This Metasploit module uses the VMware Hyperic HQ Groovy script console to execute OS commands using Java. Valid credentials for an application administrator user account are required. This Metasploit module has been tested successfully with Hyperic HQ 4.6.6 on Windows 2003 SP2 and Ubuntu 10.04 systems.
f310cc67584ebfece0fb02e5b0b15c7748e4537dd7eb3d17e3d681399a54630cDebian Linux Security Advisory 2778-1 - Robert Matthews discovered that the Apache FCGID module, a FastCGI implementation for Apache HTTP Server, fails to perform adequate boundary checks on user-supplied input. This may allow a remote attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
a691935e6b3883f0bb5112b1fc262bde929253995e637c6def6907d4358e59f0WordPress version 3.6 suffers from multiple URL redirection restriction bypass vulnerabilities.
b7c554cd3d39594ec433361de09accd00a8298b232665ded7801c40c285494bbWordPress Cart66 plugin version 1.5.1.14 suffers from cross site request forgery and cross site scripting vulnerabilities.
6c2e05be2ddbb6085173b24d083a439347cd96197550e2c65c6ab80ad3b2bf2eHP Security Bulletin HPSBMU02901 - Potential security vulnerabilities have been identified with HP Business Process Monitor running on windows. The vulnerabilities could be remotely exploited resulting in execution of arbitrary code and disclosure of information. Revision 1 of this advisory.
8adfd19d251a2363a89d72b93d7449bb0161b448518c3836380283343e3b5394Debian Linux Security Advisory 2773-1 - Two vulnerabilities were discovered in GnuPG, the GNU privacy guard, a free PGP replacement.
e077ea3264c37bcd24fbc332abf425b7495d109a8d76e55af9da3f607195c663Debian Linux Security Advisory 2774-1 - Two vulnerabilities were discovered in GnuPG 2, the GNU privacy guard, a free PGP replacement.
7bbc4f5dc7ed8480336fce6b2293b35a941d9c5286990097f3237cb526b79318Debian Linux Security Advisory 2777-1 - Multiple security issues in systemd have been discovered by Sebastian to the bypass of Policykit restrictions and privilege escalation or denial of service through an integer overflow in journald and missing input sanitising in the processing of X keyboard extension (XKB) files.
317013ec0e6ce864ca057e95e8db59dc95c1c32f8d7632418eb29c25cb50f773Debian Linux Security Advisory 2776-1 - Multiple vulnerabilities have been been fixed in the Drupal content management framework, resulting in information disclosure, insufficient validation, cross-site scripting and cross-site request forgery.
45a72bfd68d855596936144a4be64a54d8096cdaf8020e5dd7667dc60a77524eDebian Linux Security Advisory 2775-1 - It was discovered that ejabberd, a Jabber/XMPP server, uses SSLv2 and weak ciphers for communication, which are considered insecure. The software offers no runtime configuration options to disable these. This update disables the use of SSLv2 and weak ciphers.
8d8938b3daacec8136336221ef73887aed271a956c519631d2c52c9546e6bba5AdaptCMS version 3.0.1 suffers from a cross site scripting vulnerability.
4f69e17362e1d3e3727d1e8458a9b8c39609e4b39a547dacffe89ebb93f75936Amun CMS version 1.0.1 fails to restrict access to its REST API.
8a1edcbf00c3646d6fc6c484cfea43697c0602acb71980da916cbfcb6ea49926Claroline version 1.11.8 suffers from a cross site scripting vulnerability.
0233b9fa7e314470bc0c177c0e0d3147f4db57e20cd49bb358148232c668f9adThis script provides OpenSSH backdoor functionality with a magic password and logs passwords as well. It leverages the same basic idea behind common OpenSSH patches but this script attempts to make the process version agnostic. Use at your own risk.
48419f325c5d2746d064bab78dd1ed1c5147e0f991366ca00c840c22914cd382Mandriva Linux Security Advisory 2013-249 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, applications linked against LibRaw could be made to crash, resulting in a denial of service.
1fd5322a48fb478e74546de7a3f4ad817dfbde36d3206bd77f23980445536965Mandriva Linux Security Advisory 2013-248 - It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user.
893f93a3e347b7defc96c9a0605787b8950a92d0dd891a476dd395f69124d735
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed