This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. The arguments passed to Java Web Start are not properly validated, allowing injection of arbitrary arguments to the JVM. By utilizing the lesser known -J option, an attacker can take advantage of the -XXaltjvm option, as discussed previously by Ruben Santamarta. This method allows an attacker to execute arbitrary code in the context of an unsuspecting browser user. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.
81161207244c8e7484b4277932284c0018d20eb38ceb3a2c62bd1e994ede6a05This Metasploit module exploits a stack-based buffer overflow in Orbit Downloader. The vulnerability is due to Orbit converting an URL ascii string to unicode in a insecure way with MultiByteToWideChar. The vulnerability is exploited with a specially crafted metalink file that should be opened with Orbit through the "File->Add Metalink..." option.
3fabd80b37cf0e1969d54e9e5602e17e7766d95225a456a310cee421d520516ce-Rapido version 3.3.2 suffers from a remote SQL injection vulnerability.
cf7a1400e35c1b125e03897fa09e961f0d5c7a343ba03458675f0c86364aded2Onapsis Security Advisory - If a message containing packets of a specific size is sent to the JDENET service, a Denial of service condition is triggered, because the kernel in charge of dispatching those packets uses all the available CPU time.
e078711b599b4ca14519d9a0815063149df5877baf8bdefeb3da7bcb1a95522ePacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
ba03e5371037a7543536b1b3657f4b8d9eb3f36d5711e818d4cc69d3057f12f4Onapsis Security Advisory - Several ways to gather information exist in the JDENET service. Sending specific types of messages, it is possible to access technical information about the system's configuration.
a6dfb3a6559dfc645d1303f9b5a6826e4fa6b4bbc4a75ebc31faef54217250c8Redtienda E-Commerce version 2.0 suffers from a remote SQL injection vulnerability.
254a66ed01d4fe65cc1f4ecee5e04fd56ef097f03a784bee9bf477ac65334d03Mobile MP3 Search Engine version 2.0 suffers from a HTTP response splitting vulnerability.
4a234a62d9055e4a817636cab81811ebdcb76770efd193cc42471310e95ae02fphpDenora versions 1.4.6 and below suffer from multiple remote SQL injection vulnerabilities.
b83bd5f90a30cbd3fd0278ac241065d1eca4705fd8add6f40376be1d877983ceOnapsis Security Advisory - If a specially crafted message is sent to the JDENET service (specifically to the SAW Kernel), a user can remotely retrieve data from the JDE.INI configuration FILE. This information includes password for database connection and configuration of node password for authentication tokens.
90f2ce75b9c8f2dc58f994c02fbf3ab323d56248d40faf948d178fd4350492a4Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
357a44e43c4f2c671f4d21ee653ec8fd76e0867ce903aed183590f7707f4ae54Cisco Security Advisory - Cisco Small Business (SRP 500) Series Services Ready Platforms contains command injection, unauthenticated configuration upload, and directory traversal vulnerabilities.
31da0efcb3a1c6bfaf12e06688d0619522253f130e943a73a69af7e3f60d8eeaOnapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), and the JDESAW Kernel is configured (it is by default), then it would be possible to read any file on the system.
8830e58431e4e54de8e064e5cd249e16908cd8f778228632a25fa840fdf16e20Onapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), and the Security Kernel is enabled and SignonSecurity is configured, then it is possible to retrieve the password of arbitrary users.
ca8b740898e9808b2377e7e6e742f24a9adcdee6596d83dbff27ba20b10ae606YVS Image Gallery version 0.0.0.1 suffers from a remote SQL injection vulnerability.
57c8b4b331c976402d8ecbf2a7336a8a495b9664d40c2aa1baa1066165e7c43cOnapsis Security Advisory - If a "Message packet" is sent to the JDENet port (6015 by default) containing a specially crafted "File Packet", the sent file is saved in the server where the JDENet service is running, in the arbitrary location specified by the "File Packet".
110da071d60499fa9e34debb38e6a7404f1d62c2405feaa405c2015812db0a2eXenotix KeylogX is a keylogger add-on for Mozilla Firefox. It captures and logs keystrokes sent to the browser and you simply type alt-X to retrieve the data from the logfile.
67b0971f10df230d180133c5c89d059079a85c82d7ef454d272f3decf994a478Ubuntu Security Notice 1372-1 - It was discovered that Puppet did not drop privileges when executing commands as different users. If an attacker had control of the execution manifests or the executed command, this could be used to execute code with elevated group permissions (typically root). It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files and escalate privileges. Various other issues were also addressed.
5c8cc223024eb5757b6e35e27ea76c485d767109bb47ae4e336bf0859299e7adDebian Linux Security Advisory 2417-1 - It was discovered that the internal hashing routine of libxml2, a library providing an extensive API to handle XML data, is vulnerable to predictable hash collisions. Given an attacker with knowledge of the hashing algorithm, it is possible to craft input that creates a large amount of collisions. As a result it is possible to perform denial of service attacks against applications using libxml2 functionality because of the computational overhead.
cf6eb06a9662d3cbb04a61d240b222ea745c263a73494063aa45b2362bc1dd87Red Hat Security Advisory 2012-0333-01 - Updates have been made to the Linux kernel. SG_IO ioctl SCSI requests on partitions or LVM volumes could be passed to the underlying block device, allowing a privileged user to bypass restrictions and gain read and write access to the entire block device. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. A local, unprivileged user could use a flaw in the Performance Events implementation to cause a denial of service. Various other issues have also been addressed.
ab385ec0a710376d5bd1648fee2d56710fe8b5e7cf9b6e8931a4f3a897ec925aRed Hat Security Advisory 2012-0332-01 - Samba is a suite of programs used by machines to share files, printers, and other information. An input validation flaw was found in the way Samba handled Any Batched requests. A remote, unauthenticated attacker could send a specially-crafted SMB packet to the Samba server, possibly resulting in arbitrary code execution with the privileges of the Samba server.
83217c4f85e67c38de8250edb78839110461105a09c8ced94de19612811108b2Secunia Security Advisory - SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user's system.
39254df708c3f5ffb0cd358ff63ee347d5e144525cd6c1dbe4247f4a12d93d07Secunia Security Advisory - Red Hat has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
7a68230e661330b4c5d167879dd6b4734e5444a1ae36f1f9bff77e6c8f146919Secunia Security Advisory - Multiple vulnerabilities with unknown impacts have been reported in PHP Live!.
a67c1530bfc0610040ecc148fd7a8f1871115e01367b07df0cfb4c4a80ea82a4Secunia Security Advisory - Multiple vulnerabilities have been discovered in phpDenora, which can be exploited by malicious people to disclose sensitive information and conduct SQL injection attacks.
6c16d7397bf43eaa4c8c4a711fd1b80510988506b71117447a75283440d1c9b2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed