This Metasploit module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. This Metasploit module has been tested successfully with SAP NetWeaver 7.00 and 7.01 on Windows Server 2008 R2.
62e0a4607ddec7e5f1da4c772ef23ba8583944002abf5e96e995e6da403c5361
This Metasploit module exploits a PREG_REPLACE_EVAL vulnerability in phpMyAdmin's replace_prefix_tbl within libraries/mult_submits.inc.php via db_settings.php. This affects versions 3.5.x below 3.5.8.1 and 4.0.0 below 4.0.0-rc3. PHP versions greater than 5.4.6 are not vulnerable.
cde46aba3bb442a48c277780f2ae183ec296c40bdbad1fb176830924a1405679
This Metasploit module exploits a PHP Code Injection vulnerability against Wordpress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows arbitrary PHP code injection. A valid post ID is needed in order to add the malicious comment. If the POSTID option isn't specified, then the module will automatically bruteforce one. Also, if anonymous comments aren't allowed, then a valid username and password must be provided. In addition, the "A comment is held for moderation" option on Wordpress must be unchecked for successful exploitation. This Metasploit module has been tested against Wordpress 3.5 and W3 Total Cache 0.9.2.3 on a Ubuntu 10.04 system.
e5ac9a6fad8c4d6319f7a5b50dd28589a34b1e7d2753c81dd9c0c17b9fb0bb79
Core Security Technologies Advisory - D-Link IP Cameras suffer from OS command injection, authentication, information leak, and hard-coded credential vulnerabilities.
c89524253ab599d8622f01400e1599d3a2ca11af0117966d4e4a0fe9ff04ad31
Core Security Technologies Advisory - Vivotek IP Cameras suffer from information leak, buffer overflow, authentication, path traversal, and command injection vulnerabilities. Vulnerable are Vivotek PT7135 IP camera with firmware 0300a, Vivotek PT7135 IP camera with firmware 0400a, and possibly others.
fa7660e4a137a97602dd52a3f2f89792f4eba90870562d6329ab58bbcacf03d9
Cisco Linksys E1200 and N300 routers version 2.0.04 suffer from a cross site scripting vulnerability.
c940fba04264c2e267af39f6a7ead1f281c2d9cc0420ff4ca58897013a5ee1c6
HP Security Bulletin HPSBPI02869 SSRT100936 - A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to files. Revision 1 of this advisory.
c331c35e287cf34d731bc25cdf4dc4815ac9ee61b92981d4b4a6d1686c4d86ae
HP Security Bulletin HPSBPI02868 SSRT101017 - A potential security vulnerability has been identified with HP Managed Printing Administration (MPA). The vulnerability could be exploited remotely resulting in cross site scripting (XSS). Revision 1 of this advisory.
ea246147bc2212a438f5e993c0712afde5bd4063ef936ec1ee283575e5c97b1d
Foe CMS version 1.6.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
f9cee0773f9203282881b7996ccb4e7e82ff6ed5751595da4aa7cbe5dcbda989
Ipswitch IMail version 11.01 suffers from a cross site scripting vulnerability.
994dfe38a03dadf23ee63272381e22efa35b41a469d160c4208efb44566257f9
Memcached denial of service exploit for an issue disclosed on their bugtracker two years ago and was never patched.
814e65638843b38bd9fd9f0e2304a82c68628fa8c903a54aaec2025d9de659fc
EDSC is a new security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will be held this summer on the beach at Golden Gardens Park in the Bathhouse. The venue is 20 minutes from downtown Seattle, WA, USA. It will take place August 14th and 15th.
2abefd1feff07569705099347b834c058dbaa4add3c7932658d8ec9a304943dc
Joomla! versions 3.0.3 and below suffer from a PHP object injection vulnerability in remember.php.
92c1b16050368998c04ca3342d9eced12b23a19d5974b249776e4d6b55dcefcd
Mandriva Linux Security Advisory 2013-154 - An information disclosure flaw was found in the way the mount command reported errors. A local attacker could use this flaw to determine the existence of files and directories they do not have access to. Additionally for Mandriva Enterprise Server 5 a patch was added to support a new --no-canonicalize switch for mount to support the fix for in fuse. The updated packages have been patched to correct these issues.
007b8d9e4059b6f9c2f23c2c4c28be3ff4be16e6a9dabd3d0800fb8a9d748303
Mandriva Linux Security Advisory 2013-156 - ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity vulnerability. The updated packages have been patched to correct this issue.
686354a3dac07edc7796a50d9ab3acf3cac39229d4912db2ea0ab6d44023c774
Mandriva Linux Security Advisory 2013-155 - FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789. The updated packages have been patched to correct this issue.
4a573d4ac94a8fef29b69d8e2b6b66a8923d2d41fc74bc07033273f227d9c195
PayPal's Billsafe online payment service web application suffered from a remote authentication bypass session vulnerability.
a7648736a35c6d5b0f41156d9bb5608ca1538419ba339fc5cf0c58bcb604ae1b
TinyMCE Ajax File Manager suffers from a remote code execution vulnerability.
d755af232c0c6aa46764039b4bc2eb4bec170c1ae8e037d2d4a69a96ee1a9200
Mandriva Linux Security Advisory 2013-153 - Subversion's mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a LOCK request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash in some circumstances when a LOCK request is made against a non-existent URL. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a PROPFIND request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild, but the details of how to exploit it have been disclosed on the full disclosure mailing list. Subversion's mod_dav_svn Apache HTTPD server module will crash when a log REPORT request receives a limit that is out of the allowed range. This can lead to a DoS. There are no known instances of this problem being used as a DoS in the wild. The updated packages have been upgraded to the 1.7.9 version which is not affected by these issues.
ac52fca2c6e52678143574a204e2908949235f35cf7c438923678f0725019825
Mandriva Linux Security Advisory 2013-152 - Subversion's mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a LOCK request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash in some circumstances when a LOCK request is made against a non-existent URL. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a PROPFIND request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild, but the details of how to exploit it have been disclosed on the full disclosure mailing list. The updated packages have been upgraded to the 1.6.21 version which is not affected by these issues.
930a2bdd3266063666866847cb602e153af6288c4df4eadd20f0f8eba4ad4b09
Mandriva Linux Security Advisory 2013-151 - libcurl is vulnerable to a cookie leak vulnerability when doing requests across domains with matching tails. This vulnerability can be used to hijack sessions in targetted attacks since registering domains using a known domain's name as an ending is trivial.
5c69303402e466b01eae0fbd8cd93ede86dc773f79280ad90e909cf75515c6af
FreePBX version 2.9 suffers from a backup module remote command execution vulnerability.
0f737c88245ed86d1ced573e55dc41069885055dbdb06ade39b3d6fddb9f0145
PHPValley Micro Jobs Site Script version 1.01 allows for a logged in user to spoof another user and take over their account.
be3489717f38a732799715a5bf9d318833e3065f792e86619fa9a7f2f1b2c792
Elecard MPEG Player version 5.8 proof of concept local buffer overflow exploit.
7302291bed8b7eb00f297566ec60a621d7adcfae5c0545a7e9a021986f0bdd90
Sites designed by Iron Lava Corp suffer from remote shell upload and remote SQL injection vulnerabilities. Note that this advisory has site-specific information.
75f7541db9cc5c202ba408bd1c4efc347e24216888610a60af000419f373eff4