This Metasploit module abuses the SAP NetWeaver SXPG_CALL_SYSTEM function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.
07e4fa901be9cc50c8930727a69a8c8e30098c5150d37c5a93fa5928c0123236
This Metasploit module abuses the SAP NetWeaver SXPG_COMMAND_EXECUTE function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.
9c4b5e90a96b549626431074b175b223177580d1d90db57236152e6e60113583
Securimage suffers from a cross site scripting issue in 'example_form.php' that uses the 'REQUEST_URI' variable. The vulnerability is present because there isn't any filtering to the mentioned variable in the affected script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
743f9fc637708cf172570cb700ddffe5481bfb59d99d052f41f7beceae996239
A buffer overflow vulnerability exists in EMC AlphaStor that could potentially be exploited by a malicious user to create a denial of service condition or execute arbitrary code.
404c2ed57cf66622d085924cf32617827a359da5b06dc524e83d1ec35939780f
Actuate 10 Service Pack 1 Fix 4 suffers from remote file disclosure and directory browsing vulnerabilities.
20f5382aefd34220826737b2d0e7ea3fb4a7ec3a49b5fdab183fc24092a462cc
Red Hat Security Advisory 2013-0806-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. These updated packages have been upgraded to upstream version 2012.2.4, which provides a number of bug fixes over the previous version. This update also fixes the following security issue: In environments using LDAP, if debug-level logging was enabled, the LDAP server password was logged in plain text to a world-readable log file. Debug-level logging is not enabled by default.
eb6bb4885f9f77b8e7e439af3e90342546a460cc24307e697f971cd1742061f2
Red Hat Security Advisory 2013-0807-01 - The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V Key-Value Pair daemon. The daemon passes basic information to the host through VMBus, such as the guest IP address, fully qualified domain name, operating system name, and operating system release number. A denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest could send a Netlink message that, when processed, would cause the guest's hypervkvpd daemon to exit. The CVE-2012-5532 issue was discovered by Florian Weimer of the Red Hat Product Security Team.
48444d8e9b2d2d4946cba8d7dcfbf3961ed54d4d33d2f2fbb222fba97c6e7fbd
Vulnerabilities exist in several EMC Documentum products that could potentially be exploited by a malicious user. Session fixation vulnerability could be potentially exploited by an unauthorized user to gain privileges to perform actions as a valid user by utilizing techniques to steal or gain access to an authenticated session. Cross-site scripting vulnerability could be potentially exploited for conducting malicious scripting by getting an authenticated user to click on specially-crafted links maliciously embedded within an email, web page or other source. This may lead to execution of malicious html requests or scripts in the context of the authenticated user. Cross Frame Scripting vulnerability could potentially be exploited by an attacker to steal sensitive information by inducing the authenticated user to navigate to a web page the attacker controls.
2e4b137f4062d82c49c23eb897561e7f7972d3850a1d59e1a82bc1f0f78a1318
Ubuntu Security Notice 1821-1 - It was discovered that telepathy-idle did not perform any server certificate validation when using SSL connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.
8d0275c4a079fe02c4c7561d0682e8350f2fa40ffcef00bc1cf6a6ead978a90a
HP Security Bulletin HPSBMU02786 SSRT100877 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux, Windows, and VMware ESX. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 2 of this advisory.
5dbefc2f5ce267adce1e15986e02edbb8a3cd8b62ebf6a7c096957f60f594794
Cisco Security Advisory - Cisco Prime Data Center Network Manager (DCNM) contains a remote command execution vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application. Cisco has released free software updates that address this vulnerability.
3dddd65645613c0d5b432c41aa70e09b4e2440e3924be87b2ee001afe8df34ff
Cisco Security Advisory - Cisco Unified Customer Voice Portal Software (Unified CVP) contains multiple vulnerabilities. Various components of Cisco Unified CVP are affected; see the "Details" section for more information on the vulnerabilities. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available.
69354bc185ad093d8819792fcf544a6afa3ec033c6161084fa8eba37261c15af