This Metasploit module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI.

This Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player's ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than how much is available on the heap (0x400 allocated by WINMM!winmmAlloc), and then allowing us to either "inc al" or "dec al" a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. At this time, for IE 8 target, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention). Note: Based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.

AdaCore Security Advisory - All AWS releases and wavefronts prior to 2012-01-21 suffer from hash collision vulnerabilities.

Studio Manolibera's listarivisteuk.php suffers from a remote SQL injection vulnerability.

Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.

IBBY's nouvelles.php suffers from a remote SQL injection vulnerability.

Kraken Payload Generator is a bash script that makes use of msfpayload to generate various shellcode.

The Fortigate UTM WAF appliance suffers from persistent and reflective cross site scripting vulnerabilities.

Adobe's forgotten password flow suffers from a cross site scripting vulnerability.

Gentoo Linux Security Advisory 201201-16 - A debugging functionality in the X.Org X Server that is bound to a hotkey by default can be used by local attackers to circumvent screen locking utilities. Versions less than 2.4.1-r3 are affected.

Debian Linux Security Advisory 2396-1 - Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation.

Debian Linux Security Advisory 2395-1 - Laurent Butti discovered a buffer underflow in the LANalyzer dissector of the Wireshark network traffic analyzer, which could lead to the execution of arbitrary code.

Interactive Web Design suffers from a remote SQL injection vulnerability.

Global Media Service suffers from a remote SQL injection vulnerability.

Gentoo Linux Security Advisory 201201-15 - Two vulnerabilities have been found in ktsuss, allowing local attackers to gain escalated privileges. Versions less than or equal to 1.4 are affected.

Debian Linux Security Advisory 2394-1 - Many security problems had been fixed in libxml2, a popular library to handle XML data files.

This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.

Peel SHOPPING versions 2.8 and 2.9 suffer from cross site scripting and remote SQL injection vulnerabilities.

RSA has announced security fixes to address an environmental variable disclosure vulnerability in RSA enVision 4.x.

EMC NetWorker Server 7.5.x and 7.6.x contain a buffer overflow vulnerability which may possibly be exploited to cause a denial of service or, possibly, arbitrary code execution.

xClick Cart versions 1.0.1 and 1.0.2 suffer from a cross site scripting vulnerability.

Register Plus versions 3.5.1 and below for WordPress suffer from code execution, cross site scripting and path disclosure vulnerabilities.

This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.50. This issue was fixed in 5.52. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP and 2003.

Cisco Security Advisory - Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Security Management Appliances (SMA) contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Workarounds that mitigate this vulnerability are available.