vTiger CRM allows an authenticated user to upload files to embed within documents. Due to insufficient privileges on the 'files' upload folder, an attacker can upload a PHP script and execute arbitrary PHP code remotely. This Metasploit module was tested against vTiger CRM v5.4.0 and v5.3.0.
bbcd3689cbd9914d5739cb0af4a9dcca7c841307f2ee05af37a9fcc839aed4a2NAS4Free allows an authenticated user to post PHP code to a special HTTP script and have the code executed remotely. This Metasploit module was successfully tested against NAS4Free version 9.1.0.1.804. Earlier builds are likely to be vulnerable as well.
fbb827ba13b127c83e13d52ae23cb93628f4e71810cd8f99c67c4c5a187bb5f0ZABBIX allows an administrator to create scripts that will be run on hosts. An authenticated attacker can create a script containing a payload, then a host with an IP of 127.0.0.1 and run the arbitrary script on the ZABBIX host. This Metasploit module was tested against Zabbix version 2.0.9.
337aba7aa6c0548a701c9d962e9e56e4ac6edce3bbb5c5f7b68fef1361fd8f09ISPConfig allows an authenticated administrator to export language settings into a PHP script which is intended to be reuploaded later to restore language settings. This feature can be abused to run arbitrary PHP code remotely on the ISPConfig server. This Metasploit module was tested against version 3.0.5.2.
500ad81c08959d6a17fb323607222ca4f12a1b9a2e830df3bd4af01d85b6423eOpenMediaVault allows an authenticated user to create cron jobs as arbitrary users on the system. An attacker can abuse this to run arbitrary commands as any user available on the system (including root).
94cc0202bafd6d8e09dab8de5983f2f26db28f5d5e4ab61e3830ec9bd40f3b41Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the context of the web application upon spellchecking requests. This Metasploit module also allows an attacker to leverage another privilege escalation vuln. Using the referenced XSS vuln, an unprivileged authenticated user can steal an admin sesskey and use this to escalate privileges to that of an admin, allowing the module to pop a shell as a previously unprivileged authenticated user. This Metasploit module was tested against Moodle version 2.5.2 and 2.2.3.
c4365fd3140a745d4484ea06c3aca345da8ba6b0e3a266802b6ce0150e84b884Drupal Monster Menus third party module version 7.x suffers from an access bypass vulnerability.
5f32cfab027ca0d07ba7fab6164b0dc9fd923321eb5c5953e98eda5d404733ccDrupal Feed Element Mapper third party module version 6.x suffers from a cross site scripting vulnerability.
01cf946f719793e7ae7380155b2b0b7156b6a797638bf67b2979cd46095751d9This write up goes into detail about how real world cross site request forgery attacks can be used to hijack DNS on TP-Link routers.
97ebb3cb84a6a9a66f84afff891ff378fa74b1e2ed747d6a5cd984a436456d72Cisco Security Advisory - Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains multiple denial of service vulnerabilities. Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the embedded services processors (ESP) card or the route processor (RP) card, causing an interruption of services. Repeated exploitation could result in a sustained DoS condition. Note: Cisco IOS Software and Cisco IOS-XR Software are not affected by these vulnerabilities.
361ac4c153e8e11f536ad24f61820d6d7753f7b1fcd84608dab5bf0e4c189047This is a simple PHP script that checks to see if your D-Link device is vulnerable to the User-Agent backdoor.
b0f9b07e55de0f72f7056f20fafc5118ca5dbd0af300d0146663b52ab3d742d7Drupal Quiz third party module version 6.x suffers from multiple access bypass vulnerabilities.
8b66e8062097fa6122f4a71d4ddb7e4911f0921fc0d6a5896c58cac8d8678c07EMC Unisphere for VMAX versions 1.0, 1.1, 1.5, and 1.6 suffer from an LDAP related information disclosure vulnerability.
284ce5088a33d17b96440bdf977da0257ddd9dcfb8aff5275fc57088bf34402bThis document contains the results of a second comparative penetration test conducted by a team of security specialists at Zero Science Lab against two cloud-based Web Application Firewall (WAF) solutions: Incapsula and Cloudflare. This test was designed to bypass security controls in place, in any possible way, circumventing whatever filters they have. Given the rise in application-level attacks, the goal of the test was to provide IT managers of online businesses with a comparison of these WAFs against real-world threats in simulated real-world conditions.
049e90fe97f45591ee478a6bbbd1000e75975f5dbc47b2e1e89cfc59d6426fdcDrupal FileField Sources third party module versions 6.x and 7.x suffer from an access bypass vulnerability.
c2a6873038096514898f156b6894638a36a0ea0f9ec50e33e715d4526442147eW2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers, cloud, mobile and their eco-system. The workshop will take place May 18th, 2014.
70acc7274bf12747f9c47988852750b4fc23e87d7650e7750274540b904b94e4Red Hat Security Advisory 2013-1482-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Lifecycle Support for Red Hat Enterprise Linux 3 will be retired as of January 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 3 ELS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after January 30, 2014. Note: This notification applies only to those customers subscribed to the Extended Lifecycle Support channel for Red Hat Enterprise Linux 3.
b5a45ef51060858c390feddca19477f6f58524646a058045ef2e601887f94069Red Hat Security Advisory 2013-1480-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that the Thunderbird JavaScript engine incorrectly allocated memory for certain functions. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Thunderbird.
40d9e3609e2ba6d5725de6c60f3b0d183f1965ed065fe0107fe94369a0aefb3fThis Metasploit module exploits a stack-based buffer overflow on Beetel Connection Manager. The vulnerability exists in the parsing of the UserName parameter in the NetConfig.ini file. The module has been tested successfully on PCW_BTLINDV1.0.0B04 over Windows XP SP3 and Windows 7 SP1.b.
5725c9ac2f84dcb5cc5ed565457c90d22f10b51d892638c34a3586733b434570This Metasploit module exploits a PHP code execution vulnerability in the 'neoclassic' skin for ProcessMaker Open Source which allows any authenticated user to execute PHP code. The vulnerable skin is installed by default in version 2.x and cannot be removed via the web interface.
eb45ad4835f0136226472801ecf8d83ecfdfe22caa02b7f28a680a48e9232df6Mandriva Linux Security Advisory 2013-263 - It was discovered that roundcube does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution. The updated packages have been patched to correct this issue.
8d50b6112b0546125f273c950799e408ec087e55a01ae26499b797a02f8ab996Apache and PHP remote command execution exploit that leverages php5-cgi.
9d57dc343cc59f716358c28109591d65f8d5b225d645fd188e0084e43bad3ad6Ubuntu Security Notice 2009-1 - Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. Jordi Chancel discovered that HTML select elements could display arbitrary content. An attacker could potentially exploit this to conduct URL spoofing or clickjacking attacks Various other issues were also addressed.
8e63ed5e393428544209ac043e79fe9e8a1b315c5dd1c5295543d51b893c2332Red Hat Security Advisory 2013-1474-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.
421517e84fef6199d6a8b6d04a30c460895840aad9a34f2200a564e579c0e8d5Red Hat Security Advisory 2013-1473-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.
19d0b0a6756280e6ad7abc839d934e1c7d02df663ce5a760e3d3995cc5dd185e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed