This Metasploit module abuses the SAP NetWeaver SXPG_CALL_SYSTEM function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.
07e4fa901be9cc50c8930727a69a8c8e30098c5150d37c5a93fa5928c0123236This Metasploit module abuses the SAP NetWeaver SXPG_COMMAND_EXECUTE function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.
9c4b5e90a96b549626431074b175b223177580d1d90db57236152e6e60113583Securimage suffers from a cross site scripting issue in 'example_form.php' that uses the 'REQUEST_URI' variable. The vulnerability is present because there isn't any filtering to the mentioned variable in the affected script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
743f9fc637708cf172570cb700ddffe5481bfb59d99d052f41f7beceae996239A buffer overflow vulnerability exists in EMC AlphaStor that could potentially be exploited by a malicious user to create a denial of service condition or execute arbitrary code.
404c2ed57cf66622d085924cf32617827a359da5b06dc524e83d1ec35939780fActuate 10 Service Pack 1 Fix 4 suffers from remote file disclosure and directory browsing vulnerabilities.
20f5382aefd34220826737b2d0e7ea3fb4a7ec3a49b5fdab183fc24092a462ccRed Hat Security Advisory 2013-0806-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. These updated packages have been upgraded to upstream version 2012.2.4, which provides a number of bug fixes over the previous version. This update also fixes the following security issue: In environments using LDAP, if debug-level logging was enabled, the LDAP server password was logged in plain text to a world-readable log file. Debug-level logging is not enabled by default.
eb6bb4885f9f77b8e7e439af3e90342546a460cc24307e697f971cd1742061f2Red Hat Security Advisory 2013-0807-01 - The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V Key-Value Pair daemon. The daemon passes basic information to the host through VMBus, such as the guest IP address, fully qualified domain name, operating system name, and operating system release number. A denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest could send a Netlink message that, when processed, would cause the guest's hypervkvpd daemon to exit. The CVE-2012-5532 issue was discovered by Florian Weimer of the Red Hat Product Security Team.
48444d8e9b2d2d4946cba8d7dcfbf3961ed54d4d33d2f2fbb222fba97c6e7fbdVulnerabilities exist in several EMC Documentum products that could potentially be exploited by a malicious user. Session fixation vulnerability could be potentially exploited by an unauthorized user to gain privileges to perform actions as a valid user by utilizing techniques to steal or gain access to an authenticated session. Cross-site scripting vulnerability could be potentially exploited for conducting malicious scripting by getting an authenticated user to click on specially-crafted links maliciously embedded within an email, web page or other source. This may lead to execution of malicious html requests or scripts in the context of the authenticated user. Cross Frame Scripting vulnerability could potentially be exploited by an attacker to steal sensitive information by inducing the authenticated user to navigate to a web page the attacker controls.
2e4b137f4062d82c49c23eb897561e7f7972d3850a1d59e1a82bc1f0f78a1318Ubuntu Security Notice 1821-1 - It was discovered that telepathy-idle did not perform any server certificate validation when using SSL connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.
8d0275c4a079fe02c4c7561d0682e8350f2fa40ffcef00bc1cf6a6ead978a90aHP Security Bulletin HPSBMU02786 SSRT100877 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux, Windows, and VMware ESX. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 2 of this advisory.
5dbefc2f5ce267adce1e15986e02edbb8a3cd8b62ebf6a7c096957f60f594794Cisco Security Advisory - Cisco Prime Data Center Network Manager (DCNM) contains a remote command execution vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application. Cisco has released free software updates that address this vulnerability.
3dddd65645613c0d5b432c41aa70e09b4e2440e3924be87b2ee001afe8df34ffCisco Security Advisory - Cisco Unified Customer Voice Portal Software (Unified CVP) contains multiple vulnerabilities. Various components of Cisco Unified CVP are affected; see the "Details" section for more information on the vulnerabilities. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available.
69354bc185ad093d8819792fcf544a6afa3ec033c6161084fa8eba37261c15af
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed