This Metasploit module exploits an arbitrary file upload vulnerability in ManageEngine DesktopCentral v7 to v9 build 90054 (including the MSP versions). A malicious user can upload a JSP file into the web root without authentication, leading to arbitrary code execution as SYSTEM. Some early builds of version 7 are not exploitable as they do not ship with a bundled Java compiler.
3f00913148c06a584d92ce2a97c94e9b52e8665ae0cc5ea1934eb1b11d43053aThis Metasploit module attempts to execute an arbitrary payload on a loose gdbserver service.
22f9dfcd1753eef9d08e04be2668d3d18e028c7c2608acca1cfc555f0e9e7004JobScheduler versions prior to 1.7.4241 suffer from a path traversal vulnerability.
8061e2d48ba7588b59baa0247bf4a32a7434e94277b215a0f44545aab25075b6Alcasar versions 2.8 and below remote root command execution exploit.
d1c8179bd9e01b76a237b47bd35f1178f37edcdb81f143fa85e1be5913be2872Joomla Spider Calendar component versions 3.2.6 and below suffer from a remote authenticated SQL injection vulnerability.
b2f23c07b9823a2b8e3c2c8f67c97ec1a0c328ca5c972a2d9a04edf32244055cJobScheduler versions prior to 1.7.4241 suffer from an XML external entity injection vulnerability.
40fe0246e1c67d5e7933e033572c8b33f807c11ecad0185a3406b997503ac03fJobScheduler versions prior to 1.7.4241 suffer from a cross site scripting vulnerability.
b8f7ba1908fd8a2a3b68876a926b4d43c65ca0b14233f30dceea2748e06f264aRed Hat Security Advisory 2014-1166-01 - Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. For additional information on this flaw, refer to the Knowledgebase article in the References section. All jakarta-commons-httpclient users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
02e4ef7dbc33e50a64d3276088cff23aa33095d071c28cf5ce48616d0ade075eUbuntu Security Notice 2342-1 - Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
5ffa3505d05ee8e3c4c8b580434d263c33d6ac7e8f2b62913fb8732e725391cbHP Security Bulletin HPSBUX03102 SSRT101681 - Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These vulnerabilities could be exploited remotely to execute arbitrary code, create a Denial of Service (DoS), or other vulnerabilities. Revision 1 of this advisory.
af8b2d2dc4651b5c40e03e7712d4122b482e686ce4b4e96895b3bb04d657963aUbuntu Security Notice 2341-1 - Salvatore Bonaccorso discovered that the CUPS web interface incorrectly validated permissions and incorrectly handled symlinks. An attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.
f57044e3821a7f70ab5ef00b54419a5243bf8be708be9a4544a2ce036435c480Red Hat Security Advisory 2014-1165-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application.
17495d25b74a610055ad319f9414d23d636d412aedd43cae87e12606b7e9f6e4Slackware Security Advisory - New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
02a242f346c66836938ed50a1c8e27f5239fd74fc226b5cb1a8e7f016a55d129Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
a4b22cf5c3bd569cf9a685c8c845c5ff6ecaed31c485bb2e09c3465c061431e2Ubuntu Security Notice 2306-3 - USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem. Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Stephane Chazelas discovered that the GNU C Library incorrectly handled locale environment variables. An attacker could use this issue to possibly bypass certain restrictions such as the ForceCommand restrictions in OpenSSH. David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C Library incorrectly handled posix_spawn_file_actions_addopen() path arguments. An attacker could use this issue to cause a denial of service. Various other issues were also addressed.
f2603aa7d9226b9f4831dcb8df5250b85e04ad8455ad6664e7dbbc9ad9a8c435Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
5a1499556333dd7bb9cbe13e1db04d5621958e68d1945f85fc1346145dd7ed91Mandriva Linux Security Advisory 2014-179 - Updated python-django packages fix security vulnerabilities. These releases address an issue with reverse() generating external URLs, a denial of service involving file uploads, a potential session hijacking issue in the remote-user middleware, and a data leak in the administrative interface.
6c6ad9e0a3a6bafcc98db8f311aef9fa1f50f5df6bd7c716ee23a99b64a4d279Mandriva Linux Security Advisory 2014-178 - A vulnerability in ppp before 2.4.7 may enable an unprivileged attacker to access privileged options.
a3a3e36971b73655a25cc167f503705376e2ea9b80654a9606fb89facd82aa6cMandriva Linux Security Advisory 2014-177 - Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service.
b82575a60b78927a2527d7d736bd33e786fdb5722f3d6b19aae93004a8044b8fMandriva Linux Security Advisory 2014-176 - The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL side-channel attack.
0780b50c1589fe65cc42af17ea0e1cc15443e3fde984ecaad141d58f82502a23Mandriva Linux Security Advisory 2014-175 - When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character 0xffff is specified, then iconv() segfaults. Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library allows context-dependent attackers to cause a denial of service or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. Crashes were reported in the IBM code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364). The updated packages have been patched to correct these issues.
f3306f4d40c605cd5282642a6815dd2da169dca7f32fb2e4796c7ec5dcb10aa7Debian Linux Security Advisory 3019-1 - Boris 'pi' Piwinger and Tavis Ormandy reported a heap overflow vulnerability in procmail's formail utility when processing specially-crafted email headers. A remote attacker could use this flaw to cause formail to crash, resulting in a denial of service or data loss, or possibly execute arbitrary code.
43468ef1ed6db6521e8f82e69ce0b41d1cb6ee9c4335b5d7df059a1903fd547aLoaded Commerce 7 shopping cart/online store suffers from a systemic vulnerability in its query factory, allowing attackers to circumvent user input sanitizing to perform remote SQL injection.
bc6c0793f0b1ad0e2f4281bcd1c2cc29d75921c3c2de9a5a7d02ed243ff40765WordPress Antioch theme suffers from an arbitrary file download vulnerability. Note that this finding houses site-specific data.
2b12727a6b9750cf997f7294938d75876289238f5c437e1c5bbe279593a9373eWordPress Authentic theme suffers from an arbitrary file download vulnerability. Note that this finding houses site-specific data.
3fb05a1ff5059197a68b63f8a42972fadb202c1f37a2eb251656ffd7ab5ba15f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed