This Metasploit module exploits a vulnerability in AdminStudio LaunchHelp.dll ActiveX control. The LaunchProcess function found in LaunchHelp.HelpLauncher.1 allows remote attackers to run arbitrary commands on the victim machine. This Metasploit module has been successfully tested with the ActiveX installed with AdminStudio 9.5, which also comes with Novell ZENworks Configuration Management 10 SP2, on IE 6 and IE 8 over Windows XP SP 3.
56cf9879c132897ee3261274e09284b0d6081bb9dd195db9cee39698cd90dbbaRed Hat Security Advisory 2012-1060-01 - Cobbler is a network install server. Cobbler supports PXE, virtualized installs, and re-installing existing Linux machines. A command injection flaw was found in Cobbler's power management XML-RPC method. A remote, authenticated user who is permitted to perform Cobbler configuration changes via the Cobbler XML-RPC API, could use this flaw to execute arbitrary code with root privileges on the Red Hat Network Satellite server. Note: Red Hat Network Satellite uses a special user account to configure Cobbler. By default, only this account is permitted to perform Cobbler configuration changes, and the credentials for the account are only accessible to the Satellite host's administrator. As such, this issue only affected environments where the administrator allowed other users to make Cobbler configuration changes.
a117798edbaaae98d35e372b2a965c0e26a3e98bfd81b95555118ca270a44f0bUbuntu Security Notice 1500-1 - Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. Thijs Alkemade discovered that Pidgin incorrectly handled malformed voice and video chat requests in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. Various other issues were also addressed.
a749885c45d3ed6a82077ecb3953f73e5275c512532f5583f18a44f27c49d270Sites Powered By Digiport suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
162213ce8b7d9c21d4ee2301ef28dcb48f33a779dc35b49777cdab90e35a2068phpList version 2.18.18 suffers from a cross site scripting vulnerability in the footer parameter.
d88c6d1b0a7c8325ece488da854263c58fdf90fb6de27527ef41828a6b73db2dFlogr version 1.7 suffers from a cross site scripting vulnerability.
9797ee9f4c0b62070aefef551e7d26994a1a9a51793c28e57deb42b5f2aa72f0Debian Linux Security Advisory 2509-1 - Ulf Harnhammar found a buffer overflow in Pidgin, a multi protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution.
34f459309c2d1dcbc50629b0c7d27153a6e3700d8fdab0296501357511e10da3Ubuntu Security Notice 1499-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).
ef05151a339827bd665036be138d551449abec4cd1acf946dbcc634acafed160Python versions 2.7.2 and 3.2.1 suffer from an untrusted search path / code execution vulnerability.
98e93731fcf6d0dd24fe05de218155cf894de44ce86ced09013024c3b4ecb0acdigiGALLERY as distributed by Digiport suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
0fd126d60ac9091073e88bbb5d53c666d9e536804446a23513fec1c1053157c0Secunia Security Advisory - Multiple vulnerabilities have been reported in Leaflet Maps Marker, which can be exploited by malicious users to conduct SQL injection and script insertion attacks and by malicious people to conduct cross-site scripting attacks.
c31fd60f7b3b86c9b1c8fe019be1b06e5ee8b85a096d14cffe152f59cdf6e934Secunia Security Advisory - A vulnerability has been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
826805e88738f80b5814689653860c9ae700a8441eaa01a55954633a371572bbSecunia Security Advisory - Hitachi has acknowledged a vulnerability in Hitachi IT Operations Analyzer, which can be exploited by malicious people to cause a DoS (Denial of Service).
f41915f00a8270e10966603ead09bedd7362a4dd87ac0e6894e93da0fb3a36c9Secunia Security Advisory - Stefan Schurtz has discovered multiple vulnerabilities in MGB, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
5846214742426d4a659785f06deafc135309f463e644cede36d1c2d08cdfb915Secunia Security Advisory - A vulnerability has been reported in the Artiss Code Embed plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
a5c5d8b71d05b7482579ebe6281dae278a91d23a5e06327523dae5ab37a37f2fSecunia Security Advisory - Two vulnerabilities have been reported in Netsweeper, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.
b235507113b5f26310aca20e936c827974c9b400a183efb7b4c429153d635108Secunia Security Advisory - A vulnerability has been reported in Apache Sling, which can be exploited by malicious people to cause a DoS (Denial of Service).
91010b5ff590244643a68e32676e6d2eee5f6ea60ec9ca154c924c3ead7b5178Secunia Security Advisory - A vulnerability has been reported in eZ Publish, which can be exploited by malicious people to conduct cross-site request forgery attacks.
d7e0fcaa97e6617ac3dde783a2d7d482d40b13f1225bf6fd9b7421176f0d6acdSecunia Security Advisory - Sammy Forgit has reported a vulnerability in the Flip Book plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
e614bfc8773848db2f50dd9f4717c3a6b36a6f5a7a4fd4cfaca2ea03f356f82eSecunia Security Advisory - A vulnerability has been reported in Mono, which can be exploited by malicious people to conduct cross-site scripting attacks.
8ae7aaa6db903a274990cbbf815833994386c80064c9b1d1e3d9248413cba0e9Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Portal, which can be exploited by malicious people to disclose potentially sensitive information.
8a1255757f651dd5f4b8c93e7d95f2d598843210aa0ffd2dd453601e5f3b8f38Secunia Security Advisory - Avaya has acknowledged a weakness in Avaya Products, which can be exploited by malicious people to conduct brute force attacks.
79eb8bb59c1f4950a33980bf8f9998cc898dde96b506c5f4e7e85e7323413031Secunia Security Advisory - A weakness has been reported in WebsitePanel, which can be exploited by malicious people to conduct spoofing attacks.
1b22ddae90dea114d9c07c5bccf01976d5ca97c72c731e6d0c71dd91ad3e6b46Secunia Security Advisory - A vulnerability has been reported in KingHistorian, which can be exploited by malicious people to compromise a vulnerable system.
3016f14618acb8ea0920daa7e23bee01bc5a5c914ec3c9b595db3f6af7684243
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed