This Metasploit module creates and enables a custom UDF (user defined function) on the target host via the UPDATE pg_largeobject method of binary injection. On default Microsoft Windows installations of PostgreSQL (=< 8.4), the postgres service account may write to the Windows temp directory, and may source UDF DLL's from there as well. PostgreSQL versions 8.2.x, 8.3.x, and 8.4.x on Microsoft Windows (32-bit) are valid targets for this module. NOTE: This Metasploit module will leave a payload executable on the target system when the attack is finished, as well as the UDF DLL and the OID.
213fac5f2720047b0fb55ff6cfa251c235b21927acee0824016b457a6d9d998aDebian Linux Security Advisory 2201-1 - Huzaifa Sidhpurwala, Joernchen, and Xiaopeng Zhang discovered several vulnerabilities in the Wireshark network traffic analyzer. Vulnerabilities in the DCT3, LDAP and SMB dissectors and in the code to parse pcag-ng files could lead to denial of service or the execution of arbitrary code.
ac5a0de1a16edc4a12ef1ca0e4b64303c93f124b446f0a31d3db4d59456b6494Debian Linux Security Advisory 2200-1 - This update for Iceweasel, a web browser based on Firefox, updates the certificate blacklist for several fraudulent HTTPS certificates. More details can be found in a blog posting by Jacob Appelbaum of the Tor project.
f1e23c36d6a829293d1483985bc0e10981c1291974554cca193e881d7ff1b9a2Debian Linux Security Advisory 2199-1 - This update for the Iceape internet suite, an unbranded version of Seamonkey, updates the certificate blacklist for several fraudulent HTTPS certificates.
4a9a08d11b2656009237865299dc8612e4e9eb84def6fdb07e57c074c2bb4564Core Security Technologies Advisory - Two vulnerabilities have been found in VLC media player, when handling .AMV and .NSV file formats. These vulnerabilities can be exploited by a remote attacker to obtain arbitrary code execution with the privileges of the user running VLC. Versions 1.1.4 through 1.1.7 are affected.
8be83321208dda4d6d31da8ff809448217d99f09c95ce0362ee9c5369cec08f6MC Content Manager version 10.1.1 suffers from cross site scripting and anti-automation vulnerabilities.
4644cc1ed6452b391270820f4e24d169cabed711cb344aeca189074a44ebb61dConstructr CMS version 3.03 suffers from a remote shell upload vulnerability.
4016df6af6e009e58f6504666547d58edca736c3bd26f224887ce744c5703376Presentation slides from "SCADA Trojans: Attacking the Grid" as it was presented at RootedCon'11 in Madrid.
b859f48eb76310750d6445553c321c3c561679e19c67b8bde7dec9455c01c929Advantec/BroadWin SCADA WebAccess 7.0 Network Service RPC party exploit that demonstrates the leaking of a security code and remote command execution.
83becf12b501bcc267fbd1be7561838dd7024b5d4fe6c3a51d4a00011e8a4337The Progea Movicon 11 TCPUploadServer allows remote users to execute functions on the server without any form of authentication. Impacts include deletion of arbitrary files, execution of a program with an arbitrary argument, crashing the server, information disclosure, and more. This design flaw puts the host running this server at risk of potentially unauthorized functions being executed on the system.
fbc50819938d8873cd7f19b69cc6ec9e277dfe76726a60a616df1890c4c8cdf8There are multiple remote uninitialized pointer free conditions in IGSS's ODBC server. By sending a specially crafted packet to listening port 20222, it is possible to crash the server. Execution of arbitrary code is unlikely.
d82e97b8f0e340895167edfec6e1532847830e7ddab52ff2c288237ef372149fMandriva Linux Security Advisory 2011-053 - Multiple vulnerabilities has been identified and fixed in php. These range from denial of service to code execution issues.
8e3a31350afca8110c11002ff4e93c17438c6aac20bba525ca9ac7e60132ba30PHP-Nuke version 8.x suffers from anti-csrf bypass and cross site request forgery vulnerabilities.
bf9ac275156cbbbadab533f228b1bf2cea04673bf444cbfc5e68a7dd114afb0fPHP-Nuke version 8.x suffers from a cross site scripting vulnerability.
8d9a2d12ad870ef02483bb6f74180ef76a1e62b18fb0e684dff19c890c397432PHP-Nuke version 8.x suffers from a remote blind SQL injection vulnerability.
d6818556033f371db18ca7f045b14f2caf84c54eb602cb2224cce6a02cf9c1c6Zero Day Initiative Advisory 11-112 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBServer.exe process which listens by default on TCP port 19813. While parsing a request, the process trusts a user-supplied 32-bit length value and uses it within a memory operation. By specifying large enough values in a packet sent to the service, a remote attacker can execute arbitrary code under the context of the SYSTEM user.
f46d80ac1dd0d7d551407dd071721b48de6c4358afef9f64b32efc8f0b3a34aeZero Day Initiative Advisory 11-111 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Virtual SAN appliance. Authentication is not required to exploit this vulnerability. The flaw exists within the hydra.exe component which listens by default on port 13838. When parsing a login request the Hydra daemon will call sscanf() using fixed-length stack buffers and no length checks. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM service.
73496b0eb858f94167382044ec5e18e5abed9cec1b3e7f22124125e1e9131443Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
e39d3eff755a71deca8fd07ef36e2abcce5e3da5fca10682c30721ab94df7c01VMCPlayer version 1.0 suffers from a denial of service vulnerability.
e44d854795a09a766cfc0a56e40e69a06d646b467d7dc423698e15a5bd323250Mandriva Linux Security Advisory 2011-052 - Multiple vulnerabilities has been identified and fixed in php. These range from denial of service to code execution issues.
1b98e934ccd7157b0631d5dcf0d404eaa0ead3e489c99c8cdc7264385eb99b35Web Wiz Forums suffers from multiple remote SQL injection vulnerabilities.
d37105bc03e39df81d8832b6118bc99f8f76c3b665c1f00727e0c0a84482ada0This is a brief write up with examples on how to perform DNS spoofing using Scapy. Written in Indonesian.
fda8f6b2be4199e0eb722ba337268ab1fadf3a12c254a57601fb651642c27475Secunia Security Advisory - Luigi Auriemma has discovered multiple vulnerabilities in 7-Technologies Interactive Graphical SCADA System, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
1ca7f9b4dc3f402e94c5a55c7af37adf22f18a4baa5318bed4a24420d9f868dfSecunia Security Advisory - Two vulnerabilities have been reported in LibTIFF, which can be exploited by malicious people to potentially compromise an application using the library.
63b064e442a6cc9f3016bd26b6f4b47c9a9e1425bf3611e59a1440117661bac8This Metasploit module exploits remote syscalls in DRuby.
a802a00709712a959585c5ee44f6a3601a7d2f74fae2b7984b61b541d1f3a35f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed