This Metasploit module exploits vulnerabilities found in Astium astium-confweb-2.1-25399 RPM and lower. A SQL Injection vulnerability is used to achieve authentication bypass and gain admin access. From an admin session arbitrary PHP code upload is possible. It is used to add the final PHP payload to "/usr/local/astium/web/php/config.php" and execute the "sudo /sbin/service astcfgd reload" command to reload the configuration and achieve remote root code execution.
16cd8b04690fc28db1b8c5c9afdb81554208e84689604fe813314bc4a6e8d476Red Hat Security Advisory 2013-1292-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service.
bb34fbaf34b1e2d0617595612c429058d891776d85b070142cca272b51e1610aEMC VPLEX contains a vulnerability that stores the LDAP/AD bind password in plain text in the VPLEX management server configuration file. This can potentially be exploited by a malicious user who has access to the configuration file to obtain the sensitive password and gain privileged access to protected resources. Affected versions include EMC VPLEX Local/Metro/Geo with GeoSynchrony 5.2 Patch1 and below.
84420a97ddf942aaec63002319e68c4e2bde47b40f973c04b4e92beb9a06cc3fmod_accounting version 0.5 suffers from a remote blind SQL injection vulnerability.
5f80d81efab9b887ab6063336f50467c4282d2a92a64c29cbf5563b42ba9f24aXAMPP version 1.8.1 allows an unprivileged user the ability to write to the local disk.
4d1631d6f469e4eec20739ed04366120ee8ad777df5da5df3840c88f67f32135The LinkedIn social network suffers from multiple cross site scripting vulnerabilities.
709fdb972cf357cc6700ce7b75aa0fffb8e6a059264e6fa0c034ff32e25fcc21Mandriva Linux Security Advisory 2013-242 - Multiple vulnerabilities has been found and corrected in the Linux kernel. Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service via a crafted device that provides an invalid Report ID. drivers/hid/hid-zpff.c in the Human Interface Device subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service via a crafted device. drivers/hid/hid-pl.c in the Human Interface Device subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service via a crafted device. Various other issues were also addressed. The updated packages provides a solution for these security issues.
293756ed7837559d6b59c73b10281e441cc79100240203c0f546001f31ee5c5fRed Hat Security Advisory 2013-1286-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss A-MQ 6.0.0, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss Fuse/A-MQ 6.0.0 patch 3 is an update to Red Hat JBoss Fuse 6.0.0 and Red Hat JBoss A-MQ 6.0.0, including bug fixes.
00bf9cb3012b34b18caf3a7e6ef4e16f192f067db73ce5a9c00f4ecee299a979
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed