This Metasploit module exploits a vulnerability in ZEN Load Balancer version 2.0 and 3.0-rc1 which could be abused to allow authenticated users to execute arbitrary code under the context of the 'root' user. The 'content2-2.cgi' file uses user controlled data from the 'filelog' parameter within backticks.
00bb887bb0df418300d4b44bcb42abfdd700d3c405ec1e719a786661df083664This Metasploit module exploits a vulnerability found in NTR ActiveX 1.1.8. The vulnerability exists in the Check() method, due to the insecure usage of strcat to build a URL using the bstrParams parameter contents, which leads to code execution under the context of the user visiting a malicious web page. In order to bypass DEP and ASLR on Windows Vista and Windows 7 JRE 6 is needed.
71b360ec4aa13486de7017b18411dfb19378317ae8e8699d3895d166df0771b8This Metasploit module exploits a vulnerability found in the NTR ActiveX 1.1.8. The vulnerability exists in the StopModule() method, where the lModule parameter is used to dereference memory to get a function pointer, which leads to code execution under the context of the user visiting a malicious web page.
6acce73c09ae26c0cdd0799d7b6afb5dff55a6136f9b0ac4216f6537527d0c5cThere is a command execution vulnerability in the Toshiba ConfigFree CF7 file format used on Toshiba laptops to import and export network configurations. An attacker could execute arbitrary commands with the privileges of the current logged-in user by enticing a Toshiba laptop user to download and execute a crafted CF7 file.
1a28addbea1119b8595d7ce90329399c3a421d1b2c932af1c19cb5566dc660f6There is a stack buffer overflow vulnerability in the Toshiba ConfigFree CF7 file format used on Toshiba laptops. An attacker could execute arbitrary code by enticing a Toshiba laptop user to download and execute a malicious CF7 file if they manipulate the ProfileName.
05232d34ddffe76d5100c661203316977746d8be7a62f96774f60c7a08b9cadeApple Security Advisory 2012-09-19-3 - Safari 6.0.1 is now available and addresses multiple vulnerabilities in itself and WebKit.
69aa4378ab7394dca2af1f960c808b3f35ea802b8eba8cef84c559eb0b5212dbApple Security Advisory 2012-09-19-2 - OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address Apache, BIND, CoreText, Data Security, and many other vulnerabilities.
40b0db811b217e85fb6806b53d13edb126d8f6537576e1fb80a6d9e6c2266a62Apple Security Advisory 2012-09-19-1 - iOS 6 is now available and addresses CFNetwork, CoreGraphics, CoreMedia, DHCP, and many other vulnerabilities.
948802ec7f4f098a6e019e724692dd60eae2f16a84688f9bf9597fcc368ca8d8There is a stack buffer overflow vulnerability in the Toshiba ConfigFree CF7 file format used on Toshiba laptops. An attacker could execute arbitrary code by enticing a Toshiba laptop user to download and execute a malicious CF7 file.
dc729d72f0909efd4007c17c952629e8a732811f980783d117f4597ca4769c47Technical Cyber Security Alert 2012-265A - Microsoft has released Security Bulletin MS12-063 to address the use-after-free vulnerability that has been actively exploited this past week.
a8296a336edfb7c6981620d272d11cd2d0e8cc59b4c7c6c9a5216d11629a859cJohn the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
f3dbedbacea4d87f5724cc8f99f635729c37d88cbfdcae91a5e310ee3973e8a9This bulletin summary lists 3 released Microsoft security bulletins for September, 2012.
16d32e7f9f9ff5204b3b5373aa1afc2a24368964b692de1935842c5deec781d5WordPress Sexy Add Template third party plugin suffers from a cross site request forgery vulnerability that can allow for a remote shell upload.
1affa7a2359402e238e1b45c9641771b83a76a3cc8221b1f223342302e09ee91WordPress Add Multiple Users third party plugin suffers from a cross site request forgery vulnerability.
cd81726386482650be2191a3326e6387bcd6563259e0760023dc4715b91133e1YCommerce Pro / Reseller suffers from a remote SQL injection vulnerability.
674c1ec52b72be8da7c68b254c57f1fa20b169ec82242c6089ef21eab6bd8f64Ubuntu Security Notice 1580-1 - Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. Various other issues were also addressed.
ef505147be703d168bfb1734889fe6ffe521c6b113683e4ba6c61f795e784fd1Ubuntu Security Notice 1579-1 - Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. Various other issues were also addressed.
fdf96d6998472217b46f9b562b451396232f327da0126d6ede60aa856fedd030Ubuntu Security Notice 1578-1 - Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. Various other issues were also addressed.
f0f7a7c1a6c756f92e5c2b0f4328a2c2eec5e4bbe0365789fbce13a54a10de39WordPress version 3.4.2 appears to suffer from a cross site request forgery vulnerability.
8af686881751d2aa70f5450175099f61552a275371353ead762482baa2fc2edcUbuntu Security Notice 1577-1 - A flaw was discovered in the Linux kernel's KVM (kernel virtual machine). An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO (TCP segment offload). A local or peer user could exploit this flaw to to cause a denial of service. Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS sockets. A local unprivileged user could potentially use this flaw to read privileged information from the kernel. Various other issues were also addressed.
d586707b91b4f3b225cc4d03b41b378e30ed41bca1ca9a40018facbcf323ee68
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed