This Metasploit module allows execution of operating system commands through the SAP ConfigServlet without any authentication.
bd22164e93c481f2adee97758ca447db0d47658f7a4544609432a32799d8b8d3
Cisco ASA versions 8.4(2), 8.4(5), and 9.1(1) suffer from a group name enumeration vulnerability in their IKE implementation.
7a3a1b289b63638a076af1a5703754d8bf858f40ec5baec07c9f385998b4caad
Ubuntu Security Notice 1804-1 - Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. It was discovered that IcedTea-Web did not properly verify JAR files and was susceptible to the GIFAR attack. If a user were tricked into opening a malicious website, a remote attacker could potentially exploit this to execute code under certain circumstances. Various other issues were also addressed.
94c8dfb69cab90f5b36b1712850ba1638f4dec59b36eedbe93064a48b933ad10
Red Hat Security Advisory 2013-0758-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
d2698820e52d08b651a6e30af5fc62e23be5567381406f5cc97b4365e26f9490
Red Hat Security Advisory 2013-0757-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
47290146682a8b45735896f0b78050379327bfe0efde7613362febef95f674bc
Debian Linux Security Advisory 2662-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.
c154b1d7b7e208460374fd11a98c3333c72d0fcea6d6be680aefae238a806dfd
Fork CMS suffers from a local file inclusion vulnerability.
dc9c3676bed4b6dd47b65dcd79362c247ada9470a4af9cb6c2e29524e8645942
Fork CMS suffers from a cross site request forgery vulnerability.
b1f5869ab5f633d45b74847ab258441ea7cf30e564f771344d4b1c00f8ba8c27
Fork CMS suffers from a stored cross site scripting vulnerability.
8c5fae34f52db9b2663429d8f941353d9efee87ca897544f51278843d7e9d2b8
SWFUpload suffers from cross site scripting, cross site request forgery, and object injection vulnerabilities.
88f9aac6098d0e3258845fe60905a4307536ba1d86078b4b59c2122b60d3ea28
VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by a heap overflow error within the JavaFX component when decoding certain video frames, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.
a2eb4b5d305a7ac6991835ccb5811297e7d48909f1c506568314ba2a5970316c
Matrix42 Service Store version 5.3 SP3 suffers from a cross site scripting vulnerability.
d431e07e2090b3ecb928537ec9c68ab0d5ece0d754b16cb65ebe58d7828b3216
Technical Cyber Security Alert 2013-107A - Oracle has released a Critical Patch Update (CPU) for Java SE. Oracle strongly recommends that customers apply CPU fixes as soon as possible.
2bc33c1159b0fcbf4383d5702e542342e6335e5d00c4f2e7df5b6d43cc1a63a6
Intercepter is a sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
a7eeb7f0852c3f890b1cf069da1c6007331be8b19ddd6ca7025e8cfe208f0861
Freefloat FTP Server is prone to an overflow condition. It fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted 'USER' command, a remote attacker can potentially have an unspecified impact.
9b812ca885b40a06ed5af29596e9d126320a1646dbcbe6be64b5c81887642462
Cisco Security Advisory - Cisco Network Admission Control (NAC) Manager contains a vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code and take full control of the vulnerable system. A successful attack could allow an unauthenticated attacker to access, create or modify any information in the NAC Manager database. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability.
0b2fd9431ac6f3023d470247efac603d079d9cd4168dd50bc6a519460459b72f
This toolkit houses various IPv6 tools that have been tested to compile and run on Debian GNU/Linux 6.0, FreeBSD 9.0, NetBSD 5.1, OpenBSD 5.0, Mac OS 10.8.0, and Ubuntu 11.10.
75ff27cd30407cd57f35a7646b82e6fede9cfc7e1fac089b3da43e547424af48
Ubuntu Security Notice 1803-1 - It was discovered that the X.Org X server did not properly clear input events in certain circumstances. A local attacker with physical access could use this flaw to capture keystrokes.
0a8fc43b37e93e1260e0124d3f96f99613c73e4adbc0f22dda8909721d36cfa6
Debian Linux Security Advisory 2661-1 - David Airlie and Peter Hutterer of Red Hat discovered that xorg-server, the Xorg X server was vulnerable to an information disclosure flaw related to input handling and devices hotplug.
ddec4e210a037caeffbc9a414e249bc38399f5e30f17b1044f4ffdad14f56b69
Red Hat Security Advisory 2013-0753-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser.
c1ce692c1521d0837522bfb3b37e40034340611dd97379e2d399b43394575abe
Red Hat Security Advisory 2013-0752-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
41d947531ed3d252e75fac4e4c2beb0c11832cfe342063df05ef1bf45c210ec0
Red Hat Security Advisory 2013-0751-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
3dd79f78440b623f915a9d88a18803f2cbd13f584293a3ef010118bc0dbab5b8
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
35a8d392b930b7db1ec9ff0c55bc89d2cfb08d13b8cb7937012dab776c36c89d
Cisco Security Advisory - Cisco TelePresence multipoint control unit (MCU) and Cisco TelePresence Server contain a vulnerability that could allow an unauthenticated, remote attacker to trigger the reload of an affected system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
119f45014590ba7857394b2b18f4cc8f0f389955b9862b725e9ebc23bf070330
Oracle WebCenter Sites Satellite Server versions 7.6.0 Patch1, 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 suffer from HTTP header injection and cache poisoning vulnerabilities.
b211d5ba79c2e4506fc8c437bbb356031d7bc5df5b5dceb6705801d00369973b