This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x4c (PROXY_CMD_PREBOOT_TASK_INFO2) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 / SP3 and Windows Server 2003 SP2 (DEP bypass).
eb8d23c0d1251c7dcb0480044c6de8f7f8d9c2d7e8de5b4a78afffe09b659c78This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x6c (PROXY_CMD_GET_NEXT_STEP) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 / SP3 and Windows Server 2003 SP2 (DEP bypass).
7d25707a364b6e8cc80a0819d82a572cf3f8dd0815e6c1b374eaa52379c9f479Drupal third party module Campaign Monitor versions 6.x-2.x prior to 6.x-2.5 suffer from a cross site scripting vulnerability.
fcf698f74e9bd805c5289afb6e0ad89ddcb88901f7884f93b45a0a3a837ab1ebSlackware Security Advisory - New libexif packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
432c888fca3acb53d1dbcdc76f8ea6c6b19a0fb1b46e33e9d69dedb3d9cddaffClubHACK Magazine Issue 30 - Topics covered include PHP shells, OWASP DirBuster, Punishment for Violation of Privacy, and more.
0b604f5227e59abfbe5016031eedd6039ef777b68799f96352a0a261d1f48f50Maian Survey version 1.1 suffers from local file inclusion and open redirection vulnerabilities.
20f830e6dfb378cb55c38decf34ba84e27e1652f26557fde69340b878b746147The Joomla Hello component suffers from a local file inclusion vulnerability.
f473f0c61e9e8c0ec07cfd80bd2864d9cc825caedb6e1771e7d868909f818c36SimpleWebServer version 2.2-rc2 remote buffer overflow exploit that achieves code execution.
d479bd8f4fea4bdf5c0972e056189d54814dde491f87ef49ea5a3093231a8ef1Debian Linux Security Advisory 2515-1 - Marek Varusa and Lubos Slovak discovered that NSD, an authoritative domain name server, is not properly handling non-standard DNS packets. his can result in a NULL pointer dereference and crash the handling process. A remote attacker can abuse this flaw to perform denial of service attacks.
3ecea29cebf4040755be7ba8d1e9e672935487aed2514cec7fe75aaf04f83bbdRed Hat Security Advisory 2012-1103-01 - Red Hat Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. Multiple cross-site scripting flaws were discovered in the Red Hat Certificate System Agent and End Entity pages. An attacker could use these flaws to perform a cross-site scripting attack against victims using Certificate System's web interface. It was discovered that Red Hat Certificate System's Certificate Manager did not properly check certificate revocation requests performed via its web interface. An agent permitted to perform revocations of end entity certificates could use this flaw to revoke the Certificate Authority certificate.
c03295adba0c38b673534445461d9e0f2403b0a707f4b0ff13948486ba0bf7ffRed Hat Security Advisory 2012-1102-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN message. An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN notification message.
8d8905da6f3429379dbb0297932d8d8f8669f30ac3e8f57d9cc8c0e9d64d608fUbuntu Security Notice 1512-1 - It was discovered that KDE PIM html renderer incorrectly enabled JavaScript, Java and Plugins. A remote attacker could use this flaw to send an email with embedded JavaScript that possibly executes when opened.
0eb443866af01d8f0bed2a8e0d40c11f7d181c581505d2a58166201be1c354b9Ubuntu Security Notice 1511-1 - Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
6d79518b72d5ecf13083c6ab3b54a05a6a053fc38887997dd9f4db4d024afa41Debian Linux Security Advisory 2513-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
ecdacb7db4117e0389ca3b7ac3b6bbf964b7f0e66d078e72b75033ee15856f52Secunia Security Advisory - Multiple vulnerabilities have been reported in AFD, which can be exploited by malicious people to compromise a vulnerable system.
db0fd5bbe4cfb4e2f8d43ff56de1c664914865f3ab75d3d5af8827c64eacfe0bSecunia Security Advisory - A vulnerability has been discovered in the Cimy User Extra Fields Plugin for WordPress, which can be exploited by malicious users and malicious people to compromise a vulnerable system.
595e6138108521a250490612ded8ada0cad84ce429893e2b70312544eeea0a0cSecunia Security Advisory - Two vulnerabilities have been reported in HP StorageWorks File Migration Agent, which can be exploited by malicious people to compromise a vulnerable system.
92c856224f51934cabb4f4cfd4bd55cef1d043bc2c201a702e23ba91811f206dSecunia Security Advisory - Two vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
04bbc870c7158a1935fb9fdf33932abfb85eff0968b226b3f2aa13f00f87139bSecunia Security Advisory - Multiple vulnerabilities have been reported in Oracle HTTP Server, which can be exploited by malicious, local users to bypass certain security restrictions or gain escalated privileges and by malicious people to bypass certain security restrictions, disclose potentially sensitive information, and cause a DoS (Denial of Service).
9f8b2813775db960df67b8ac70a9550317f844bd68dbc71e9ef8efc6f6577742Secunia Security Advisory - Three vulnerabilities have been reported in Oracle MapViewer, which can be exploited by malicious people to gain knowledge of sensitive information or manipulate certain data.
7df3e084cc8e53f6c3b836bb46049f6848587771b59eec7b4c879664dee7dcb2Secunia Security Advisory - A vulnerability has been reported in Hyperion BI+, which can be exploited by malicious people to manipulate certain data.
e5d89ae77535a1d9fb0661230496dbf69b6b26f1baaa9390aed66772def93065Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Outside In Technology, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
a41a73f908a26cacde34d6b0d53dab44b629754ff4ea35850c531949e1a44159Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.
b3114ea884f13655386b965768c93138061980b71da0d1697974b5ab7d19874fSecunia Security Advisory - Two vulnerabilities have been reported in Oracle AutoVue, which can be exploited by malicious users to cause a DoS (Denial of Service).
66db430d29df37b119afddb3b677ac8ab799cf578ab01335aed75e9a3b694399Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle MySQL Server, which can be exploited by malicious users to cause a DoS (Denial of Service).
198c37146fbd23736a768971faacce1147dfc60bec0b2bd277e211dc9cabb4e8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed