This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute arbitrary code.
39aebaad8a45d97708b4f70fca83c568747d3a648e8d0349db79003d4c8c1d8eThis Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.0 and 7.53. By sending a CGI request with a specially OvOSLocale cookie to Toolbar.exe, an attacker may be able to execute arbitrary code. Please note that this module only works against a specific build (ie. NNM 7.53_01195)
898a93364b9fa36233d38ee8b2c084499e66a78b0b9ca0f2119f6605d5243235This Metasploit module takes advantage of the default configuration of the RMI Registry and RMI Activation services, which allow loading classes from any remote (HTTP) URL. As it invokes a method in the RMI Distributed Garbage Collector which is available via every RMI endpoint, it can be used against both rmiregistry and rmid, and against most other (custom) RMI endpoints as well. Note that it does not work against Java Management Extension (JMX) ports since those do not support remote class loading, unless another RMI endpoint is active in the same Java process. RMI method calls do not support or require any sort of authentication.
74cc3c759347106de31d2f7d447682b88481649a9cdcb47556ef3dc90a7223aeUbuntu Security Notice 1150-1 - Multiple vulnerabilities were fixed in Thunderbird. Multiple memory vulnerabilities were discovered in the browser rendering engine. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. Various other issues were also addressed.
3bea20b83e873bb59e3d9af80b0cc255aa984c156e6a4adaa8824c99f68f671fUbuntu Security Notice 1170-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. It was discovered that Xen did not correctly handle certain block requests. A local attacker in a Xen guest could cause the Xen host to use all available CPU resources, leading to a denial of service. Various other issues were also addressed.
1723caad95829c697af2c75e3b2eaa05c86499fc1d4c521bf8bf41368013a4c8MyST BlogSite suffers from arbitrary URL redirection and information leakage vulnerabilities.
dd0ed1a7586c2c7a527c787f0f9809a44eb89174113c053def2f34d5f65d472fDebian Linux Security Advisory 2254-2 - Jamie Strandboge noticed that the patch proposed to fix CVE-2011-1760 in OProfile has been incomplete. OProfile is a performance profiling tool which is configurable by opcontrol, its control utility. Stephane Chauveau reported several ways to inject arbitrary commands in the arguments of this utility. If a local unprivileged user is authorized by sudoers file to run opcontrol as root, this user could use the flaw to escalate his privileges.
d15f72bc77a63ca7a0207ae2609c80cd893bfdfa52bfb50b39e5218d4783a885Whitepaper called Using Metasploit With Nessus Bridge On Ubuntu. The author discusses using the autopwn feature in Metasploit, running Nessus from within Metasploit, choices of databases to use, and the benefits of each.
7a281ad62c6b8aa703ecc0bdd4a00e7157e35b1a5e19f99ed374027c1a923e86Malware Analyser is freeware tool to perform static and dynamic analysis on malwares.
8f97c0865fbaa3413d8b485397cc6e12ec502b7798cce86f6a4b246286cdf22fThis is a brief whitepaper called HTTP Parameter Contamination (HPC) Attack / Research.
fd048c4ac4a159b39bf8ad25dc758cf6e3d6fbf6ed1e035ace3ac04b164649c5Interactive World suffers from cross site scripting and remote SQL injection vulnerabilities.
6f13fbb6d94fb36c89e29162f969b3d4b5efeddcabfcb8476ebb859f6e764e0aSlackware Security Advisory - New mozilla-firefox packages have been released for Slackware 13.0 and 13.1 to address security issues.
45e9860bae4de0547a06d643d380bf084dd9add89119e36eb6dbdfab3f9db9d3iDefense Security Advisory 07.14.11 - Remote exploitation of a buffer overflow in Citrix Systems, Inc.'s Access Gateway Client ActiveX control allows remote attackers to execute arbitrary code. To exploit this vulnerability, a targeted user must load a malicious Web page created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. Versions affected are 8.1 prior to 8.1-67.7, 9.0 prior to 9.0-70.5, and 9.1 prior to 9.1-96.4.
7da340d19926e061e5ff91def8e4cab80314786c667bc814ad98db464a3d4ca0Chyrp versions 2.1 and below suffer from cross site scripting, local file inclusion, shell upload, and directory traversal vulnerabilities. Both the oCERT and original advisories are included here.
18cdf52059b49b643716260b829dda6fe150876cbf21decc4085e78858e6de67Slackware Security Advisory - New seamonkey packages have been released for Slackware 13.37 and -current to address security issues.
ca35c35c440fa8cb44a3ac329adb9d0722836da386098677428db77085777314Ubuntu Security Notice 1168-1 - Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. Neil Horman discovered that NFSv4 did not correctly handle certain orders of operation with ACL data. A remote attacker with access to an NFSv4 mount could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.
9e8b2714fc824099faae4514943113a649653ec0b7b956ff20ec815f77363076Tomcat versions 7.0.0 through 7.0.18, 6.0.0 through 6.0.32, and 5.5.0 through 5.5.33 suffer from an information disclosure vulnerability. Tomcat provides support for sendfile with the HTTP NIO and HTTP APR connectors. sendfile is used automatically for content served via the DefaultServlet and deployed web applications may use it directly via setting request attributes. These request attributes were not validated.
74bcc8fd613635840905f130972f0216bb8281906fd6fe8ef93ea6151da404a8Dell IT Assistant detectIESettingsForITA.ocx Active-X control readRegVal() remote registry dump exploit.
972fe47b27217c4fe43b9ab5056484e368ca06d298659a3290fa514440134e4ePaltalk Messenger version 10.0 suffers from an Active-X insecure method vulnerability.
3b4401939b9bca69589a54c90655ff168e700c9fd2e7f74591bc6d8108accfefA persistent cross site scripting vulnerability exists in the Oracle I-Recruitment portal. The account information page allows the user to upload his resume in Microsoft Word document. An attacker can construct a malicious MSWord file to conduct the attack by setting a cross site scripting payload in hyperlinks in order to bypass conversion filters. Versions 11.5.10.2, 12.0.6, and 12.1.3 are affected.
89565c921950ce4770fa5b14b519ba8f3361837b5def92e74ce9f346295f4bdeEtoshop suffers from a remote blind SQL injection vulnerability.
4dc65c4ba24fe3e1570cef126470bd0c891a658fa0912df320f66d1caa3f86b5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed