This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions less than or equal to 2.2.1.1. This issue is caused because the ExceptionDelegator interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
0b05a1b978021a7e230996613260f0f4ba94c92ffadf95f1ba1f5be6cacdbf23
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
0f7aa283f53e083e4e38b0c05e41083ee07953e3f7c831ffaab56f4f1a99d6d4
Red Hat Security Advisory 2012-0705-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an invalid Escher graphics records length in Microsoft Office PowerPoint documents. An attacker could provide a specially-crafted Microsoft Office PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org.
6a657f9b42a90e909284ccc79fb9187564b90245173cbab2a1f6851f0a6a3370
WordPress version 3.3.2 suffers from double-encoding cross site scripting vulnerability that bypasses the filter for protection.
e35bf5a3e7182b22d62980dd79e2f167b39d0fbd8ccba3987c45ff838cb7df5d
Debian Linux Security Advisory 2485-1 - Multiple cross-site scripting (XSS) vulnerabilities were discovered in IMP, the webmail component in the Horde framework. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various crafted parameters.
78ff1a6b297a6acfa99730fd0f218b08efac99d83225398094c9aa822f41d9a5
Debian Linux Security Advisory 2482-1 - Vreixo Formoso discovered that libgdata, a library used to access various Google services, wasn't validating certificates against trusted system root CAs when using an https connection.
1d47094e9ab3199d3353d60e80d2221e27b8800fc67c6fd798aef369c4486afe
Debian Linux Security Advisory 2481-1 - Steve Grubb from Red Hat discovered that a patch for arpwatch (as shipped at least in Red Hat and Debian distributions) in order to make it drop root privileges would fail to do so and instead add the root group to the list of the daemon uses.
8b0cd0c918aa1e71f1b16b1a44d4928e841896d59745b3ffe1eefa485e4bfab4
Debian Linux Security Advisory 2484-1 - Sebastian Pohle discovered that upsd, the server of Network UPS Tools (NUT) is vulnerable to a remote denial of service attack.
a8c18bcd6cdb3120bb6a2c46ff0b56eebbc9ed923c3823a6005c5873e2a7cbaf
Ubuntu Security Notice 1443-2 - USN-1443-1 fixed vulnerabilities in Update Manager. The fix for CVE-2012-0949 was discovered to be incomplete. This update fixes the problem. Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain system state archive files to Launchpad when reporting bugs. This could possibly result in repository credentials being included in public bug reports. Various other issues were also addressed.
ca40d4ffaa1111eb7d818c773ab0a8c8febe32747e3c27eb46c7448579d6d480