This Metasploit module exploits a file upload vulnerability in SysAid Help Desk v14.3 and v14.4. The vulnerability exists in the RdsLogsEntry servlet which accepts unauthenticated file uploads and handles zip file contents in a insecure way. By combining both weaknesses, a remote attacker can accomplish remote code execution. Note that this will only work if the target is running Java 6 or 7 up to 7u25, as Java 7u40 and above introduces a protection against null byte injection in file names. This Metasploit module has been tested successfully on version v14.3.12 b22 and v14.4.32 b25 in Linux. In theory this module also works on Windows, but SysAid seems to bundle Java 7u40 and above with the Windows package which prevents the vulnerability from being exploited.
1e9a143a1b5de756cddc1fdd9fa8d7bc4b814bf2c25ac0074023cc3b3fb3e4beBeltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
e7507028895b4eabca88fd918f17870bcc32c4ec387b4a985aa42ccd55f495c5Ubuntu Security Notice 2673-1 - Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. Bob Clary, Christian Holler, Bobby Holley, and Andrew McCreight discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
edcecb45d145f10f0b7e4ff7d56649529e2e69c9512e45839ce5892952206428Red Hat Security Advisory 2015-1443-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure.
1dbbc85e48aca9ac27e379fe7a39f4db7e8eaec82b3a1090f9a8b0c6a929064eRed Hat Security Advisory 2015-1455-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that Thunderbird skipped key-pinning checks when handling an error that could be overridden by the user. This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform.
cdddfc23ea54e06009b5918e85bbccd60b6f828effef66b7d5a516c6047e2b18HP Security Bulletin HPSBMU03377 1 - A potential security vulnerability has been identified with HP Release Control running RC4. This is the SSL/TLS vulnerability known as "Bar Mitzvah" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
c948cefb7818ea5b1e51374e04d217feeb476b6c238d3363c61c6946f9651db9HP Security Bulletin HPSBUX03379 SSRT101976 1 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
b21fc27083754ab1ae7b8c59ee2c783014b0ec6f8ca5590eded500f0f1ff2e29Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
bc329a3900261524fdfbdfc4a69ee44f1cf3580bf83e1fd4966f829e0a755df5This is a notification of an out-of-band security bulletin from Microsoft that was added to the July Security Bulletin Summary on July 20, 2015.
eef524469c7a03a5600fc542f88fe7761ba74853e1fa0018d3811d796f80412cDebian Linux Security Advisory 3311-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.20.
1423eab35ca8f3dda7f15407470f35106928d003ba757689cf70b0a0c215170eDebian Linux Security Advisory 3310-1 - It was discovered that an integer overflow in freexl, a library to parse Microsoft Excel spreadsheets may result in denial of service if a malformed Excel file is opened.
db23d221c9b6252856d68fbdee3da4e3242efd152891eb1b55e11453690d1a1bDebian Linux Security Advisory 3309-1 - Fernando Munoz discovered that invalid HTML input passed to tidy, an HTML syntax checker and reformatter, could trigger a buffer overflow. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code.
9f74172d765c78b9706ecbe3bd4c5375d3108c72d904c586aa43aebbab21d647Debian Linux Security Advisory 3308-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.44.
c289e518b0dfd2d9c7f0fd2438fd0c81178613bf6817e1802ed79804a6306c9eSlackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
36799e7bd8fbb814ff99012997a8e5d129d9c75f98b4f4fa759d4b8c20dff96fSlackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
a878dedbe56e20804e45f7a781334aab7ec38b4450537c6f93add15127d7748fGentoo Linux Security Advisory 201507-20 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in execution of arbitrary code or privilege escalation. Versions less than 9.4.3 are affected.
48241fb6aa76393d53251ef2f6519ac204edef004621f8f7fd9487e9fd5ce317Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
c1731ae4133d3879718bb7605a8d395b2036668505effbcbbcaa4dae4e9f27f2Pcapteller is a tool designed for simple traffic manipulation and replay. The tool allows you to recreate a recorded network traffic scenario that occurred in a foreign network, as it really happened in yours. Basically, the tool reads network packets from a PCAP file, and it replaces a given IP address with one that fits your needs. Afterwards, the manipulated packets are injected into the network. The tool is useful if you want to recreate scenarios where computer attacks or malware infections occurred. Using such scenarios as a base, Pcapteller will make it look like everything is really happening in your network. Pcapteller can help you improving your blue team's network security monitoring skills, or creating network decoys during red team operations.
63b0debda0782de5d1c86557ed67dccea5c1848dcaae7c673f10be978997fcabAirdroid version 3.1.3 suffers from a malicious script insertion vulnerability.
16bdfffa85eb8722d4f81f39619c9f5161666f6be0e5e6d7a1e8482054755700WordPress Mobile Pack plugin version 2.1.2 suffers from an information disclosure vulnerability.
86b11c51c08452116cdba134c05255d187c7e8adb670829ed17ec574ea6f3a48
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed