This Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the test_li_connection.php component, due to the insecure usage of the system() php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70.
f986755f0d0b80f4f24f3b0cebb979f77db7ba99a7a250f60cf38a00b1bfde1cThis Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the ldapsyncnow.php component, due to the insecure usage of the shell_exec() php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70.
6d5046291504d28d39d79d096fba6a69e382c338c97f38b517a66277e740b9ddThis Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the livelog.html component, due to the insecure usage of the shell_exec() php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70.
51fca1c0fcae3623e2c9c69f04d8e43a10745b7c2cfa4634796a3d1d61a9cf15The Windows kernel does not properly isolate broadcast messages from low integrity applications from medium or high integrity applications. This allows commands to be broadcasted to an open medium or high integrity command prompts allowing escalation of privileges. We can spawn a medium integrity command prompt, after spawning a low integrity command prompt, by using the Win+Shift+# combination to specify the position of the command prompt on the taskbar. We can then broadcast our command and hope that the user is away and doesn't corrupt it by interacting with the UI. Broadcast issue affects versions Windows Vista, 7, 8, Server 2008, Server 2008 R2, Server 2012, RT. But Spawning a command prompt with the shortcut key does not work in Vista so you will have to check if the user is already running a command prompt and set SPAWN_PROMPT false. The WEB technique will execute a powershell encoded payload from a Web location. The FILE technique will drop an executable to the file system, set it to medium integrity and execute it. The TYPE technique will attempt to execute a powershell encoded payload directly from the command line but it may take some time to complete.
ec4132f8b9ac70f158c3461e225396c2635aeb7d0ad1f9877329265b9fd215b8FluxBB version 1.5.3 suffers from cross site scripting, cross site request forgery, and URL redirection vulnerabilities.
3d2a429f0d7f7702aac350cfb0a31594ad3302501c55568dfa29c8812f3a4a6eDebian Linux Security Advisory 2731-1 - Yarom and Falkner discovered that RSA secret keys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system.
f0a1666c4812d4dc7cb9b02be9a71e7f903c37c2ee68d1a36864059533ee2595Ubuntu Security Notice 1911-1 - It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could cause Little CMS to crash.
c54d93e57fe6f1c6159d8072be1042ae818e7c132c0787c9995ef18ce37ff500A vulnerability exists in EMC NetWorker that could allow exposure of certain sensitive configuration information under specific circumstances. Versions affected include EMC NetWorker 8.0.0.x, 8.0.1.x, and 7.6.x.x.
9dec0bf3a8508498074bb32c9d7dcad0227b5a46110ee20ca656d7dbb5260323FreeBSD Security Advisory - The kernel incorrectly uses client supplied credentials instead of the one configured in exports(5) when filling out the anonymous credential for a NFS export, when -network or -host restrictions are used at the same time. The remote client may supply privileged credentials (e.g. the root user) when accessing a file under the NFS share, which will bypass the normal access checks.
d672bbe3c1c06396c194b1f5062f4d67d79b24f02a60b7a89344ec0f57fe8219FreeBSD Security Advisory - Due to a software defect a specially crafted query which includes malformed rdata, could cause named(8) to crash with an assertion failure and rejecting the malformed query. This issue affects both recursive and authoritative-only nameservers.
f1c6bd390fafc6b86654d596d7ddcfa62102f4a0aa7b681a7a87ed56ead922b7Debian Linux Security Advisory 2730-1 - Yarom and Falkner discovered that RSA secret keys could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system.
a9eb5a7847a3399ecba5950187fddf262cc33613e718ae36cd8548159d9c4643Ubuntu Security Notice 1910-1 - Maxim Shudrak discovered that Bind incorrectly handled certain malformed rdata. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service.
0897033390d296a9ef63ec8183d77ea83c2dfac3bcece6cc232c0f4c8928b234Mandriva Linux Security Advisory 2013-202 - The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. The updated packages for Enterprise Server 5 have been patched to correct this issue. The updated packages for Business Server 1 have been upgraded to the 9.9.3-P2 version which is not vulnerable to this issue.
81f641183de26262e71f4b53dd49a153a27531ad1f983c82c624502231052b82Debian Linux Security Advisory 2729-1 - OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect.
404afb222135a19aaf78a3b157d3a4a64ca33cccc96fb95da671c31764342699WebDisk version 3.0.2 PhotoViewer for iOS suffers from a remote command execution vulnerability.
a74a5bd33336150b25147766ce88ce05cc03a56a2927ac49301a7b6d2986f69bPrivate Photos version 1.0 for iOS suffers from a persistent script insertion vulnerability.
675393a5ef46624db7acc97471d1f5ccdb744cecce7d6c64116194fd6fc7a6b1Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
ceb8bfd138006719443689787d71b3323b126491f6abda1d0a0d7f3d4f037b4bOpenEMM-2013 version 8.10.380.hf13.0.066 suffers from cross site scripting and remote SQL injection vulnerabilities.
14456af2c9a5b9e11fb7313fb343d5a731c447e6b28ffc4391db130a2ff55411Aux Browser is a small tool for securely browsing the web. It uses a kernel level sandbox. This is the source code release.
4e7ae933ed5c7c662f38541d51e9a11b35a3bbb01cccb2ecdcd074b345b8d0baNovell Client 2 SP3 suffers from a privilege escalation vulnerability.
90372d883442b6991b9af375b8d05bbaa5c31c066b8a21018779b94badc3881dOllyDbg / Immunity debugger crash proof of concept denial of service exploit.
675d2824b19af798e908b299af4c63101ca4f8e7734c1c02006fdc9bf019156e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed