Versions of the JBoss Seam 2 framework prior to 2.2.1CR2 fail to properly sanitize inputs to some JBoss Expression Language expressions. As a result, attackers can gain remote code execution through the application server. This Metasploit module leverages RCE to upload and execute a meterpreter payload. Versions of the JBoss AS admin-console are known to be vulnerable to this exploit, without requiring authentication. Tested against JBoss AS 5 and 6, running on Linux with JDKs 6 and 7. This Metasploit module provides a more efficient method of exploitation - it does not loop to find desired Java classes and methods. NOTE: the check for upload success is not 100% accurate. NOTE 2: The module uploads the meterpreter JAR and a JSP to launch it.
fe639b25ec3a4921cb55d15bdfb6e881c231a40faa50a3d8152df00b6699cc2a
Mandriva Linux Security Advisory 2015-192 - Multiple vulnerabilities has been discovered and corrected in subversion. Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. Subversion HTTP servers allow spoofing svn:author property values for new revisions. The updated packages have been upgraded to the 1.7.20 and 1.8.13 versions where these security flaws has been fixed.
829bf7383ff71da085f5217b201c2b0b0c211ea29983b39d9bc74aa6de7c36fc
HP Security Bulletin HPSBST03195 1 - Potential security vulnerabilities have been identified with HP 3PAR Service Processor (SP) running OpenSSL and Bash. The OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. The Bash Shell vulnerability known as "Shellshock" which could be exploited remotely resulting in execution of code. Revision 1 of this advisory.
6a809ea757ff22870a3e4f96354ac184c8c6886fa4f952676c8a777eb3d928e2
Debian Linux Security Advisory 3212-1 - Multiple security issues have been found in Icedove, Debian's version of use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of service.
f5fef3c8a0bfd6385a3eb9e894bf1b6efc708a179b17b5cc8474b7ca7cc78c4b
HP Security Bulletin HPSBHF03300 1 - Potential security vulnerabilities have been identified with HP Network Products running OpenSSL. The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. Other vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS) and unauthorized access. Revision 1 of this advisory.
329f0280df00f4c7b48c192f216b6d37cdbb7f6ed711b0b2b33a657122fbae7b
Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities.
81a001a8c6f48e1e8af8a8319afbad8ca0dcf82113d9d1a5f0b09a6d0b520ed7
phpSFP Schedule Facebook Posts version 1.5.6 suffers from a remote SQL injection vulnerability.
7673a25237bdf3cd6bc1787a2b3327ccc77b90c595451e0afce62021f734c275
Airties Air5650TT remote stack overflow exploit that spawns a reverse shell.
9f0340d2c2b6c3152187216f7125ce13eea9862d86be92f799f51b9e8793bbad
WordPress Simple Ads Manager plugin versions 2.5.94 and 2.5.96 suffer from multiple remote SQL injection vulnerabilities.
d0666e28aa1c3b476d3cec2790fdd3cb6d8998518ab039b1673e710aec01a687
WordPress Simple Ads Manager version 2.5.94 suffers from an arbitrary file upload vulnerability.
acf530bdb80483f6f4aba3d8993b8414f225dc3ea3793cf25500608f6901ea0e
WordPress PHP Event Calendar plugin version 1.5 suffers from an arbitrary file upload vulnerability.
0c0e6821c9f39d195b058b4a300a86fb947a58cbad45c92060bdd27bb6a0511d
WordPress Simple Ads Manager plugin versions 2.5.94 and 2.5.96 suffer from an information disclosure vulnerability.
3796a819f2860d5d329196625fa65cebbe2141c37ed980f31297dce290960590
Synology.com suffered from a cross site scripting vulnerability.
df36960f10fd715ad89f78bcc5f4c2fdfa17ca95a83d0ace087bc886131e0aec