This Metasploit module exploits a php unserialize() vulnerability in SugarCRM versions 6.3.1 and below which could be abused to allow authenticated SugarCRM users to execute arbitrary code with the permissions of the webserver. The dangerous unserialize() exists in the 'include/MVC/View/views/view.list.php' script, which is called with user controlled data from the 'current_query_by_page' parameter. The exploit abuses the __destruct() method from the SugarTheme class to write arbitrary PHP code to a 'pathCache.php' on the web root.
1e73a4a4f9bf312d43feeea95213bce49f5dcf97660320b96cca53b8c0f4ba3dUbuntu Security Notice 1483-2 - USN-1483-1 fixed a vulnerability in NetworkManager by disabling the creation of WPA-secured AdHoc wireless connections. This update provides the corresponding change for network-manager-applet. It was discovered that certain wireless drivers incorrectly handled the creation of WPA-secured AdHoc connections. This could result in AdHoc wireless connections being created without any security at all. This update removes WPA as a security choice for AdHoc connections in NetworkManager. Various other issues were also addressed.
d9f65ac4719ba150d08e186463e35ce618c2f313114fdd6c475d4ccf81f2a1e6Ubuntu Security Notice 1483-1 - It was discovered that certain wireless drivers incorrectly handled the creation of WPA-secured AdHoc connections. This could result in AdHoc wireless connections being created without any security at all. This update removes WPA as a security choice for AdHoc connections in NetworkManager.
d35f4e8e5191c7b3e61ad07217f45203bbb8f811b3f00949c296b7d3d6c8f3a6Ubuntu Security Notice 1463-6 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. Various other issues were also addressed.
25ad29d41bde009fefb9a337f7247199b62531201b03a95af1937b1f9fca28b3Ubuntu Security Notice 1463-5 - USN-1463-2 fixed a bug in Unity 2D exposed by a recent Firefox update. It was discovered that the issue was only partially fixed on Ubuntu 11.04. When Thunderbird was started from the launcher, Thunderbird was still unable to obtain pointer grabs under certain conditions. This update fixes the problem. USN-1463-1 fixed vulnerabilities in Firefox. The Firefox update exposed a bug in Unity 2D which resulted in Firefox being unable to obtain pointer grabs in order to open popup menus. This update fixes the problem. Various other issues were also addressed.
59ced9782d0d884adbabdccc45bd2f21a57bf35bf61f045b944aa6e782018601Sielco Sistemi Winlog versions 2.07.16 and below suffer from various code execution, stack overflow, and directory traversal vulnerabilities. Proof of concept utility included.
2c3d3186116ed66592e68144dac18e5288896dc07ba9846d20cbd79b708917dbSymantec Web Gateway version 5.0.2.8 suffers from local file inclusion, remote command execution, and arbitrary file deletion vulnerabilities.
a0fccf32d3c50c44bbaec6e8b29d6a94e5b750a7a3630cb98f887b64cf02a1a9Symantec PcAnywhere version 12.5.0 login and password field buffer overflow exploit.
431142dcabddee7d1d98c06b0f21e036c028f68d52e340f678ba55b852d410adThis paper demonstrates how to exploit the encrypted key import functions of a variety of different cryptographic devices to reveal the imported key. The attacks are padding oracle attacks, where error messages resulting from incorrectly padded plaintexts are used as a side channel. This is the paper that made headlines regarding RSA tokens being cracked in 13 minutes.
2f956e99861dabc4d9e263529db1992adcbe71b48930cc4158b998b604dc42b0Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to potentially gain escalated privileges and cause a DoS (Denial of Service), by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to compromise a vulnerable system.
95596c63f8e12d4e90c1f34eb6596003b81263b7992299a09c14e71ac4d0b484Secunia Security Advisory - A vulnerability has been discovered in Monstra CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.
265c7b5dcba3142e383147478c9ad171f9141885ab1eaea0928cf8a5cbbffceaSecunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.
e20b6771fef183bbd48cd6cbf7563d4311f8f62f605b8a5dca98f09206eb8f05Secunia Security Advisory - A vulnerability has been discovered in Dove Forums, which can be exploited by malicious people to conduct cross-site request forgery attacks.
de3d049ab9cf12baa7ae88abf9466b4282e1899571dd007324a81a6a351b0853Secunia Security Advisory - Red Hat has issued an update for libwpd. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
08960ecc892958042edf006d5da01a264cb66877d2bf95a5f2582ec4a7510c50Secunia Security Advisory - A vulnerability has been reported in AIX sendmail, which can be exploited by malicious, local users to gain escalated privileges.
8c6724513a3c5e356afa8652d823436b5bd7ac975cddafc9f05b68a1a31303d8Secunia Security Advisory - A security issue and a vulnerability have been reported in Red Hat Directory Server, which can be exploited by malicious users to disclose sensitive information.
6f4998a6c8579b1ce06e07cf1b17fcc9b3837d35f93522f707f77545b1df8586Secunia Security Advisory - Multiple vulnerabilities have been reported in Symantec Message Filter, which can be exploited by malicious people to disclose sensitive information, conduct session fixation, cross-site scripting, and cross-site request forgery attacks.
5f498972f45a98052b0d2584cd3edfcd8377be6ddb5d6e5e30d33ac190f533c3Secunia Security Advisory - A vulnerability has been discovered in the Website FAQ plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
c8e9fb5283788ed22bbefb1180a07cfcfa306903014b65a7c20726ab8fc2aaecSecunia Security Advisory - Some vulnerabilities have been discovered in the SS Quiz plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks and bypass certain security restrictions.
43b9148dc362a06892fb954f3d4a3a9e98c4d0dace30ed21f470735f2141ac54Secunia Security Advisory - Multiple vulnerabilities have been reported in HP System Management Homepage, where some have unknown impacts and others can be exploited by malicious, local users to gain escalated privileges and cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, hijack a user's session, cause a DoS (Denial of Service), bypass certain security restrictions, manipulate certain data, and compromise a vulnerable system.
1ac283c2410ab42b9b401e8e4a6f341cc1d55d6ee02b43e197ec96b370c568abSecunia Security Advisory - Slackware has issued an update for freetype. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.
49d01cc1b7feb9ff73ac9c468658809d42ba911207ffa34ab28ade290a2bd0ceSecunia Security Advisory - Gentoo has issued an update for pam. This fixes multiple security issues and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, perform certain actions with escalated privileges, and potentially gain escalated privileges.
9bb3a993d3d4680ba299f484f5fdefe0b8a01b5f221ffd33879e2271cbca4834Secunia Security Advisory - A vulnerability has been reported in Apache Roller, which can be exploited by malicious people to conduct cross-site request forgery attacks.
917313a6f7629cd9857192c1be48db0101dd3a74dd37bc5c24555e49d8e82b75Secunia Security Advisory - Gentoo has issued an update for links. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
adb6532c3423da89e39ba4b5a1d845ea7d92a072b7129d1f48b8aae3685d0f6fSecunia Security Advisory - Gentoo has issued an update for postfix. This fixes two vulnerabilities, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
f7402d2aa539b8e516df12a70d30dd630319c5ad5a16ff66cd2dbb2d2b488b73
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed