This Metasploit module uses a valid administrator username and password to execute a powershell payload using a similar technique to the "psexec" utility provided by SysInternals. The payload is encoded in base64 and executed from the commandline using the -encodedcommand flag. Using this method, the payload is never written to disk, and given that each payload is unique, is less prone to signature based detection. Since executing shellcode in .NET requires the use of system resources from unmanaged memory space, the .NET (PSH) architecture must match that of the payload. Lastly, a persist option is provided to execute the payload in a while loop in order to maintain a form of persistence. In the event of a sandbox observing PSH execution, a delay and other obfuscation may be added to avoid detection. In order to avoid interactive process notifications for the current user, the psh payload has been reduced in size and wrapped in a powershell invocation which hides the process entirely.
b0c0d56f17bcccf9a854df5ee2b60da13d6ac2e471086b300b676e73683ee4ec
Red Hat Security Advisory 2013-1049-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
e75380b7282aaa382921ecf112fdb316da3dd5c1a98030990320b73778be9439
Red Hat Security Advisory 2013-1050-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
ae1ae5890faa897c0e388c7e472e6bdef7bff09f6930a9b2d0da6eb924a76977
Corda suffers from cross site scripting and path disclosure vulnerabilities.
bffa23638e52400483ca2946ce826605a44afcbd0bab0762a1df07612c2664cc
The WordPress I Love It theme suffers from cross site scripting, content spoofing, and path disclosure vulnerabilities.
781da1e7aeb3a72439cf3b06e380d6b86f400e90a518a7210062bb2d8bee4e9b