This exploit abuses a vulnerability in the HP Data Protector service. This flaw allows an unauthenticated attacker to take advantage of the EXEC_CMD command and traverse back to /bin/sh, this allows arbitrary remote code execution under the context of root.
95add5b2ce4d94dcd719eaead5d7369aff78a1ef7a8325a02fc4a43b2369c0b5WineBiz suffers from a remote SQL injection vulnerability.
f354657806fd9ac91926b7b06045ec8b120ef24937f9694cba159b6228418209Feng Chen suffers from a remote SQL injection vulnerability.
6f7d2dfb912bcc5283b7acb739633426b01756b75e22767dfd3e73b632d2535cBlackBerry PlayBook suffers from a samba related code execution vulnerability. Tablet versions prior to 2.0.0.7971 are affected.
1afc8a7ff4c33e0b84d61b7fd3ad9ea453b1ab6f4c8645898025d843d0ecb99cUbuntu Security Notice 1374-1 - Andy Davis discovered that Samba incorrectly handled certain AndX offsets. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code.
81d485c10b572461eea91dd42a3a6dd59c4c9ad6c3e1aa0157a31e42055bb3abUbuntu Security Notice 1373-1 - It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. Various other issues were also addressed.
f5d1680ea07c3d083ccb24ffe7ffae199ba83aed9e742267a6ecfcda91111e3cDebian Linux Security Advisory 2416-1 - It was discovered that Notmuch, an email indexer, did not sufficiently escape Emacs MML tags. When using the Emacs interface, a user could be tricked into replying to a maliciously formatted message which could lead to files from the local machine being attached to the outgoing message.
65bcdf42c527a426b64804a3384e6b2466fe1ff2c05aca4bdd06d8c34f037db4darkb0t is an IRC bot written in Python that is capable of doing reverse DNS lookups, google dork searching, performing link checking on SQL injection, and more.
bd0dc25d87992414149a403dc549ded89a0f0fb3561c895a931c8324a9a959cfPHPFox suffers from a base64 encoded cross site scripting vulnerability.
020f8d963ea8be04ea929544d5ac9cca10507c062abc3c1859af3691616856c2Zerecords suffers from a remote SQL injection vulnerability.
2baa5e3406166ac5ec1ec3afffd4624b7cb22dd9dfa8e30ee80137c77c5acc4dSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
4547cdadbae075b9106eead876d49fe5ad3ce417882f0447b7f7181590f95a4eOnapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), then it would be possible to validate arbitrary (USER, ROLE, ENVIRONMENT) tuples, in order to detect valid ones.
bd2dcc460f9817265732bc0808e8543eaac886463c0594e24bd5fce15ec0bc80Onapsis Security Advisory - If a specially crafted message is sent to the JDENET service (specifically to the SAW Kernel), a user can remotely change the JDE.INI configuration file. This situation might help the attacker to perform complex attacks that would lead in a full compromise of the system.
828b3a567c457e25def81aed87d84c454dc26926bd2577c4e6994f3c298a3a9dThis Metasploit module exploits various flaws in The Uploader to upload a PHP payload to target system. When run with defaults it will search possible URIs for the application and exploit it automatically. Works against both English and Italian language versions. Notably it disables pre-emptive email warnings before uploading the payload, though it leaves log cleanup as a post-exploitation task.
d29a260fa19d9695a7f57da48288f4735a750b3a821a5fdf8012ac51ec7892aaThis Metasploit module exploits a vulnerability in the CmdProcessor.exe component of Trend Micro Control Manager up to version 5.5. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user.
a04483c90d2ea44a263aa576ce03bb6bfbcf03f1fa5d6ff7e8b522c7b58f3163This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. The arguments passed to Java Web Start are not properly validated, allowing injection of arbitrary arguments to the JVM. By utilizing the lesser known -J option, an attacker can take advantage of the -XXaltjvm option, as discussed previously by Ruben Santamarta. This method allows an attacker to execute arbitrary code in the context of an unsuspecting browser user. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.
81161207244c8e7484b4277932284c0018d20eb38ceb3a2c62bd1e994ede6a05This Metasploit module exploits a stack-based buffer overflow in Orbit Downloader. The vulnerability is due to Orbit converting an URL ascii string to unicode in a insecure way with MultiByteToWideChar. The vulnerability is exploited with a specially crafted metalink file that should be opened with Orbit through the "File->Add Metalink..." option.
3fabd80b37cf0e1969d54e9e5602e17e7766d95225a456a310cee421d520516ce-Rapido version 3.3.2 suffers from a remote SQL injection vulnerability.
cf7a1400e35c1b125e03897fa09e961f0d5c7a343ba03458675f0c86364aded2Onapsis Security Advisory - If a message containing packets of a specific size is sent to the JDENET service, a Denial of service condition is triggered, because the kernel in charge of dispatching those packets uses all the available CPU time.
e078711b599b4ca14519d9a0815063149df5877baf8bdefeb3da7bcb1a95522ePacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
ba03e5371037a7543536b1b3657f4b8d9eb3f36d5711e818d4cc69d3057f12f4Onapsis Security Advisory - Several ways to gather information exist in the JDENET service. Sending specific types of messages, it is possible to access technical information about the system's configuration.
a6dfb3a6559dfc645d1303f9b5a6826e4fa6b4bbc4a75ebc31faef54217250c8Redtienda E-Commerce version 2.0 suffers from a remote SQL injection vulnerability.
254a66ed01d4fe65cc1f4ecee5e04fd56ef097f03a784bee9bf477ac65334d03Mobile MP3 Search Engine version 2.0 suffers from a HTTP response splitting vulnerability.
4a234a62d9055e4a817636cab81811ebdcb76770efd193cc42471310e95ae02fphpDenora versions 1.4.6 and below suffer from multiple remote SQL injection vulnerabilities.
b83bd5f90a30cbd3fd0278ac241065d1eca4705fd8add6f40376be1d877983ceOnapsis Security Advisory - If a specially crafted message is sent to the JDENET service (specifically to the SAW Kernel), a user can remotely retrieve data from the JDE.INI configuration FILE. This information includes password for database connection and configuration of node password for authentication tokens.
90f2ce75b9c8f2dc58f994c02fbf3ab323d56248d40faf948d178fd4350492a4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed