This Metasploit module exploits a code execution flaw in AlienVault 4.6.1 and prior. The vulnerability exists in the av-centerd SOAP web service, where the update_system_info_debian_package method uses perl backticks in an insecure way, allowing command injection. This Metasploit module has been tested successfully on AlienVault 4.6.0.
f41d6bd5cd5cf9bdeabe5b3bc68136db162011629dbe4d4e9286da318c9234c8HP Security Bulletin HPSBOV03047 - Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.
e545961d2486992ac5cd08c4a4d901c108cc777140b0a87c47be2e344c642f8aThis is the announcement for the Balkan Computer Congress 2014 (BalCCon) Call For Papers. It will be held September 5th through the 7th in Novi Sad, Vojvodina, Serbia.
395fdebd464d9ea73ff861ca19bf341d233affbb6c7ed3c341b6e2939a6ba13fRed Hat Security Advisory 2014-0772-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement.
b39ab59da6eb4cf12abfe7f5da13883f79093f424333564d663bd67f9e433ae8Red Hat Security Advisory 2014-0770-01 - The foreman-proxy package provides a RESTful API to manage DNS, DHCP, TFTP, and Puppet settings, and can be used as part of Foreman. A shell command injection flaw was found in the way foreman-proxy verified URLs in the TFTP module. A remote attacker could use this flaw to execute arbitrary shell commands on the system with the privileges of the user running foreman-proxy. This issue was discovered by Lukas Zapletal of Red Hat. Note that for Red Hat Enterprise Linux OpenStack Platform 3.0, Foreman was released as a Technology Preview.
45d2dd06196dba362bdfc1b1fba8fc39ea1986b37fdf8f3bba736cdd0e23f021Gentoo Linux Security Advisory 201406-18 - A vulnerability in rxvt-unicode may allow a remote attacker to execute arbitrary code. Versions less than 9.20 are affected.
265fd3c25d7c4ae3e599687c6a81d3c09bfb1e5777f345264551bcebcc0ff312Ubuntu Security Notice 2250-1 - Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden and Kyle Huey discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered multiple use-after-free and out-of-bounds read issues in Thunderbird. If a user had enabled scripting, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
dddebba2dc6819014946e60612c0b01c0f17fe3554a8617afe844276d7b32721Red Hat Security Advisory 2014-0771-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. Various other issues were also addressed.
045975b06f49ae62face7f508bfd20413516dac60cbe25c8914c866298aa5808This Metasploit module exploits a stack based buffer overflow in Ericom AccessNow Server. The vulnerability is due to an insecure usage of vsprintf with user controlled data, which can be triggered with a malformed HTTP request. This Metasploit module has been tested successfully with Ericom AccessNow Server 2.4.0.2 on Windows XP SP3 and Windows 2003 Server SP2.
ebcadf3ecbef96b23f35bdc1801d697a19ccfe4ec12a013d2b6a82b0e6e572b2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed