PonyOS version 0.499-mlp suffers from privilege escalation due to the cat binary being executed with escalated privileges and file permissions do not work. It also has a kernel compromise vulnerability.
3cc9c88954c40969dd91bdad93080b62fc386a7022593ded5062531355365a12This Metasploit module exploits the nativeHelper feature from spiderMonkey which allows control over execution by calling it with specially crafted arguments. This Metasploit module has been tested successfully on MongoDB 2.2.3 on Ubuntu 10.04 and Debian Squeeze.
b6eb069e8c2cd7a54405a167b66ff710e28f82ed3b1979ede3aca6f9223c3ab8Some Linksys Routers are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes.
b0afd45182320ce4cbe58cfbaef05397334c74a08e5a150118bf0469c6dc9d01This Metasploit module exploits an anonymous remote code execution on HP System Management 7.1.1 and earlier. The vulnerability exists when handling the iprange parameter on a request against /proxy/DataValidation. In order to work HP System Management must be configured with Anonymous access enabled.
4de4f77423b06dccacf83fd32f5fcf5e7397ce23516f9f320983cc32b12d3691This Metasploit module exploits a code execution flaw in Novell ZENworks Configuration Management 10 SP3 and 11 SP2. The vulnerability exists in the ZEnworks Control Center application, allowing an unauthenticated attacker to upload a malicious file outside of the TEMP directory and then make a second request that allows for arbitrary code execution. This Metasploit module has been tested successfully on Novell ZENworks Configuration Management 10 SP3 and 11 SP2 on Windows 2003 SP2 and SUSE Linux Enterprise Server 10 SP3.
cac2ca5c89d3eedff27bc84da293cd736f6780ad4a09e145d499b111dfd7d70dUbuntu Security Notice 1785-1 - It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program.
a47e45dc4222448ec57f8e6f7b41b29f28cd6282feaa9c9ce0799129d033cf9dUbuntu Security Notice 1784-1 - Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service.
82799b8952809a1e54444c0c50a802c0ad5f4c59e730c7db6c1db26241d1361e360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
a54666e93f8139c9c290eb8d0f049a718401c5cb7c9ff5e4da4b80f47982adb0Red Hat Security Advisory 2013-0699-01 - Ruby on Rails is a model–view–controller framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. A flaw was found in the way hashes were handled in certain queries. A remote attacker could use this flaw to perform a denial of service attack by sending specially-crafted queries that would result in the creation of Ruby symbols, which were never garbage collected.
b6902657cfe40401e0c98cb2a92a85ea972342fafdcaf8a44cc480e5c5cd61a1Red Hat Security Advisory 2013-0698-01 - Ruby on Rails is a model–view–controller framework for web application development. Action Pack implements the controller and the view components. Two cross-site scripting flaws were found in rubygem-actionpack and ruby193-rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack or ruby193-rubygem-actionpack.
743a41b0704bd4dba9f8cb3988806f1e991875ad4a177217c9ca713b7d10655bRed Hat Security Advisory 2013-0697-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Same Origin Wrappers were implemented in Thunderbird. Malicious content could use this flaw to bypass the same-origin policy and execute arbitrary code with the privileges of the user running Thunderbird.
74494867652c4cbc9d5829137fb1894e0f25d7fb1b710f739ad05f79ae484d82Red Hat Security Advisory 2013-0696-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Same Origin Wrappers were implemented in Firefox. A malicious site could use this flaw to bypass the same-origin policy and execute arbitrary code with the privileges of the user running Firefox.
6316d8cb6d761c86b94001dbf1829e2a5f2841ae9527a42166c87f8f8bb3c594Red Hat Security Advisory 2013-0695-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges.
dd860a32760eeb4ee121f06db3c51a0cbd4af326851129ef506607a436dedd76WHMCS Grouppay plugin versions 1.5 and below suffer from a remote SQL injection vulnerability.
b304a2f0298f4ebff558dc745a1da74d9a5e6cedcfe956f2fc1f606759a2b27fNCC Group has discovered multiple SQL injection vulnerabilities in Virtual Access Monitor. Unfortunately, as usual, the NCC group are withholding any details for three months.
936fbe2a15d567292c6f111a3e024b35c22de77119e739eda6031b3184566fcf
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed