This Metasploit module exploits a stack buffer overflow in HP LoadRunner before 11.52. The vulnerability exists on the LoadRunner Agent Process magentproc.exe. By sending a specially crafted packet, an attacker may be able to execute arbitrary code.
10612d367689153f57bead46fbc7d9c3f559849d4f0dbdad9c6bf963f80e878dThis Metasploit module exploits a command injection flaw to create a shell script on the filesystem and execute it. If GestioIP is configured to use no authentication, no password is required to exploit the vulnerability. Otherwise, an authenticated user is required to exploit.
ff466c810472f8a9143ae99e56a4e7b6a912136e28c211e79853a3acf85c2641This Metasploit module exploits a vulnerability found in ClipBucket version 2.6 and lower. The script "/admin_area/charts/ofc-library/ofc_upload_image.php" can be used to upload arbitrary code without any authentication. This Metasploit module has been tested on version 2.6 on CentOS 5.9 32-bit.
81de352ecf23e3b327062e9f36fae90c61585126242110b19930863e60e3b355This Metasploit module exploits a file upload vulnerability found in FlashChat versions 6.0.2 and 6.0.4 to 6.0.8. Attackers can abuse the upload feature in order to upload malicious PHP files without authentication which results in arbitrary remote code execution as the web server user.
b230ba5108504e4b3b85c2257c49c24de506b5124902d8bf02423c42657b5bccVanilla Forums versions 2.0.18.5 and below suffer from a PHP object injection vulnerability in class.utilitycontroller.php that in turn allows for local file inclusion.
829bb0d9cc0b99656c9ede4877cba82c24d8fcd7cfe7d08bf5d263689320b351Gentoo Linux Security Advisory 201310-3 - Multiple vulnerabilities have been found in Poppler, some of which may allow execution of arbitrary code. Versions less than 0.22.2-r1 are affected.
16eefcedc1f920563836019127836503bea995cfd0361da741d9651c6c38a920Gentoo Linux Security Advisory 201310-2 - A vulnerability in isync could allow remote attackers to perform man-in-the-middle attacks. Versions less than 1.0.6 are affected.
8e33e50b6405effe0c44051a4a03921ca7cef243231fe9e702879cba5f544d38Mandriva Linux Security Advisory 2013-246 - The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
4c55eb37a5c44844f39ac7313f686937c8667264af98281b9744075ef79ef28cRed Hat Security Advisory 2013-1409-01 - The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user.
68e4349cfed4878328d640d99759481b78b8334bcff91a081146314aaee59df9Red Hat Security Advisory 2013-1410-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss A-MQ 6.0.0, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss Fuse/A-MQ 6.0.0 patch 4 is an update to Red Hat JBoss Fuse 6.0.0 and Red Hat JBoss A-MQ 6.0.0. This update addresses the following security issues: Restlet applications which use ObjectRepresentation to map HTTP request data directly to an object deserialize arbitrary user-provided XML using XMLDecoder. It was found that XMLDecoder deserialized an attacker-provided definition of a class and executed its methods. A remote attacker could use this flaw to perform arbitrary remote code execution in the context of the server running the Restlet application.
a24fddd4e2ba4576b30f95a9dbb4f56350f5ec1ec9fc44a697a1fa670279e6f0Gentoo Linux Security Advisory 201310-6 - A buffer overflow vulnerability in Aircrack-ng could result in execution of arbitrary code or Denial of Service. Versions less than 1.1-r2 are affected.
a2c8b5440abd7e9b421ab7e0789591408393129385c154405cb2806b7d132f29Gentoo Linux Security Advisory 201310-5 - A vulnerability in GEGL might allow a remote attacker to execute arbitrary code. Versions less than 0.2.0-r2 are affected.
549b2ac5e60132b35cc3491c45867ebb780bef628825ee306f76a35091ad58e0Gentoo Linux Security Advisory 201310-4 - Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code. Versions less than 1.4.1-r2 are affected.
d96dcaaddb6063a984eba219fdaa3a2560cef2dd98977d295609980830ed7f5dOpolis.eu suffers from cross site request forgery, cross site scripting, denial of service, and remote blind SQL injection vulnerabilities. The vendor has not responded to the researchers reports of these issues.
86e6756e6360245c7ec7594467c4b1d5869733852ffe83875227e09f6118918aApple Motion version 5.0.7 suffers from an integer overflow overflow vulnerability.
91c40a0f5210a72956be6cab5d6bbc2cbf117ff75e22221cb0d96af1905ecbb3Secure Mail at s-mail.com actually suffers from dozens of vulnerabilities due to using out of date PHP and Apache versions.
bcf4a8a35493dc589f526c3acdfdd2b8596c418c332e7d75666242af1c71a388WordPress Woopra plugin remote PHP arbitrary code execution exploit.
13097707eaa1cba018927d5aee73de7371e496620238497f38fad906da8209d2Sites using the Chiangraientersoft code base suffer from a html injection vulnerability that can allow for cross site scripting attacks. Note that this advisory has site-specific information.
d38dda3ba4898e2f3f8c1b2ef87a8eeca9e35edf1c91e895409139fe5385b109
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed