This Metasploit modules exploits a vulnerability found in the Honeywell HSC Remote Deployer ActiveX. This control can be abused by using the LaunchInstaller() function to execute an arbitrary HTA from a remote location. This Metasploit module has been tested successfully with the HSC Remote Deployer ActiveX installed with HoneyWell EBI R410.1.
1f3cef2a50e87d41ca54ec3ec66187a9eab588ff63fb1178c75bc47d21f21a3cLocal root exploit for Ubuntu 12.10 64bit that leverages the sock_diag_handlers[] vulnerability in Linux kernels before 3.7.10.
8cb1664fe3e4114405f60c70992efc4583eb8c783e92650a7895c3f8aa6712b5A module "pm" provided in the standard installation of jforum includes the action "sendSave", which suffers from a persistent cross site scripting vulnerability due to insufficient validation of user supplied data. Version 2.1.9 is affected.
944666c59ab432fd3568fdb4cda08fc25258fbede4ac47c9f5d8a1745ae087dePrivoxy version 3.0.20-1 suffers from an authentication credential exposure vulnerability.
64df167b1234ce7ef9560ad0dec948e6b6b51a7112712080b8c1c40e0cebdb89TinyMCE version 3.5.8 suffers from a cross site scripting vulnerability.
f8c9ff61aa722eff9d8b70db05c7eb7538744c819d92adc412486e43a0c64c31Asteriskguru Queue Statistics suffers from a cross site scripting vulnerability.
ca70d68877f3107fe540b91c1de6b16259fb738161d4b40961cb1d369d0785c9Red Hat Security Advisory 2013-0631-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation.
cafad259c945e4da918aa1a260813841d4d83a0a79ce7619bb2e04e4d592caccRed Hat Security Advisory 2013-0629-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation.
6d1ed42069639bb8755b0de4f3a958401cae506def714140ef49ee518bfb9533Red Hat Security Advisory 2013-0628-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way LDAPv3 control data was handled by 389 Directory Server. If a malicious user were able to bind to the directory and send an LDAP request containing crafted LDAPv3 control data, they could cause the server to crash, denying service to the directory. The CVE-2013-0312 issue was discovered by Thierry Bordaz of Red Hat.
5add42f0c6a00574d7ac05556156c5e1ba2c7a7262aff97a3b7387b1ef2ac2c1Red Hat Security Advisory 2013-0627-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird.
5e3ce4f991544f7474f56d4ed784978aa17c34ef02757b9256b012bd087af2e7Red Hat Security Advisory 2013-0625-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
1ca66d8c35de0807dc60e9a4a9cf02f2ef07d5d9c872f56c3f2ba4680cca6553Red Hat Security Advisory 2013-0623-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.
b7ea678c555beedbc297b1a1e6799654a1cb52d11728e7632582b7b2bee2b633Red Hat Security Advisory 2013-0632-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation .
3d4a1e27acafca95128434813e8a18cde8af4af1c6d99db781873c529265041aRed Hat Security Advisory 2013-0633-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation .
aeb3d8be889b37400757fb6087503e44991c57a267b07e5a4bd9885ba954db26Red Hat Security Advisory 2013-0626-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
f4f979734ced34ea08a199c005459a072d122aafe489e9384d745e1e56724f37Red Hat Security Advisory 2013-0624-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
1aa3a61ce84d8dfe3989766a7d64b1570da3b7bf518c863cc35cbbfe38e7ca3dRed Hat Security Advisory 2013-0621-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments. A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register.
3af50f8d722db056bda205bf690bc55f30b1959317323e16c792a5698c6943f1Red Hat Security Advisory 2013-0622-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments. A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register.
7b4d8f9b0aedc3ba78789f88554003b14e864d9333c5630695e6d2130b83ca4fKindEditor version 4.1.5 suffers from a remote shell upload vulnerability.
d88c733d219132a2b1ee32a692f47acc95782683a3c055cf97d79c82150148cbPHPBoost version 4.0 suffers from shell upload and information disclosure vulnerabilities.
57a0ed69df2dfe6a08556e979aa44517e786e8aafe00b57724d89f4f48485e75This toolkit houses various IPv6 tools that have been tested to compile and run on Debian GNU/Linux 6.0, FreeBSD 9.0, NetBSD 5.1, OpenBSD 5.0, Mac OS 10.8.0, and Ubuntu 11.10.
8392ec6c2414194f839d154313ea7965a2c6503286828f22860c4c50a635d099
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed