This Metasploit module exploits a vulnerability found in Pandora FMS 5.0RC1 and lower. It will leverage an unauthenticated command injection in the Anyterm service on port 8023. Commands are executed as the user "pandora". In Pandora FMS 4.1 and 5.0RC1 the user "artica" is not assigned a password by default, which makes it possible to su to this user from the "pandora" user. The "artica" user has access to sudo without a password, which makes it possible to escalate privileges to root. However, Pandora FMS 4.0 and lower force a password for the "artica" user during installation.
5ce709b214027d220be47c845fc61a9f62d0ec60d713cac5ac400ec912b76982This Metasploit module exploits a privilege escalation issue in Android versions prior 4.2's WebView component that arises when untrusted Javascript code is executed by a WebView that has one or more Interfaces added to it. The untrusted Javascript code can call into the Java Reflection APIs exposed by the Interface and execute arbitrary commands. Some distributions of the Android Browser app have an addJavascriptInterface call tacked on, and thus are vulnerable to RCE. The Browser app in the Google APIs 4.1.2 release of Android is known to be vulnerable. A secondary attack vector involves the WebViews embedded inside a large number of Android applications. Ad integrations are perhaps the worst offender here. If you can MITM the WebView's HTTP connection, or if you can get a persistent XSS into the page displayed in the WebView, then you can inject the html/js served by this module and get a shell. Note: Adding a .js to the URL will return plain javascript (no HTML markup).
dbb32d05e01054ebc7b29568cea429ebb06111292c8c20ba817f8d844646e5ffDebian Linux Security Advisory 2852-1 - Yves Younan and Ryan Pentney discovered that libgadu, a library for accessing the Gadu-Gadu instant messaging service, contained an integer overflow leading to a buffer overflow. Attackers which impersonate the server could crash clients and potentially execute arbitrary code.
33655ae8e1e1c8922dd3c81fa0835f2f84a392b08cdf84bc8864c31c0f1f249aGentoo Linux Security Advisory 201402-8 - Multiple vulnerabilities have been found in stunnel, the worst of which may cause a Denial of Service condition. Versions less than 4.56-r1 are affected.
31d749575518e8dbefa0e344dea1c1971b5f9d57ef56cd9eca9f080b0a6ae029Ubuntu Security Notice 2100-1 - Thijs Alkemade and Robert Vehse discovered that Pidgin incorrectly handled the Yahoo! protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. Jaime Breva Ribes discovered that Pidgin incorrectly handled the XMPP protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. It was discovered that Pidgin incorrectly handled long URLs. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. Various other issues were also addressed.
f991b00ea6f051465706e877f78268dc8f39e4e590323da6770e95706a13d801It is possible to craft a malformed Content-Type header for a multipart request that causes Apache Commons FileUpload to enter an infinite loop. A malicious user could, therefore, craft a malformed request that triggered a denial of service. Affected include Apache Tomcat versions 7.0.0 through 7.0.50, 8.0.0-RC1 through 8.0.1, and Apache Commons FileUpload versions 1.0 through 1.3.
8dfbe0cfb95f092bd86c843cf19490a000e2626be62589af1adf0aa833f36d3cAlienVault OSSIM version 4.3 suffers from a remote SQL injection vulnerability.
5ca78d190ca63e9f10a2d9625f09ad36148d75d7be25be8d9db671624b862a1dipset_list is a wrapper script for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. Optionally, the output can be colorized.
86f5d27b291c7a13db976eefeb76f91e2eca506f63d4bb953ea253ff0dcb9005ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set names, types, and members.
ab9b9fad49f3691c0b80ed5017bfbecdbd40ec0a6a835953735feb4e888035feApache Wicket versions 1.4.22, 1.5.10, and 6.7.0 suffer from an information disclosure vulnerability.
1f54a9d221a1e84a3c06233902fce88e8fab25e89c37b7019ffab0801cf184a2German Telekom suffered from a remote SQL injection vulnerability.
19b2ff1780cae869e9b4611485ca5d0e223216f1b1242f0d6ab12c4d4c158a22German Telekom suffered from a remote shell upload vulnerability.
b7efd62de29399c5d545c0475c36e5faf3e7724abfa74daec99727169a4e9bdaGerman Telekom suffered from a code execution vulnerability.
cd25b3a38fd009ea5accccb2da4b02fe8d14a5d269f2ee54048f6f0010bcb293Atmail WebMail version 7.0.2 suffers from multiple cross site scripting vulnerabilities.
23b2b53a8d67a1e32d07fc9e6327ecca13eddf018a35f4a70313e79d7dc615ecDrupal Modal Frame API third party module version 6.x suffers from a cross site scripting vulnerability.
12d350e2cc394c55a99eeda144a83a3b8e6b31feb575a80190d993786b03d5d7Drupal Push Notifications third party module version 7.x suffers from an information disclosure vulnerability.
2ecd72d5edcd2b99df0400d3fcc7d8ba3c4709c9dcc1256c885629033bd2dc41Asseco SEE iBank FX client versions 2.0.9.3 and below suffer from a local privilege escalation vulnerability.
e9df0ad79daee99430a750b5340e01c69f20620f254a5a7145eec1c4dd26e6f4osCommerce version 2.x suffers from a remote SQL injection vulnerability.
d32dd50919d8a0c429288d62c1747a59153e7b47726b23268062da0fcd4fefadThe PHP executable in Projoom NovaSFH plugin version 3.0.3 which is responsible for handling file upload functionality allows arbitrary files to be uploaded to any directory specified by the attackers as the file upload function does not does not verify file type or origin when processing the request.
1fb1ff77a2d570b27d8c0f997848425e0da6209fa9f402349bebb84194b11cd2WordPress Dandelion Theme suffers from a remote shell upload vulnerability.
db6578e63b1bf5995d887acf619e0652baadbfd01cebd67cc5b62bd56a3ddeb7Joomla version 3.2.1 suffers from a SQL injection vulnerability.
ef7061c70d1bdc7c865b6c10278b61614cee99fa88b3685dd2fee0b3f5449bc1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed