This Metasploit module exploits a file upload vulnerability in SysAid Help Desk. The vulnerability exists in the ChangePhoto.jsp in the administrator portal, which does not handle correctly directory traversal sequences and does not enforce file extension restrictions. You need to have an administrator account, but there is a Metasploit auxiliary module that can create one for you. This Metasploit module has been tested in SysAid v14.4 in both Linux and Windows.
0c208d2f198e77dc853b8bf460e5001c9fc1655e2c941edb66fcee493d8b936a
This Metasploit module exploits a file upload vulnerability in SysAid Help Desk v14.3 and v14.4. The vulnerability exists in the RdsLogsEntry servlet which accepts unauthenticated file uploads and handles zip file contents in a insecure way. Combining both weaknesses a remote attacker can accomplish remote code execution. Note that this will only work if the target is running Java 6 or 7 up to 7u25, as Java 7u40 and above introduce a protection against null byte injection in file names. This Metasploit module has been tested successfully on version v14.3.12 b22 and v14.4.32 b25 in Linux. In theory this module also works on Windows, but SysAid seems to bundle Java 7u40 and above with the Windows package which prevents the vulnerability from being exploited.
f551636c73e5b60b9c38cb4bdd3c80dbbb6ea337669f453ce8ca689cbfedd936
Novell GroupWise 2014 suffers from a cross site scripting vulnerability.
4c4c6296fd8b81448615d8372109d7607ccf6820ff46fc08d334d2f7a8f513c2
UDID+ version 2.5 suffers from a command injection vulnerability.
761145c7197c1353abee758af1de37e76bf21669162d014b72a9a6a9cc8cb015
Red Hat Security Advisory 2015-1243-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
240a4d208c67ed5977cc94f864f3c548d2a692bbfe7028670ced5044f28a1c0d
Red Hat Security Advisory 2015-1242-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
b01b07a56be2d7a975fa73912a2e17caca8944404e1dc032d7ba2d6b307d9c3b
Red Hat Security Advisory 2015-1241-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
a00adc19b4661f42eff481841ccbe46849730c47219498516b92867b140ed3c7
Oracle E-Business Suite is prone to a remote URL-redirection vulnerability. This vulnerability may allow a malicious user to perform a phishing attack by sending a crafted URL of Oracle E-Business Suite Form Servlet page to another user. When an unsuspecting victim follows the URI, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Versions affected include 11.5.10.2, 12.0.6, and 12.1.3.
fefe0444086e77de0d60a0771da86be452e0256a0e1d089607066df4b7065e65
FoxyCart suffers from filter bypass and input validation vulnerabilities.
718fd95d80edef23b0352b7f8154fc54cb785b8980a88329772638cb021700da
AirDroid ID suffers from suffers from a script insertion vulnerability.
826719c31357000a9eed1c066020ee4e4342aa7e36f9d47701bd3128c7d4b9db
NetBIOS NBSTAT name query reflection denial of service proof of concept exploit.
64eedc77e04daae82e3317cca2ba26267d63f8097003b3f9fcc142d9311aa277
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
f834fdcfa0d09342ea97df60afc197af2e8feb70573aae15858528c417dc5456
This Metasploit module exploits an anonymous remote upload and code execution vulnerability on different D-Link devices. The vulnerability is a command injection in the cookie handling process of the lighttpd web server when handling specially crafted cookie values. This Metasploit module has been successfully tested on D-Link DSP-W110A1_FW105B01 in emulated environment.
0775e7d0aff2f6e2825635c995a83bb54708fc9752c08058d2dc8f04aed2e87c
The gReport Controls Sort Widget in Oracle Application Express is prone to permanent cross site scripting. The setting "display as" of the column attributes is ignored for the filter list. Versions prior to 4.2.3.00.08 are affected.
c9ce7cae929b2bfcfbbd561c21486f566a196d3064d30611bb77669161526837
Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack that allows an attacker to retrieve files that are readable by the Elasticsearch JVM process.
b31e33f0be2db96a5fdb079e65aaf1b8bd17143da9e03e617b58e897d6aa2937
Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on its transport protocol that enables remote code execution.
c7d03a23059a26c14cfa85c4a73e1ef9e80899f3676ade54bb247e68d5444f6b
Three proof of concept exploits demonstrating double-free issues with glibc, tcmalloc, and jemalloc.
e7f0fbeb3a092dc3418be3ce25fae479f87f00d498e749ac4c04652d49e094e2
EMC Documentum CenterStage is affected by a stored cross-site scripting vulnerability that could potentially be exploited by an attacker by injecting malicious HTML or script. This may lead to execution of injected HTML or script in the context of the authenticated user.
6735391574947f75e6be781bb6730919f081530e732a8c5060ab42e4c0a9926f
EMC Documentum WebTop and WebTop based client products contain an open redirected vulnerability. Attackers could potentially exploit this vulnerability by supplying crafted URLs to users of the affected application and causing a browser redirect to arbitrary and potentially malicious websites.
2522c718c302be4a8ccf0d96166ebbc62243ca64ca2cd415fa3fec260890c15d
Impero Education Pro suffers from a remote SYSTEM command execution vulnerability.
52a912335707a2c2f5ffd89fb25efa0c054326c82bae73267bb04bd65910dcf7