log4j-payload-generator is a plugin for the woodpecker framework to produce log4 jndi injection vulnerability payload. Five types of payloads can be produced with one click.
9319f5c8420c855db8f2e53dd3489078c212cfa37c4333ed77c190d1645962f9GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
4fdb58572fb91fc0afbdfcd7845d4467d4b13ef2f9141bdaa955b959a319f8ccThis Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some softwares such as OpenVPN 2.1.1, or OpenSSH Server 5, etc... all have the same problem.
13ee2928c651d3a5639e180e5f2cafa4d077977aeeeb2da9a34de919ec969a8eThis Metasploit module exploits a SQL injection found in Cyclope Employee Surveillance Solution. Because the login script does not properly handle the user-supplied username parameter, a malicious user can manipulate the SQL query, and allows arbitrary code execution under the context of 'SYSTEM'.
943d1370d3c4c203bec054c6328adda12b9aa04b01b7010bb71dea9ec2bef8a7Red Hat Security Advisory 2012-1165-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.
60f263a40e9847b3704eea8775ecc38544cbf434846d76a7dc6b54f11d8bced7Blogspot suffers from a cross site scripting vulnerability.
3087ca1250acb62189df6b2bd039fb5fa6c93eb981f58ed40720f9da803aa3e3Secunia Security Advisory - Nafsh has discovered two vulnerabilities in Flogr, which can be exploited by malicious people to conduct cross-site scripting attacks.
d4e5153c7b708b38ef3c37f94e104c1ddd204e5179ece0850fa934cbebbe4529Flogr versions 2.5.6 and 2.3 suffer from cross site scripting vulnerabilities.
e563a6e62d273e7156eaf1960998c6211c0640e0fbec4ba1516ffb8425c37086Red Hat Security Advisory 2012-1152-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.
541ebbf92a7b69b98f4d8f15cc4138c7a7f8c74ac83e8b5ebf8bc57eb5032ebcThis exploits an insecure config found in Scrutinizer NetFlow & sFlow Analyzer. By default, the software installs a default password in MySQL, and binds the service to "0.0.0.0". This allows any remote user to login to MySQL, and then gain arbitrary remote code execution under the context of 'SYSTEM'. Examples of default credentials include: 'scrutinizer:admin', and 'scrutremote:admin'.
61e06a2fa99c7125dcd2af5faeafdcb8556b0880070d66206fa0180b420ee612AfterLogic Mailsuite Pro (VMware Appliance) version 6.3 suffers from a stored cross site scripting vulnerability.
70975b139f142c6b5aa2788169c1656874f10ae8fd42b3b7714b3d1791acff41PolarisCMS suffers from a cross site scripting issue when input passed to the function 'WebForm_OnSubmit()' via the URL to blog.aspx is not properly sanitized before being returned to the user.
0aa6444ecc73043ef5429138f03b93cf4e5521b6824da406cad980ccbdaae119The SCTP implementation used by FreeBSD ("reference implementation") is vulnerable to a remote NULL pointer dereference in kernel due to a logic bug. When parsing ASCONF chunks, an attempt is made to find an association by address. if the address found is INADDR_ANY, sctp_findassoc_by_vtag() is called and an attempt is made to find an association by vtag. Before searching for the vtag in a hash table, a pointer is set to NULL, with the intention of redefining it after finding the association. However, if the specified vtag is not found, the function returns and the ptr is never reinitialized, causing a kernel panic when the NULL pointer is later dereferenced by the SCTP_INP_DECR_REF macro when flow returns to sctp_process_control(). This is a proof of concept denial of service exploit.
318b17b766a7c0e5fc891db3c6cd991c6323ae2a559c0d010ec2ec369599711bSecunia Security Advisory - A vulnerability with an unknown impact has been reported in VStar Blog Engine.
530eeef54ad5b207dab3e0bd2e64eff11afbb1443a8a3bcc84dc2d6279af8b3deNdonesia katalog module version 8.5 suffers from a cross site scripting vulnerability.
aa87de6d3861fc8e0e457c276446c4b1de520503f1eaac7f766e6852cb512158This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.64. This issue was fixed in 5.66. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP SP3, and Server 2003 SP1-SP2.
121e5304fc0c68efcbe91a4bd17f067fad4fef74c609ee089fb5929981de2e57Secunia Security Advisory - A weakness has been reported in the Secure Login module for Drupal, which can be exploited by malicious people to conduct spoofing attacks.
6a5dcea1138907bac81b8d38c6dc8b0ace4938837cf2debd399056437fb8f8f0Drupal Secure Login third party module version 7.x suffers from an open redirect vulnerability.
085018766c4aca8f7f4e6b904acaa32fdef096340a8e38b04a51e988c9bae10cRed Hat Security Advisory 2012-1102-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN message. An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN notification message.
8d8905da6f3429379dbb0297932d8d8f8669f30ac3e8f57d9cc8c0e9d64d608fSecunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Outside In Technology, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
a41a73f908a26cacde34d6b0d53dab44b629754ff4ea35850c531949e1a44159Metasploit plugin 'pcap_log' is vulnerable to an arbitrary file overwrite bug which can further be leveraged to insert user-controlled data resulting in potential escalation of privileges. Metasploit module included.
a3608689ff5f6a56679189ea8149e0e805de1c706fb7d3fedff592abe11d622bCura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
1701fc58dc21a0ecb6c45f4836abb5e380f5e8214af1f3d389ec0e35ee46a019Secunia Security Advisory - IBM has acknowledged a weakness and a vulnerability in IBM WebSphere ILOG JRules and IBM WebSphere Operational Decision Management, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
1349af9b3db91e5412a39adcc9c736bebb7d2ae51269305b29e1312a61708e76Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
79fd0da76674b5e455a947a43496357a83abbd086c7bf141c80764ec54afd32cThis Metasploit module exploits an arbitrary PHP File Upload and Code Execution flaw in some WordPress blog software plugins. The vulnerability allows for arbitrary file upload and remote code execution POST Data to Vulnerable Script/File in the plugin.
b0f467c2f9513aea9fd89d25f94d00be23be09c42cfc54f3bbc14d023bf918cfRed Hat Security Advisory 2012-1072-01 - JBoss Cache is the clustering backbone for data distribution in JBoss Enterprise Web Platform. It provides the backing implementation for web session replication, stateful session bean replication and entity caching. It was found that NonManagedConnectionFactory would log the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform's "jboss-as-web/server/production/lib/jbosscache-core.jar" file.
93bea0be82c69ad3873bede014261e6a38de6d2554a91c52656507e218e00584
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed