This Metasploit module exploits the Oracle Job Scheduler to execute arbitrary commands. The Job Scheduler is implemented via the component extjob.exe which listens on a named pipe called "orcljsex<SID>" and execute arbitrary commands received throw this channel via CreateProcess(). In order to connect to the Named Pipe remotely SMB access is required. This Metasploit module has been tested on Oracle 10g Release 1 where the Oracle Job Scheduler runs as SYSTEM on Windows but it's disabled by default.
a5520991853dfba840715d948313a5ca0eee49a3177ec837c2761cf043b2c418
Open Conference Systems versions 2.3.4 and below, Open Journal Systems version 2.3.6 and below and Open Harvester Systems versions 2.3.1 and below remote code execution exploit.
c8514bceee7ade59cbec79ac89af4009e9637eb3d5dcbf7b21c50429755f0ec6
This Metasploit module exploits a SIP username enumeration vulnerability in Asterisk. Performs a REGISTER scan for numeric peer usernames having a nat setting different to global sip nat setting. Works even when alwaysauthreject=yes. For this exploit to work, the source port cannot be 5060.
54da0d99e312b44be212dc5220e9ea0fef3a31a1f8a4b91a6f8f48f53c53ca09
Secunia Security Advisory - A vulnerability has been discovered in Whois.Cart, which can be exploited by malicious people to conduct cross-site scripting attacks.
2a8873fd498e4864aec167d8bf600d099f08566136857d5e4a2f66caca79f71e
Secunia Security Advisory - Multiple vulnerabilities have been reported in HP Managed Printing Administration, which can be exploited by malicious people to compromise a vulnerable system.
9a68c26e6c8423e9131753236ea182eab70f56400c1c0677734986cd0affde57
Secunia Security Advisory - Debian has issued an update for unbound. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
a5a00b15c00059d648cbd48c4ff05d6f977c75338250418f6a806ea9e05f5f03
Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to gain escalated privileges.
635187466a9d994594e720ac93f94f792231827fad4311342c1ac4e7802bf083
Secunia Security Advisory - A vulnerability has been discovered in Tiki Wiki CMS/Groupware, which can be exploited by malicious people to conduct cross-site request forgery attacks.
e09495fbd2214dc75e8da3a79c84401071d4d268c8ea782bfef8dab078f6929c
Secunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a user's system.
d29a97290ba10d51b169d16b55b77f9fc68ba8534935da3f161abb98a80cd652
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows Phone, which can be exploited by malicious people to cause a DoS (Denial of Service).
d601ccb7ff992a42790dba8ecaa8246e8be0d11887d8ec7d2c601ebdbaab5794
Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in Open Business Management, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose potentially sensitive information and conduct cross-site scripting and SQL injection attacks.
58a9baff3abf620f79e6309791bac2fc3c40860fe2d454c21233b53076509394
Secunia Security Advisory - Multiple vulnerabilities have been reported in Websense products, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a vulnerable system.
19e07477de40c94c6fbe93ecaa6643e97f28171f4060f91f308de2017aad553b
Secunia Security Advisory - MustLive has discovered a vulnerability in Android, which can be exploited by malicious people to conduct spoofing attacks.
9f5ebed4a21407733324342aa69e54c3632ebae0d43bf4a1200a062e07fc22b2
Secunia Security Advisory - Two vulnerabilities have been reported in cApexWEB, which can be exploited by malicious people to conduct SQL injection attacks.
00ea78aeaa5454257f302418a42b455f38c25511417848d7e1e092798aea77b7
Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to gain escalated privileges.
9b8166808c22162036618de8808ece544c2774872189246d46e6a80da9b38bf9
Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Rational Rhapsody, which can be exploited by malicious people to compromise a user's system.
896533ff6f22bfac84355a38087c350a7a4e991d1ad5e8951dd4a138d9ef1f84
Secunia Security Advisory - A vulnerability has been reported in IBM DB2 and IBM DB2 Connect, which can be exploited by malicious, local users to gain escalated privileges.
fdc3e931c8a06884e63283cfa0a7548e713f2d10c38e14243adf5f71941d198f
Secunia Security Advisory - A vulnerability has been discovered in Public Knowledge Project Open Journal Systems and Open Conference Systems, which can be exploited by malicious people to conduct cross-site request forgery attacks.
ecfe1cf82a2d8092decef4bd7da9d7895960d89e85f0f2252af1c49fc353f846
Secunia Security Advisory - Multiple vulnerabilities have been reported in BB FlashBack SDK, which can be exploited by malicious people to compromise a user's system.
a8970ac1ba41cdb7d29f4062abf18bb71929b92f51df8751a9dc6222d27221fa
This Metasploit module exploits an arbitrary command execution vulnerability in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php.
2a414aa71e3429752f31a3f9f0ad17a08f3c3d290b612cfb08bbb15b1b14dea3
This Metasploit module abuses a command execution vulnerability within the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists within the 'mappy' search command which allows to run python code. To exploit this vulnerability a valid Splunk user with the admin role is required. Unfortunately, Splunk uses a default credential of 'admin:changeme' for admin access, which is used to leverage our attack. The Splunk Web interface runs as SYSTEM on Windows and as root on Linux by default.
4cec15e9c8252677e5cd1bb453f1bd43e0c2eb409d8162a5ce458bb290116509
Tiki Wiki CMS Groupware versions 8.2 and below suffer from a remote PHP code injection vulnerability in snarf_ajax.php.
b7307f459df54b9ed0978af284f064b18dafbeb2458c69e4c3625d1e42e39172