This Metasploit module exploits an Arbitrary File Upload vulnerability in Oracle Event Processing 11.1.1.7.0. The FileUploadServlet component, which requires no authentication, can be abused to upload a malicious file onto an arbitrary location due to a directory traversal flaw, and compromise the server. By default Oracle Event Processing uses a Jetty Application Server without JSP support, which limits the attack to WbemExec. The current WbemExec technique only requires arbitrary write to the file system, but at the moment the module only supports Windows 2003 SP2 or older.
354b179956fa5730561cdacb3cb83ea87cbbaf8af2b2d69f7b545cc36d2d4223This Metasploit module exploits an unauthenticated remote command execution vulnerability in version 0.4.0 of Gitlist. The problem exists in the handling of an specially crafted file name when trying to blame it.
2d10e7f5052c363ec8a9a489e9f7c7fd6b0f2a333365ccb4fc9fa7413a6b823cThe Wordpress plugin "MailPoet Newsletters" (wysija-newsletters) before 2.6.8 is vulnerable to an unauthenticated file upload. The exploit uses the Upload Theme functionality to upload a zip file containing the payload. The plugin used the admin_init hook, which is also executed for unauthenticated users when accessing a specific URL. The developers tried to fix the vulnerability in version 2.6.7 but the fix can be bypassed. In PHPs default configuration, a POST variable overwrites a GET variable in the $_REQUEST array. The plugin uses $_REQUEST to check for access rights. By setting the POST parameter to something not beginning with 'wysija_', the check is bypassed. Wordpress uses the $_GET array to determine the page and is so not affected by this.
ce2cffe8515677c0d219f665bad07fe8ecea2cce4c18e01fcea51556c3c8c876HP Security Bulletin HPSBMU03051 2 - Potential security vulnerabilities have been identified with HP System Management Homepage running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 2 of this advisory.
a8b4016c09a06b99a77961252874991fb1d5f4b7f94d12df1115b2d59481596bUplay for PC suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group, making the entire directory 'Ubisoft Game Launcher' and its files and sub-dirs world-writable. Versions 4.7.3208 and 4.5.2.3010 are affected.
31802309fa76191bff06d7414889c4a568baabe7cc4f2f038a3aceab636e2b60AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
dca3ca28c11c869c96b82dbd82cd0fb51f2ceb01b813792c970d51deb9212510Ubuntu Security Notice 2274-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.
82281da049376f2b4579ebfff00e44cde4d9cb934d302f82e7d8df85220c0588Ubuntu Security Notice 2272-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.
44327dad1fdf47dc2cf7e9f604cb82153f4c4adf9d28e736005aee9f4224691aUbuntu Security Notice 2271-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.
391f400f2d6c88c3fd6a45ff28747b979c1947046f719cb6a2b82515e80a1fcfUbuntu Security Notice 2266-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.
142f502be70a5e886a0913def179f15a4abea7fe2f842568dc9e9b7c25ff73faUbuntu Security Notice 2270-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.
e11797f1e149c888fb650c5e724455b9f47bac4c006b0641edfba2d325e0e1edUbuntu Security Notice 2268-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.
379099c1152a566c490f83d2f4e3ae2a499d95a18f629ccc8f78ac6833da9c2bUbuntu Security Notice 2269-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.
79af0f736f1b7dbb0b23ef72d6c263ae918043f1cb2a93f5fe9f0638ed34a714Ubuntu Security Notice 2267-1 - Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.
6149333518dd2aba6c776e0737b5975de8e3fa4b08d862777c2779eb38bb3844XSSYA is a python tool that attempts malicious payloads for bypassing web application firewalls.
c95115f9d5f22c9536e908df9434a5f94a5a52fc7a3795a81531513d23c665fc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed