This Metasploit module exploits a directory traversal and remote code execution flaw in EMC HomeBase Server 6.3.0. Note: This Metasploit module has only been tested against Windows XP SP3 and Windows 2003 SP2.
e1157c518d84a4ffe3868bae4edb8772e80255a4824a34ca07799e7a7f517728This Metasploit module exploits a vulnerability found in Subtitle Processor 7. By supplying a long string of data as a .m3u file, Subtitle Processor first converts this input in Unicode, which expands the string size, and then attempts to copy it inline on the stack. This results a buffer overflow with SEH overwritten, allowing arbitrary code execution.
26d612333618be29098a0672577a27e3c6d14fed9fd3745d7b80c96b8ea7a1feOnapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially crafted packet is sent to the JDENet service, and access violation is raised. As the process fails to process this exception, this results in a crash that would render the system unavailable.
fb00b7dfd1a4bfaaa317b021b77e77953255278969e2ee8cefab09d76246d5dfOnapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially-crafted UDP packet is sent to the JDENet port, the JDENET service creates a TCP connection to the provided IP and PORT parameters. This connection could be used to access the JDENET and all ERP functionality provided through that callback connection.
0c98a162b3edfa493fb0a51d4bc92e4a10f6c96764005f2ec2eaeeb63450c32eOnapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a packet of a specific size is sent to the JDENet Service, a heap based buffer overflow condition is raised.
76921f4b4c1e91a19323ad91b682d4affa71e1a792efd459b4fefd21fe6aa43eCook Media Web Development Group suffers from a remote SQL injection vulnerability.
5753e094098a7bd0379bc7e35773a8de8aea4d191a595d330ac7d23d48640417Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. Several ways remotely deactivate the kernel processes logging have been detected. If specifically crafted messages are sent to the JDENET Service, the JDENET Kernel will stop logging for the kernel processes activities.
6c0cc09e84bd9e005ca7c9ae97cdf041b999375c2808d37a4e86b78a4569c0fdDaily Maui Photo Widget WordPress plugin version 0.2 suffers from a cross site scripting vulnerability.
3ce415536de4b96ee4985b66cd8380f457622bc1f8badc312859ee148a0f2531WP Photo Album WordPress plugin version 1.5.1 suffers from a cross site scripting vulnerability.
a8836eafacba3a9faa51ea0de462b5618a7fb80f46ff27f72fde7b2339bd4e16Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. It is possible for a remote and unauthenticated attacker to retrieve passwords of users that are allowed to login to the SAW Kernel (System Administration Workbench Kernel) in default installations of JD Edwards EnterpriseOne servers. As SAW users are allowed to, among other things, remotely execute commands on the server, the exploitation of this vulnerability leads to a full compromise of the server.
f5e070e8139c15730f71e2ea443c613b4a3d3b03b82fa0971259148856bc1535Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially crafted message is sent to the JD Edwards server, running processes of XMLCallObject Kernel, then arbitrary commands can be executed through the JD Edwards CallObject Kernel process.
34c7ee07435c2ddc8c251c76a97e1bc8cc1efd0ab34980d34fa7d069d940abffOnapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially-crafted message is sent to the JDENET Service, the JDENET Kernel performs a shutdown of the service.
495c315fad1554eb899346d39c9206a1fa99d8f13c9027b4c25f296d62c0b440PixelGems remote file disclosure exploit that leverages a local file inclusion vulnerability.
2e7facf90aaaa0bcdd0ef29248ec91a52c246136d5645ad8eaf30961b54ddecfeyeOS versions 1.9.0.2 and below suffer from a stored cross site scripting vulnerability.
7d4a4e68d121c5860bc7375739b43d9371bb170bdaea8915ae59210fcafb7f60Shackleton Rollin suffers from a remote file disclosure vulnerability.
8a4b30a459bf89489b49464052951aba45564c8d22f8d0c574a62823ada4d336BackupPC version 3.1.0 suffers from a cross site scripting vulnerability.
94caa59ee7f687031cb378f80893959ed9e17654456f0bc3c46700cb4648a125Insomnia Security Vulnerability Advisory - The ODBC service component of IGSS listens on port 20222/tcp by default. The application layer protocol runs over TCP and reads an initial packet that specifies the amount of data to follow. A second read then takes place and the data is copied into a variable length buffer. Next the data is parsed and during this process a buffer overflow occurs on the stack. At minimum this vulnerability leads to denial of service though remote code execution may be possible.
9b00196dabcaf93182f5a536e6c2c63ee2b1c359b79ac0f8472802f7bb57d00fOnapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a certain type of message, containing a specially-crafted Unicode data packet, is sent to the JDENET Service, the JDENET Kernel executes a system call, using a user-provided value as the time parameter. This causes the service to stop responding for a period of time.
79b3c65811e59b25443d9a05f8600c42cb7d9ecd8b95e729190c1172ccc7e3e8SE Software Technologies suffers from a remote SQL injection vulnerability.
55e2527e04b3dd937b6c340e1c1d15332b0a0cd8c58364aa23c1e143136b0a4clibmodplug versions 0.8.8.2 and below .abc stack based buffer overflow proof of concept exploit.
dbfed6a7a58ca7e45c3fb022dda6012d48c3db31b77600aca3592fc6e32e19c4Onapsis Security Advisory - It has been detected that the SAP Enterprise Portal runtime presents descriptive error messages when special HTTP requests are processed, returning information about the filesystem structure were the component is deployed in the target system.
d62881883bf04e378522bd7017f63f180b0724bc85d732833c2b6efad9db3923Onapsis Security Advisory - The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With the SAP Web Application Server you can implement both server-based and client-based Web applications. It has been detected that the ITS Mobile Start service suffers from input validation vulnerabilities and design weaknesses, which can be exploited to perform XSS and arbitrary redirects attacks.
4973dde1444f7ea1451bf61d92f93f460d71a3e5898a4dae972e180aaafefe31Onapsis Security Advisory - The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With the SAP Web Application Server you can implement both server-based and client-based Web applications. It has been detected that the ITS Mobile Test service suffers from input validation vulnerabilities and design weaknesses, which can be exploited to perform XSS and arbitrary redirects attacks.
b1a16e8fafc41fd2fd523be4fe06a2088738ea8be3c1a1f316e68006cd95226dJohn the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
b821bac5059a3cdc8beb9a715691a9a412db4947345adb7f88eda2fa93293030xMatters AlarmPoint Java Web Server API version 3.2.1 suffers from a cross site scripting vulnerability.
4d18669ab73ab6d9de1600f56c01ff07b87a8ca67c7effa5cd907e1b5db3d0a5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed