This Metasploit module abuses the SAP NetWeaver SXPG_CALL_SYSTEM function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.
385abecf04336905ed6d882a6fbc2253This Metasploit module abuses the SAP NetWeaver SXPG_COMMAND_EXECUTE function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.
9ec84a8165c029d32c22410e603c66e1Securimage suffers from a cross site scripting issue in 'example_form.php' that uses the 'REQUEST_URI' variable. The vulnerability is present because there isn't any filtering to the mentioned variable in the affected script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
ce6e09b1d51cc0771ca4def264336898A buffer overflow vulnerability exists in EMC AlphaStor that could potentially be exploited by a malicious user to create a denial of service condition or execute arbitrary code.
47140874602659a290764b11cfb85c64Actuate 10 Service Pack 1 Fix 4 suffers from remote file disclosure and directory browsing vulnerabilities.
f84327d7c873dbd27026c81fe62c1355Red Hat Security Advisory 2013-0806-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. These updated packages have been upgraded to upstream version 2012.2.4, which provides a number of bug fixes over the previous version. This update also fixes the following security issue: In environments using LDAP, if debug-level logging was enabled, the LDAP server password was logged in plain text to a world-readable log file. Debug-level logging is not enabled by default.
d139b24bcc6707d5a839583b7add1087Red Hat Security Advisory 2013-0807-01 - The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V Key-Value Pair daemon. The daemon passes basic information to the host through VMBus, such as the guest IP address, fully qualified domain name, operating system name, and operating system release number. A denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest could send a Netlink message that, when processed, would cause the guest's hypervkvpd daemon to exit. The CVE-2012-5532 issue was discovered by Florian Weimer of the Red Hat Product Security Team.
c0af71805d79aea6b006adbcebee35d4Vulnerabilities exist in several EMC Documentum products that could potentially be exploited by a malicious user. Session fixation vulnerability could be potentially exploited by an unauthorized user to gain privileges to perform actions as a valid user by utilizing techniques to steal or gain access to an authenticated session. Cross-site scripting vulnerability could be potentially exploited for conducting malicious scripting by getting an authenticated user to click on specially-crafted links maliciously embedded within an email, web page or other source. This may lead to execution of malicious html requests or scripts in the context of the authenticated user. Cross Frame Scripting vulnerability could potentially be exploited by an attacker to steal sensitive information by inducing the authenticated user to navigate to a web page the attacker controls.
32902505895d631833d5dda358021397Ubuntu Security Notice 1821-1 - It was discovered that telepathy-idle did not perform any server certificate validation when using SSL connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.
811b7d399ac9d328edf4e40c1c13755bHP Security Bulletin HPSBMU02786 SSRT100877 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux, Windows, and VMware ESX. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 2 of this advisory.
80f8158182e481b6569a26d38a63761bCisco Security Advisory - Cisco Prime Data Center Network Manager (DCNM) contains a remote command execution vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application. Cisco has released free software updates that address this vulnerability.
71ec94e26e9566eac969dc44aac92e99Cisco Security Advisory - Cisco Unified Customer Voice Portal Software (Unified CVP) contains multiple vulnerabilities. Various components of Cisco Unified CVP are affected; see the "Details" section for more information on the vulnerabilities. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available.
a0fab93e79040f75c5c996ba8822ba26
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed