This exploit abuses a vulnerability in the HP Data Protector service. This flaw allows an unauthenticated attacker to take advantage of the EXEC_CMD command and traverse back to /bin/sh, this allows arbitrary remote code execution under the context of root.
95add5b2ce4d94dcd719eaead5d7369aff78a1ef7a8325a02fc4a43b2369c0b5
WineBiz suffers from a remote SQL injection vulnerability.
f354657806fd9ac91926b7b06045ec8b120ef24937f9694cba159b6228418209
Feng Chen suffers from a remote SQL injection vulnerability.
6f7d2dfb912bcc5283b7acb739633426b01756b75e22767dfd3e73b632d2535c
BlackBerry PlayBook suffers from a samba related code execution vulnerability. Tablet versions prior to 2.0.0.7971 are affected.
1afc8a7ff4c33e0b84d61b7fd3ad9ea453b1ab6f4c8645898025d843d0ecb99c
Ubuntu Security Notice 1374-1 - Andy Davis discovered that Samba incorrectly handled certain AndX offsets. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code.
81d485c10b572461eea91dd42a3a6dd59c4c9ad6c3e1aa0157a31e42055bb3ab
Ubuntu Security Notice 1373-1 - It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. Various other issues were also addressed.
f5d1680ea07c3d083ccb24ffe7ffae199ba83aed9e742267a6ecfcda91111e3c
Debian Linux Security Advisory 2416-1 - It was discovered that Notmuch, an email indexer, did not sufficiently escape Emacs MML tags. When using the Emacs interface, a user could be tricked into replying to a maliciously formatted message which could lead to files from the local machine being attached to the outgoing message.
65bcdf42c527a426b64804a3384e6b2466fe1ff2c05aca4bdd06d8c34f037db4
darkb0t is an IRC bot written in Python that is capable of doing reverse DNS lookups, google dork searching, performing link checking on SQL injection, and more.
bd0dc25d87992414149a403dc549ded89a0f0fb3561c895a931c8324a9a959cf
PHPFox suffers from a base64 encoded cross site scripting vulnerability.
020f8d963ea8be04ea929544d5ac9cca10507c062abc3c1859af3691616856c2
Zerecords suffers from a remote SQL injection vulnerability.
2baa5e3406166ac5ec1ec3afffd4624b7cb22dd9dfa8e30ee80137c77c5acc4d
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
4547cdadbae075b9106eead876d49fe5ad3ce417882f0447b7f7181590f95a4e
Onapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), then it would be possible to validate arbitrary (USER, ROLE, ENVIRONMENT) tuples, in order to detect valid ones.
bd2dcc460f9817265732bc0808e8543eaac886463c0594e24bd5fce15ec0bc80
Onapsis Security Advisory - If a specially crafted message is sent to the JDENET service (specifically to the SAW Kernel), a user can remotely change the JDE.INI configuration file. This situation might help the attacker to perform complex attacks that would lead in a full compromise of the system.
828b3a567c457e25def81aed87d84c454dc26926bd2577c4e6994f3c298a3a9d
This Metasploit module exploits various flaws in The Uploader to upload a PHP payload to target system. When run with defaults it will search possible URIs for the application and exploit it automatically. Works against both English and Italian language versions. Notably it disables pre-emptive email warnings before uploading the payload, though it leaves log cleanup as a post-exploitation task.
d29a260fa19d9695a7f57da48288f4735a750b3a821a5fdf8012ac51ec7892aa
This Metasploit module exploits a vulnerability in the CmdProcessor.exe component of Trend Micro Control Manager up to version 5.5. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user.
a04483c90d2ea44a263aa576ce03bb6bfbcf03f1fa5d6ff7e8b522c7b58f3163
This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. The arguments passed to Java Web Start are not properly validated, allowing injection of arbitrary arguments to the JVM. By utilizing the lesser known -J option, an attacker can take advantage of the -XXaltjvm option, as discussed previously by Ruben Santamarta. This method allows an attacker to execute arbitrary code in the context of an unsuspecting browser user. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.
81161207244c8e7484b4277932284c0018d20eb38ceb3a2c62bd1e994ede6a05
This Metasploit module exploits a stack-based buffer overflow in Orbit Downloader. The vulnerability is due to Orbit converting an URL ascii string to unicode in a insecure way with MultiByteToWideChar. The vulnerability is exploited with a specially crafted metalink file that should be opened with Orbit through the "File->Add Metalink..." option.
3fabd80b37cf0e1969d54e9e5602e17e7766d95225a456a310cee421d520516c
e-Rapido version 3.3.2 suffers from a remote SQL injection vulnerability.
cf7a1400e35c1b125e03897fa09e961f0d5c7a343ba03458675f0c86364aded2
Onapsis Security Advisory - If a message containing packets of a specific size is sent to the JDENET service, a Denial of service condition is triggered, because the kernel in charge of dispatching those packets uses all the available CPU time.
e078711b599b4ca14519d9a0815063149df5877baf8bdefeb3da7bcb1a95522e
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
ba03e5371037a7543536b1b3657f4b8d9eb3f36d5711e818d4cc69d3057f12f4
Onapsis Security Advisory - Several ways to gather information exist in the JDENET service. Sending specific types of messages, it is possible to access technical information about the system's configuration.
a6dfb3a6559dfc645d1303f9b5a6826e4fa6b4bbc4a75ebc31faef54217250c8
Redtienda E-Commerce version 2.0 suffers from a remote SQL injection vulnerability.
254a66ed01d4fe65cc1f4ecee5e04fd56ef097f03a784bee9bf477ac65334d03
Mobile MP3 Search Engine version 2.0 suffers from a HTTP response splitting vulnerability.
4a234a62d9055e4a817636cab81811ebdcb76770efd193cc42471310e95ae02f
phpDenora versions 1.4.6 and below suffer from multiple remote SQL injection vulnerabilities.
b83bd5f90a30cbd3fd0278ac241065d1eca4705fd8add6f40376be1d877983ce
Onapsis Security Advisory - If a specially crafted message is sent to the JDENET service (specifically to the SAW Kernel), a user can remotely retrieve data from the JDE.INI configuration FILE. This information includes password for database connection and configuration of node password for authentication tokens.
90f2ce75b9c8f2dc58f994c02fbf3ab323d56248d40faf948d178fd4350492a4