This Metasploit module exploits a file upload vulnerability in ProjectSend revisions 100 to 561. The 'process-upload.php' file allows unauthenticated users to upload PHP files resulting in remote code execution as the web server user.
087e2e4d69111e46f2812dd4908b4b22a1de2bce44989d3e02e0a9a6e58cfba6THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.
440a3ae98b57100c397ec4f8634468dbbb0c3b48788c6b74af2a597a90544a96Incom CMS suffers from an authentication bypass vulnerability via remote SQL injection.
28e1d1b127d9bf0b66f5bb5a2d7f99ee61b5bf34b4c66d93200d8b96697b8157Debian Linux Security Advisory 3113-1 - Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code.
c07d19cf6b887fa58bdf1aabe929c435954c16a8c33b34fa65ffa5b22c076cdaDebian Linux Security Advisory 3114-1 - Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an attacker to remotely execute arbitrary code.
d0d564ef0b65527a21eee4ab3d08a36dc96badae881dd56d032b2a6b2a4adc01Gentoo Linux Security Advisory 201412-52 - Multiple vulnerabilities have been found in Wireshark which could allow remote attackers to cause Denial of Service. Versions less than 1.12.2 are affected.
f17c19c16fb1c4ac4bc4cbe10a7fa67976348af84d1bb1b7a8aa25a6421db1dbGentoo Linux Security Advisory 201412-51 - Multiple vulnerabilities have been found in Asterisk, the worst of which could lead to Denial of Service, bypass intended ACL restrictions or allow an authenticated user to gain escalated privileges. Versions less than 11.14.2 are affected.
04044181d0958586da94e04aa40876aa0b3112da38bf0c87d7e7ea0eb5d041f0Gentoo Linux Security Advisory 201412-50 - Multiple vulnerabilities have been discovered in getmail, allowing remote attackers to obtain sensitive information. Versions less than 4.46.0 are affected.
6a1e587d9ebd5fb431680886ea0dc60724e6a6c78885dfc8ffca72fb52f56d9fGentoo Linux Security Advisory 201412-49 - Multiple vulnerabilities have been found in fish, the worst of which could result in local privilege escalation or remote arbitrary code execution. Versions less than 2.1.1 are affected.
123e46940ecf6f2469426c6935aec9bd1c6d5353bbbfc158faf0722597cbd198Gentoo Linux Security Advisory 201412-48 - A vulnerability in file could allow a context-dependent attack to create a Denial of Service condition. Versions less than 5.21 are affected.
1cdbea9495a1375e74f8b72f7ea0936bfdb317a6d2b74279856945a6b1734a56Gentoo Linux Security Advisory 201412-47 - Multiple vulnerabilities have been found in TORQUE Resource Manager, possibly resulting in escalation of privileges or remote code execution. Versions less than 4.1.7 are affected.
51a42e443e73a67f0e0416d7e5cd284c78b89ddef4d31e82cd485c179c0087a4Gentoo Linux Security Advisory 201412-46 - Multiple buffer overflow flaws and a parser error in LittleCMS could cause Denial of Service. Versions less than 2.6-r1 are affected.
c9bb33764707bb704d3507f54af051747564581d3d72a23550da0ef47d9d4603Gentoo Linux Security Advisory 201412-45 - An untrusted search path vulnerability in Facter could lead to local privilege escalation. Versions less than 1.7.6 are affected.
2408fdb470e5ca13e3158b05ea08bf735a14aefe460cfdf705aa3ba374e80432Gentoo Linux Security Advisory 201412-44 - A vulnerability in policycoreutils could lead to local privilege escalation. Versions prior to 2.2.5-r4 are affected.
2b706a9b7343eb709884ad81f2c80a0c6680592d90a399a8cb2af12c127d2d2dGentoo Linux Security Advisory 201412-43 - Multiple vulnerabilities have been found in MuPDF, possibly resulting in remote code execution or Denial of Service. Versions less than 1.3_p20140118 are affected.
9db4f8eb533c555a2ab6d7ee94ce631b7188dbc59c13ec335fec084c0af97f33Gentoo Linux Security Advisory 201412-42 - Multiple vulnerabilities have been found in Xen, possibly resulting in Denial of Service. Versions less than 4.4.1-r2 are affected.
2db7505f2e7bc5f6baa362b0b62538e08d79d4290e93c6e8354e4d02ac99eacfGentoo Linux Security Advisory 201412-41 - A vulnerability in OpenVPN could lead to Denial of Service. Versions less than 2.3.6 are affected.
651aa9b76ab89413bece706940ddde61a52f8eba2671728362fc48fbf32b6ebcmrtparse is a module to read and analyze the MRT format data. The MRT format data can be used to export routing protocol messages, state changes, and routing information base contents, and is standardized in RFC6396. Programs like Quagga / Zebra, BIRD, OpenBGPD and PyRT can dump the MRT format data. Written in Python.
ee3b4b8da3eef55bbe75796ab60f02d974938ff08c8a93ed9195475126e1b5a1This Metasploit module steals the user password of an administrative user on a desktop Linux system when it is entered for unlocking the screen or for doing administrative actions using policykit. Then it escalates to root privileges using sudo and the stolen user password. It exploits the design weakness that there is no trusted channel for transferring the password from the keyboard to the actual password verification against the shadow file (which is running as root since /etc/shadow is only readable to the root user). Both screensavers (xscreensaver/gnome-screensaver) and policykit use a component running under the current user account to query for the password and then pass it to a setuid-root binary to do the password verification. Therefore it is possible to inject a password stealer after compromising the user account. Since sudo requires only the user password (and not the root password of the system), stealing the user password of an administrative user directly allows escalating to root privileges. Please note that you have to start a handler as a background job before running this exploit since the exploit will only create a shell when the user actually enters the password (which may be hours after launching the exploit). Using exploit/multi/handler with the option ExitOnSession set to false should do the job.
0a9cac7ba17812d5abc36544dbde12e861f70ee5697f577efc23726fdff20564Ex Libris Patron Directory Services version 2.1 suffers from an open redirection vulnerability.
17a847f6cf2d103df094c681d21bff37daf5bd35df9356102400dd835ed770a6Ex Libris Patron Directory Services version 2.1 suffers from a cross site scripting vulnerability.
a3b5ead6e76494619c7357d9c2e36a3ff71e90dec08243d6f7e34d5f87d1d734The travel.cnn.com and ads.cnn.com sites suffer from cross site scripting and open redirection vulnerabilities.
0d6722f00690a9f4f5bb9bcaf068b17df31ede688b0b375bd5e9204e1bce1236WordPress Dmsguestbook plugin suffers from a remote unauthenticated data injection vulnerability.
196b447c8f48a497957f3386f73aabc903eced80e2d5a3266d6cfe4877d68af5CMS Pylot suffers from cross site request forgery and cross site scripting vulnerabilities.
01f1a45be6f858d68cb4c7a7728eab0c21996ae492e868a252d83abe5edbf83aWordPress Frontend Uploader plugin version 0.9.2 suffers from a cross site scripting vulnerability.
0c3801fecfa0e2bbccbf1155f37c7cf89e78a103cb78344d76816b9cc4889844
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed