Rejetto HttpFileServer (HFS) is vulnerable to remote command execution attack due to a poor regex in the file ParserLib.pas. This Metasploit module exploit the HFS scripting commands by using '%00' to bypass the filtering. This Metasploit module has been tested successfully on HFS 2.3b over Windows XP SP3, Windows 7 SP1 and Windows 8.
d93a3f4493d008291488a8f9c338e5bc4d1561a09f2e7cbaa2c9a044cfd8f541HP Security Bulletin HPSBGN03108 - A potential security vulnerability has been identified with HP Records Manager. The vulnerability could be remotely exploited to allow cross-site scripting (XSS). Revision 1 of this advisory.
5f7b3fd96babddc071009dc1ee86f45d654629b9f182cdf7714238bfeaa82cc7HP Security Bulletin HPSBMU03118 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), remote privilege elevation, and Clickjacking. Revision 2 of this advisory.
8b31e763c8c95d1cbe30ef46e7537fbe2383441b741007e7f340be42601ea446Ubuntu Security Notice 2371-1 - It was discovered that Exuberant Ctags incorrectly handled certain minified js files. An attacker could use this issue to possibly cause Exuberant Ctags to consume resources, resulting in a denial of service.
e1310a573652721d1b1014aa64ccae06f997cbb67086d8bcedd74cf279eced7eUbuntu Security Notice 2370-1 - Guillem Jover discovered that APT incorrectly created a temporary file when handling the changelog command. A local attacker could use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the kernel link restrictions.
f68baf3af6020849786748719a5425dd99fe459dd9f7340d1ac69932e7170a3eThis Metasploit module exploits an authenticated remote command execution vulnerability in the F5 BIGIP iControl API (and likely other F5 devices).
776e3aeff0083df2861f8e072af91181406b096d9fca90ce04c40954c904255dOnapsis Security Advisory - The RFC function 'RSDU_CCMS_GET_PROFILE_PARAM' in SAP NetWeaver Business Warehouse does not perform any authorization check prior to retrieving the profile parameter value.
3c233c38c81809ef00b14c725f0450fa3f1b614cdc114e9d7e1072e437a12d1cFUSE-based exploit that leverages a flaw in fs/namespace.c where it does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges. Linux kernels through 3.16.1 are affected.
ceef8a818b79311e115302eccab949f8c476aa0ed6a6fea5f7d2e42f47c9b9b1Onapsis Security Advisory - HANA Developer Edition contains a command injection vulnerability. Specifically, the page /sap/hana/ide/core/base/server/net.xsjs contains an eval call that is vulnerable to code injection. This allows an attacker to run arbitrary XSJS code in the context of the user logged in.
ad3e31557ce091efdac803b0fc631729b8952bdd6890a585f33c38a640073cb9OpenSSH versions 6.6 and below SFTP misconfiguration proof of concept remote code execution exploit for 64bit Linux.
94272d8ced9dbe8075c4b22942d9d32d7a89ad393250389e055c4460ca6053ebOnapsis Security Advisory - BusinessObjects BI "Send to Inbox" functionality can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.
fc6e3481d6a10b46f5b352e541dfd8aec324cca7559e359688ccf436f187c5b0Onapsis Security Advisory - Business Objects CORBA listeners include the ability to run unauthenticated InfoStore queries via CORBA. Although some authorization is enforced, it is possible to obtain a considerable amount of information by making requests to the InfoStore via CORBA.
1233021ed4ff9727768afcdb541cde12e5ea7d8e35d63148a89dec3c926c99a7Onapsis Security Advisory - The SAP HANA Developer Edition contains multiple reflected cross site scripting vulnerabilities (XSS) in the democontent area.
d98ec0c662aa2e76ea7c61dcd491019b639f2b4fe8e0fc31991ae7f856d4d36aBMC Track-it! suffers from code execution, arbitrary file download, and remote SQL injection vulnerabilities.
424ad45a542a874674f55fda959776d2554f26182771fb01a177badef46cb578Onapsis Security Advisory - The CMS CORBA listener includes functions in the OSCAFactory::Session ORB that allows any user to remotely turn off that Business Objects server without authentication.
015c719c07e543bf80326a0b0b90e68c039c96019a5f995a8b35d3ad683fea66Onapsis Security Advisory - A malicious user can discover information relating to valid users using a vulnerable Business Objects Enterprise instance. This information could be used to allow the malicious user to specialize their attacks against the system.
337ba40a7bd0ab6b8eb40dc9d8ae9c8aaf58f85ede87867ef98e421c0f7f094fDrayTek VigorACS SI versions 1.3.0 and below suffer from local file inclusion, remote file upload, file write, and default login vulnerabilities.
7226dc0010971b3a84ebc020d354b8d1bc0b10c4f66fb47f69132a9302bf5acd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed