This Metasploit module gains remote code execution on Firefox 35-36 by abusing a privilege escalation bug in resource:// URIs. PDF.js is used to exploit the bug. This exploit requires the user to click anywhere on the page to trigger the vulnerability.
c7380b4bd424349eceddb0191b851de4ff91a0a5afb8b3430ceffce5b834c992
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
5d449b6f6c55b74d06b56b7435bc79236d2b0002e905211fd0c11d6d20b34d8c
This bulletin summary lists one bulletin that has undergone a major revision increment for August, 2015.
dfd23be0dbefb8bb95dc5db6d5e39fb6fdd92d9ec2d58405d0f63d5abafff45f
Logstash 1.5.3 and prior versions are vulnerable to a SSL/TLS security issue which allows an attacker to successfully implement a man in the middle attack. This vulnerability is not present in the initial installation of Logstash. This insecurity is exposed when users configure Lumberjack output to connect two Logstash instances. In such deployments, a Logstash instance is used to collect logs from a webserver and securely transmit them to a central Logstash instance to perform additional filtering and storing.
8d94729ca78c886be74f1b17d603715f06729caa799a8b733cda4e486099eb9a
Apple Security Advisory 2015-08-20-1 - QuickTime 7.7.8 is now available and addresses arbitrary code execution and memory corruption issues.
31a4deb805a319fca7f77360e22ab19856e37387604603add15c19efbeaf3e5c
WordPress Googmonify plugin version 0.8.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
06c403fcedb1a7fd5d3e040288ea006db2072b20c5136ce9aea6ead2c5f43109
VLC versions 2.2.1 and below suffer from an arbitrary pointer dereference vulnerability.
5729beee45859fa6c90c4ec59513f7ad8f788728b656de7ca5a61d5fed77f09c
Ubiquiti Networks Community online service web application allows for malicious script code to be inserted in the filename.
002d12b4f423b45de91babce8e586c124de4cd418c0f8a59c5ba722de1cf4597
Input passed to the 'file_name' parameter in 'get2post.php' script is not properly sanitised before being used to get the contents of a resource and delete files. This can be exploited to read and delete arbitrary data from local resources with the permissions of the web server using a proxy tool.
b34289732116b4bcb2f1cc6baf7009b19a2cf9b4141f05c2872a8413c0e3056e
up.time suffers from a privilege escalation issue. A normal user can elevate his/her privileges by sending a POST request setting the parameter 'userroleid' to 1. Cross site request forgery can be used to exploit this attack.
7d8991bd1c8571696c4d5bc0528881855899add84755aee81553925cb1fb5cd5
up.time suffers from arbitrary command execution. Attackers can exploit this issue using the monitor service feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF, privilege escalation, arbitrary text file creation, and renaming that file to php you can execute system commands with SYSTEM privileges.
949580b449c0517f641c161c6b8c3484aee9aca17ee184db120e309739d67e3f
up.time version 7.5.0 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Multiple cross site scripting vulnerabilities were also discovered. The issue is triggered when input passed via the multiple parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
90f994cc5cd98108a1348a7bdc9bb5646926787ce5ab51d82604ccd07d720675
When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations allows expanding of entities to local resources. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected.
69d5afa3639558f66a8f98807a33cbb05547e69350539f5291a75ad6c03267b4
SiteFactory CMS version 5.5.9 suffers from a directory traversal vulnerability.
e4ab1c3da31d5df71707d83aff72277e904feb00d2b2303509770774c51338d3
EMC Documentum D2 contains fail open vulnerability that could be exploited by malicious users to compromise D2. Versions 4.2 and below are affected.
899364e37cd67e01c0b2c948e748dbe613d041f7c0075d1ef3d101ee28ab4074
Microsoft HTA (HTML Application) suffers from a remote code execution vulnerability.
bbdb1ff7a0240544683ac43328710d675b6ca6730cc5f656f38cbceae8da9dd3
Vifi Radio version 1 suffers from a cross site request forgery vulnerability. Exploit to add administrator included.
11d68726482c4931dd8bc7f9412e5b40a7a7002254633c42a4116b2ca2be56fb
Vifi Radio version 1 suffers from a cross site request forgery vulnerability. Exploit to upload a shell included.
6e4d34f2dea11cbb4c459268cca16e9324f4452dfcc3d0ee46d37ee3d7f0c2d1
PDF Shaper version 3.5 suffers from a buffer overflow vulnerability.
1a862bd6f348439cf319bf9e523b76685ab407b894d14f0f8869b6561ddf0418
WebSolutions India Design CMS suffers from a remote SQL injection vulnerability.
c061545b9e430bd03eedcdc7c87c3bb0051c3de84e39af7ff0c47318939c2ae9
Multiple ChiefPDF software such as PDF to Image Converter and PDF to Tiff Converter suffer from a buffer overflow vulnerability.
ffed99b419802af6605e6b28fb1865cc96f61850767f2496d2612b3364bc82e0
Ubiquiti Networks suffers from a cross site scripting vulnerability.
a50cae4abbdd6321e36ece3542888a733c6cff6b46e247e0ef2451a3ed1e3697
This paper discusses an overflow in the DOUBLE data type in MySQL.
994da41348fedec81430a33635725f5ef5bf21eaded32a286053dfd2938cf982
HPE Security Bulletin HPSBUX03410 SSRT102175 1 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
285ee505b9669d1854cd08aeb5674d644bd0b538eff60181220efd7a9afa9157
HPE Security Bulletin HPSBUX03369 SSRT102037 1 - A potential security vulnerability have been identified with HP-UX programs using the execve(2) system call. The vulnerability could be exploited locally to create an elevation of privilege. Revision 1 of this advisory.
555885bcc1ea1c4a4d6346039a6eac29109d2b40f6dbde463fffaafc40a61744