby Lockett | Site digitaldefense.net

Actuate 10 Service Pack 1 Fix 4 suffers from remote file disclosure and directory browsing vulnerabilities.

tags | advisory, remote, vulnerability
SHA-256 | 20f5382aefd34220826737b2d0e7ea3fb4a7ec3a49b5fdab183fc24092a462cc
Red Hat Security Advisory 2013-0806-01
Posted May 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0806-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. These updated packages have been upgraded to upstream version 2012.2.4, which provides a number of bug fixes over the previous version. This update also fixes the following security issue: In environments using LDAP, if debug-level logging was enabled, the LDAP server password was logged in plain text to a world-readable log file. Debug-level logging is not enabled by default.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2013-2006
SHA-256 | eb6bb4885f9f77b8e7e439af3e90342546a460cc24307e697f971cd1742061f2
Red Hat Security Advisory 2013-0807-01
Posted May 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0807-01 - The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V Key-Value Pair daemon. The daemon passes basic information to the host through VMBus, such as the guest IP address, fully qualified domain name, operating system name, and operating system release number. A denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest could send a Netlink message that, when processed, would cause the guest's hypervkvpd daemon to exit. The CVE-2012-5532 issue was discovered by Florian Weimer of the Red Hat Product Security Team.

tags | advisory, denial of service, local
systems | linux, redhat
advisories | CVE-2012-5532
SHA-256 | 48444d8e9b2d2d4946cba8d7dcfbf3961ed54d4d33d2f2fbb222fba97c6e7fbd
EMC Documentum XSS / Session Fixation
Posted May 9, 2013
Site emc.com

Vulnerabilities exist in several EMC Documentum products that could potentially be exploited by a malicious user. Session fixation vulnerability could be potentially exploited by an unauthorized user to gain privileges to perform actions as a valid user by utilizing techniques to steal or gain access to an authenticated session. Cross-site scripting vulnerability could be potentially exploited for conducting malicious scripting by getting an authenticated user to click on specially-crafted links maliciously embedded within an email, web page or other source. This may lead to execution of malicious html requests or scripts in the context of the authenticated user. Cross Frame Scripting vulnerability could potentially be exploited by an attacker to steal sensitive information by inducing the authenticated user to navigate to a web page the attacker controls.

tags | advisory, web, vulnerability, xss
advisories | CVE-2013-0938, CVE-2013-0939, CVE-2013-0937
SHA-256 | 2e4b137f4062d82c49c23eb897561e7f7972d3850a1d59e1a82bc1f0f78a1318
Ubuntu Security Notice USN-1821-1
Posted May 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1821-1 - It was discovered that telepathy-idle did not perform any server certificate validation when using SSL connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2007-6746
SHA-256 | 8d0275c4a079fe02c4c7561d0682e8350f2fa40ffcef00bc1cf6a6ead978a90a
HP Security Bulletin HPSBMU02786 SSRT100877 2
Posted May 9, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02786 SSRT100877 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux, Windows, and VMware ESX. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows
advisories | CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012, CVE-2012-2013, CVE-2012-2014, CVE-2012-2015, CVE-2012-2016
SHA-256 | 5dbefc2f5ce267adce1e15986e02edbb8a3cd8b62ebf6a7c096957f60f594794
Cisco Security Advisory 20121031-dcnm-2
Posted May 9, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Prime Data Center Network Manager (DCNM) contains a remote command execution vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, arbitrary
systems | cisco
SHA-256 | 3dddd65645613c0d5b432c41aa70e09b4e2440e3924be87b2ee001afe8df34ff
Cisco Security Advisory 20130508-cvp
Posted May 9, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified Customer Voice Portal Software (Unified CVP) contains multiple vulnerabilities. Various components of Cisco Unified CVP are affected; see the "Details" section for more information on the vulnerabilities. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available.

tags | advisory, vulnerability
systems | cisco
SHA-256 | 69354bc185ad093d8819792fcf544a6afa3ec033c6161084fa8eba37261c15af
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close