This Metasploit module exploits multiple vulnerabilities in Visual Mining NetCharts. First, a lack of input validation in the administration console permits arbitrary jsp code upload to locations accessible later through the web service. Authentication is typically required, however a 'hidden' user is available by default (and non editable). This user, named 'Scheduler', can only login to the console after any modification in the user database (a user is added, admin password is changed etc). If the 'Scheduler' user isn't available valid credentials must be supplied. The default Admin password is Admin.
8a3b765845b48b56bd638e90b38b71b9b937f492e8f972a8b7552ad9f1f4c4ecPayPal MultiOrder Shipping suffered from a persistent cross site scripting vulnerability.
5a555cb13c0843865e07033eaedb436a8099f4e34444c8759e1631d75586f410BookFresh suffers from a persistent cross site scripting vulnerability.
91e749731d9d6e88e3a23f12ded9479d506b87d60cf3ea412ed286b913acf976OX App Suite versions 7.6.0 and below suffer from a remote SQL injection vulnerability.
e90b305cda305ae3ab8aaa3cf59b529eb43f81db98e02e577ac0b8865f49f4a4SeasonApps iTransfer version 1.1 suffers from a persistent script insertion vulnerability.
6de3ff0e2130dc46614a1f6f6ef6b0c725033d8a51f2fcc96c206afc0f31338aCA Technologies Support is alerting customers to four resolved vulnerabilities with CA Cloud Service Management. Four vulnerabilities existed that could potentially allow a remote attacker to access user sessions, gain sensitive information, or cause a denial of service condition. CA Technologies fixed these vulnerabilities in all production environments as part of the Cloud Service Management Summer 2014 Upgrade.
6465c1444ccccd81a603a3afa6eb48fd40271ac3b5769ccef772beba4287b337ZTE ZXDSL 831 suffers from multiple cross site scripting vulnerabilities.
fea9ea0557fdb4cf4949d6b661ca6949f9f891e48e62dfa0a42fcc32b6ace91eZTE 831CII suffers from cross site request forgery, hardcoded administrative credential, and cross site scripting vulnerabilities.
71cb47b2c17ef7f0dfffab54cfb391823034e3c990567867983eacd51e01d6caZTE ZXDSL 831CII suffers from an insecure direct object reference vulnerability that allows for authentication bypass.
1f03cc0b111dd69b400b5bc45c9417e5af28680d6acb649fecfb52fffe14bd19Debian Linux Security Advisory 3067-1 - Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
bae8184d28773efc0a9ada0165192aed9ed93505d36ada9b6e91c8e8e62d0d99Debian Linux Security Advisory 3068-1 - It was discovered that Konversation, an IRC client for KDE, could by crashed when receiving malformed messages using FiSH encryption.
77c8aad5769ad1c0e6cb3fcce95d3006aa1daa05d1cc23b4acfa72eff2075c29Debian Linux Security Advisory 3066-1 - Several vulnerabilities were discovered in qemu, a fast processor emulator.
cc7e4bf973603b22929a3001501a664de8cea19fff8e2e523e37a0b84ec81030Hesperbot Scanner is a windows binary that is able to detect the Hesperbot banking trojan by fingerprinting memory and looking for things that traditional antivirus software fails to catch early during the malware campaigns.
6d299a549ca5dfd7255b3510e21d39e614b9f59e815d2497bf301a3162f3c0e6MINIX version 3.3.0 suffers from multiple local denial of service vulnerabilities.
40086fc74c8599d4596dfbb864da460b250c6d49623833b63a455feef026b081Digital Whisper Electronic Magazine issue 55. Written in Hebrew.
d96939b872736d2145fdd67588089e648316f8ce307b3b2370b43769c8bd9dfbDigital Whisper Electronic Magazine issue 54. Written in Hebrew.
a63a4d1f636877790985da449b5314681c51bc611baa9188d40627a53760d425Digital Whisper Electronic Magazine issue 53. Written in Hebrew.
797f3fbd84093184846efcaa39778f793c612163f0d32bc69255de1c18fd579bXCloner plugin version 3.1.1 for WordPress and 3.5.1 for Joomla! suffers from arbitrary command execution, MySQL password disclosure, database backups exposed, unauthenticated remote access, and various other vulnerabilities.
e7e9c754e4fa53a92070a86a3d88269734cc1335edab813113e839335bc770afJExperts Tecnologia / Channel software version 5.0.33_CCB allows for authorization bypass / privilege escalation via tampering with parameters in the GET request.
7aff36e4cf741bb7db715ed818be9b22aed7fa287558b072d0b73a42928a7fc7JExperts Tecnologia / Channel software version 5.0.33_CCB suffers from a cross site scripting vulnerability.
45de1500267e2c3e2ec64b5ed5fd34967f1303d4012b683380d0bd45838b6353PicsArt Photo Studio for Android fails to properly validate SSL certificates from the server.
1bf0140231dd801b791db063a9b62942dddc247abd91aa4eb0d822492a0ab76eRed Hat Security Advisory 2014-1821-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. A list of these changes is available from the JBoss Enterprise Application Platform 6.3.2 Downloads page on the Customer Portal.
f2609e89f58dfa7bbcdc107660ad255b12dca128ff5fc1564498d7cdd236a511Red Hat Security Advisory 2014-1825-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash or execute arbitrary code with the privileges of the user running that PHP application. All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
af4d6677626c40cb17a5ade0ef2b7c4ef73254b2c9ac2b56e06ae9da44f8d41fRed Hat Security Advisory 2014-1824-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash.
afb923d69c257b65afa46f53daa961594d16f5573cecfb0010d771070312d295Red Hat Security Advisory 2014-1822-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. A list of these changes is available from the JBoss Enterprise Application Platform 6.3.2 Downloads page on the Customer Portal.
8ca822e87268f9242ff2279c20b05b30ff7f3407f35ee3cd1316a671c01ac234
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed