Purchase Order Management version 1.0 suffers a remote shell upload vulnerability. Flow details to achieve this are shown in the video link provided.
ebd87a2284147cd2df2e918dac7d56fd2fe8ef6e6817d1b763329b3720bb9d2aSecunia Security Advisory - A vulnerability has been reported in IBM Hardware Management Console (HMC) and IBM Systems Director Management Console (SDMC), which can be exploited by malicious, local users to gain escalated privileges.
ad291daf2f590e8e133fc0ae3133eb5a7bee2aea4dfa2c0a92ce907b62295500Ubuntu Security Notice 1539-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.
5f1ac3455cca303b5f6aca689847449cc9dd5b0bb1082518a0a561ff16855b85Red Hat Security Advisory 2012-1169-01 - Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. Condor installations that rely solely upon host-based authentication were vulnerable to an attacker who controls an IP, its reverse-DNS entry and has knowledge of a target site's security configuration. With this control and knowledge, the attacker could bypass the target site's host-based authentication and be authorized to perform privileged actions. Condor deployments using host-based authentication that contain no hostnames or use authentication stronger than host-based are not vulnerable.
7d5b013b987ff091dd7a23fc5f576eb318a9b088700f78e918b6ba97b41e66c5Red Hat Security Advisory 2012-1168-01 - Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. Condor installations that rely solely upon host-based authentication were vulnerable to an attacker who controls an IP, its reverse-DNS entry and has knowledge of a target site's security configuration. With this control and knowledge, the attacker could bypass the target site's host-based authentication and be authorized to perform privileged actions. Condor deployments using host-based authentication that contain no hostnames or use authentication stronger than host-based are not vulnerable.
d2ced5174e3b3e5aa23d5bb70fe45a1a71a1a33cadc9611bc0fa7bc2e78e8c66This Metasploit module exploits a path traversal flaw in Novell ZENworks Asset Management 7.5. By exploiting the CatchFileServlet, an attacker can upload a malicious file outside of the MalibuUploadDirectory and then make a secondary request that allows for arbitrary code execution.
0b8fb5d16df4fc969d43e3061660de06ffdf0cfc0581883a9f80e8a04b40a600Red Hat Security Advisory 2012-1165-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.
60f263a40e9847b3704eea8775ecc38544cbf434846d76a7dc6b54f11d8bced7Ubuntu Security Notice 1533-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.
5082c7fb8f2daf682cfc7378525c60b86fbdff934daf85b48b38b2fb8e3e9935Ubuntu Security Notice 1532-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.
d3bc5635bb481cc6a0e193e3e7c9e9b74aef3286e675b23aa6d47538518c4356School Management System version 1.0 suffers from credential and backup disclosure vulnerabilities.
dcd6e7efec0c1c07843a6cda9e11b3a70482acc597fbec31ecdb5d6efaede187Secunia Security Advisory - A vulnerability has been reported in Hitachi JP1/Integrated Management, which can be exploited by malicious people to conduct cross-site scripting attacks.
e1e4fd2b43a7f2ebe7f350917caab52ef7de2545adaef3ac7e021acc73dcf864Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a FlashTunnelService remote file deletion vulnerability.
311f91db815c5072aac47198136e9ee10f620d76d370e8cac2b356c864e2ee5eOracle Business Transaction Management Server version 12.1.0.2.7 suffers from a remote code execution vulnerability in the FlashTunnelService WriteToFile message. Proof of concept included.
acb8d1760f5f38380a8cfd44a94ad8e001b2abf766fc39b9cc5f2f92f8d61758Secunia Security Advisory - Multiple vulnerabilities have been discovered in the WP Lead Management plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.
621e4d11e8f52beb3c8001b1ec8daf4dad03ba1d03e991be2502975091df60c9This Metasploit module exploits a vulnerability found in SharePoint Server 2007 SP2. The software contains a directory traversal, that allows a remote attacker to write arbitrary files to the filesystem, sending a specially crafted SOAP ConvertFile request to the Office Document Conversions Launcher Service, which results in code execution under the context of 'SYSTEM'. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of SharePoint on Windows 2003 Servers. It has been successfully tested on Office SharePoint Server 2007 SP2 over Windows 2003 SP2.
7ad8e7d26bc7d8213c68e74fdb77fb2a0f223d16965a4e6425e8d2f9797435cdThis Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x4c (PROXY_CMD_PREBOOT_TASK_INFO2) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 / SP3 and Windows Server 2003 SP2 (DEP bypass).
eb8d23c0d1251c7dcb0480044c6de8f7f8d9c2d7e8de5b4a78afffe09b659c78This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x6c (PROXY_CMD_GET_NEXT_STEP) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 / SP3 and Windows Server 2003 SP2 (DEP bypass).
7d25707a364b6e8cc80a0819d82a572cf3f8dd0815e6c1b374eaa52379c9f479Secunia Security Advisory - Three vulnerabilities have been reported Oracle Transportation Management, which can be exploited by malicious, local users to gain knowledge of sensitive information, malicious users to gain knowledge of sensitive information, and malicious people to manipulate certain data.
f48eb11ff44ba98cac0416ff2c3856f9ea90b7295fd426ee08f34832ca1115e2Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle PeopleSoft Enterprise Human Resource Management System (HRMS), which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.
ab608f7d66c5d5b9d7bec4dec013873d5115b23e78489b9ff5d33b1bbaa74a49This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management 10 SP2. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x06 (PROXY_CMD_CLEAR_WS) to the 998/TCP port. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and Windows Server 2003 SP2 (DEP bypass).
d8e51661349a2d58c55ebba98e0aab7bf40252bcd11e9570670dbb09e98a4244This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management 10 SP2. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x21 (PROXY_CMD_FTP_FILE) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and Windows Server 2003 SP2 (DEP bypass).
10965ccc1d7f3bdfb1cdc1edf6199b5eb01250bbec68ab0ee4cf54ba20262a61Secunia Security Advisory - IBM has acknowledged a weakness and a vulnerability in IBM WebSphere ILOG JRules and IBM WebSphere Operational Decision Management, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
1349af9b3db91e5412a39adcc9c736bebb7d2ae51269305b29e1312a61708e76Debian Linux Security Advisory 2511-1 - Several security vulnerabilities have been found in Puppet, a centralized configuration management.
e25085e2d398a35b784003943d6504c9cd06efb0e6a0fb325d9e06e7bbd9a937This Metasploit module exploits a vulnerability in AdminStudio LaunchHelp.dll ActiveX control. The LaunchProcess function found in LaunchHelp.HelpLauncher.1 allows remote attackers to run arbitrary commands on the victim machine. This Metasploit module has been successfully tested with the ActiveX installed with AdminStudio 9.5, which also comes with Novell ZENworks Configuration Management 10 SP2, on IE 6 and IE 8 over Windows XP SP 3.
56cf9879c132897ee3261274e09284b0d6081bb9dd195db9cee39698cd90dbbaRed Hat Security Advisory 2012-1060-01 - Cobbler is a network install server. Cobbler supports PXE, virtualized installs, and re-installing existing Linux machines. A command injection flaw was found in Cobbler's power management XML-RPC method. A remote, authenticated user who is permitted to perform Cobbler configuration changes via the Cobbler XML-RPC API, could use this flaw to execute arbitrary code with root privileges on the Red Hat Network Satellite server. Note: Red Hat Network Satellite uses a special user account to configure Cobbler. By default, only this account is permitted to perform Cobbler configuration changes, and the credentials for the account are only accessible to the Satellite host's administrator. As such, this issue only affected environments where the administrator allowed other users to make Cobbler configuration changes.
a117798edbaaae98d35e372b2a965c0e26a3e98bfd81b95555118ca270a44f0bDebian Linux Security Advisory 2503-1 - It was discovered that malicious clients can trick the server component of the Bcfg2 configuration management system to execute commands with root privileges.
19d7f0f9846f89668422d5fdf7058fd6f90271b7c49727c1bdde4a5772ba56a5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed