This Metasploit module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. This Metasploit module has been tested successfully with SAP NetWeaver 7.00 and 7.01 on Windows Server 2008 R2.
62e0a4607ddec7e5f1da4c772ef23ba8583944002abf5e96e995e6da403c5361This Metasploit module exploits a PREG_REPLACE_EVAL vulnerability in phpMyAdmin's replace_prefix_tbl within libraries/mult_submits.inc.php via db_settings.php. This affects versions 3.5.x below 3.5.8.1 and 4.0.0 below 4.0.0-rc3. PHP versions greater than 5.4.6 are not vulnerable.
cde46aba3bb442a48c277780f2ae183ec296c40bdbad1fb176830924a1405679This Metasploit module exploits a PHP Code Injection vulnerability against Wordpress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows arbitrary PHP code injection. A valid post ID is needed in order to add the malicious comment. If the POSTID option isn't specified, then the module will automatically bruteforce one. Also, if anonymous comments aren't allowed, then a valid username and password must be provided. In addition, the "A comment is held for moderation" option on Wordpress must be unchecked for successful exploitation. This Metasploit module has been tested against Wordpress 3.5 and W3 Total Cache 0.9.2.3 on a Ubuntu 10.04 system.
e5ac9a6fad8c4d6319f7a5b50dd28589a34b1e7d2753c81dd9c0c17b9fb0bb79Core Security Technologies Advisory - D-Link IP Cameras suffer from OS command injection, authentication, information leak, and hard-coded credential vulnerabilities.
c89524253ab599d8622f01400e1599d3a2ca11af0117966d4e4a0fe9ff04ad31Core Security Technologies Advisory - Vivotek IP Cameras suffer from information leak, buffer overflow, authentication, path traversal, and command injection vulnerabilities. Vulnerable are Vivotek PT7135 IP camera with firmware 0300a, Vivotek PT7135 IP camera with firmware 0400a, and possibly others.
fa7660e4a137a97602dd52a3f2f89792f4eba90870562d6329ab58bbcacf03d9Cisco Linksys E1200 and N300 routers version 2.0.04 suffer from a cross site scripting vulnerability.
c940fba04264c2e267af39f6a7ead1f281c2d9cc0420ff4ca58897013a5ee1c6HP Security Bulletin HPSBPI02869 SSRT100936 - A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to files. Revision 1 of this advisory.
c331c35e287cf34d731bc25cdf4dc4815ac9ee61b92981d4b4a6d1686c4d86aeHP Security Bulletin HPSBPI02868 SSRT101017 - A potential security vulnerability has been identified with HP Managed Printing Administration (MPA). The vulnerability could be exploited remotely resulting in cross site scripting (XSS). Revision 1 of this advisory.
ea246147bc2212a438f5e993c0712afde5bd4063ef936ec1ee283575e5c97b1dFoe CMS version 1.6.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
f9cee0773f9203282881b7996ccb4e7e82ff6ed5751595da4aa7cbe5dcbda989Ipswitch IMail version 11.01 suffers from a cross site scripting vulnerability.
994dfe38a03dadf23ee63272381e22efa35b41a469d160c4208efb44566257f9Memcached denial of service exploit for an issue disclosed on their bugtracker two years ago and was never patched.
814e65638843b38bd9fd9f0e2304a82c68628fa8c903a54aaec2025d9de659fcEDSC is a new security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will be held this summer on the beach at Golden Gardens Park in the Bathhouse. The venue is 20 minutes from downtown Seattle, WA, USA. It will take place August 14th and 15th.
2abefd1feff07569705099347b834c058dbaa4add3c7932658d8ec9a304943dcJoomla! versions 3.0.3 and below suffer from a PHP object injection vulnerability in remember.php.
92c1b16050368998c04ca3342d9eced12b23a19d5974b249776e4d6b55dcefcdMandriva Linux Security Advisory 2013-154 - An information disclosure flaw was found in the way the mount command reported errors. A local attacker could use this flaw to determine the existence of files and directories they do not have access to. Additionally for Mandriva Enterprise Server 5 a patch was added to support a new --no-canonicalize switch for mount to support the fix for in fuse. The updated packages have been patched to correct these issues.
007b8d9e4059b6f9c2f23c2c4c28be3ff4be16e6a9dabd3d0800fb8a9d748303Mandriva Linux Security Advisory 2013-156 - ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity vulnerability. The updated packages have been patched to correct this issue.
686354a3dac07edc7796a50d9ab3acf3cac39229d4912db2ea0ab6d44023c774Mandriva Linux Security Advisory 2013-155 - FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789. The updated packages have been patched to correct this issue.
4a573d4ac94a8fef29b69d8e2b6b66a8923d2d41fc74bc07033273f227d9c195PayPal's Billsafe online payment service web application suffered from a remote authentication bypass session vulnerability.
a7648736a35c6d5b0f41156d9bb5608ca1538419ba339fc5cf0c58bcb604ae1bTinyMCE Ajax File Manager suffers from a remote code execution vulnerability.
d755af232c0c6aa46764039b4bc2eb4bec170c1ae8e037d2d4a69a96ee1a9200Mandriva Linux Security Advisory 2013-153 - Subversion's mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a LOCK request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash in some circumstances when a LOCK request is made against a non-existent URL. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a PROPFIND request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild, but the details of how to exploit it have been disclosed on the full disclosure mailing list. Subversion's mod_dav_svn Apache HTTPD server module will crash when a log REPORT request receives a limit that is out of the allowed range. This can lead to a DoS. There are no known instances of this problem being used as a DoS in the wild. The updated packages have been upgraded to the 1.7.9 version which is not affected by these issues.
ac52fca2c6e52678143574a204e2908949235f35cf7c438923678f0725019825Mandriva Linux Security Advisory 2013-152 - Subversion's mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a LOCK request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash in some circumstances when a LOCK request is made against a non-existent URL. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a PROPFIND request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild, but the details of how to exploit it have been disclosed on the full disclosure mailing list. The updated packages have been upgraded to the 1.6.21 version which is not affected by these issues.
930a2bdd3266063666866847cb602e153af6288c4df4eadd20f0f8eba4ad4b09Mandriva Linux Security Advisory 2013-151 - libcurl is vulnerable to a cookie leak vulnerability when doing requests across domains with matching tails. This vulnerability can be used to hijack sessions in targetted attacks since registering domains using a known domain's name as an ending is trivial.
5c69303402e466b01eae0fbd8cd93ede86dc773f79280ad90e909cf75515c6afFreePBX version 2.9 suffers from a backup module remote command execution vulnerability.
0f737c88245ed86d1ced573e55dc41069885055dbdb06ade39b3d6fddb9f0145PHPValley Micro Jobs Site Script version 1.01 allows for a logged in user to spoof another user and take over their account.
be3489717f38a732799715a5bf9d318833e3065f792e86619fa9a7f2f1b2c792Elecard MPEG Player version 5.8 proof of concept local buffer overflow exploit.
7302291bed8b7eb00f297566ec60a621d7adcfae5c0545a7e9a021986f0bdd90Sites designed by Iron Lava Corp suffer from remote shell upload and remote SQL injection vulnerabilities. Note that this advisory has site-specific information.
75f7541db9cc5c202ba408bd1c4efc347e24216888610a60af000419f373eff4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed