This Metasploit module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager versions 11.0, 12.0 and 12.1. When supplying a specially crafted XXE request an attacker can reach SQL injection affected components. As xp_cmdshell is enabled in the included database instance, it's possible to execute arbitrary system commands on the remote system with SYSTEM privileges.
ef19d7abd0e99695337b2df4433d4785cfa21593bd61b704d3aa78a9d8ce5183
Red Hat Security Advisory 2014-0212-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA Platform 5.3.1. It includes various bug fixes.
083d0305dc9b69b6fb620edee0c12f90b0c62b6152a1739f807e78fc9c42146c
Ubuntu Security Notice 2121-1 - Suman Jana discovered that GnuTLS incorrectly handled version 1 intermediate certificates. This resulted in them being considered to be a valid CA certificate by default, which was contrary to documented behaviour.
e31472c1008f49db136961e116376c9d6245bcd51804c58ec233ad40a1dc16b3
HP Security Bulletin HPSBMU02971 - A potential security vulnerability has been identified in the Web Console component of HP Application Information Optimizer (formerly HP Database Archiving). The vulnerability could be exploited to allow remote execution of code and information disclosure. Revision 1 of this advisory.
7fa114f44e68956bc8ed3ff8e81ed51edc85fcef8252cb59af1e782d0de5c135
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
5f6e1facff15ba1522757d0f05523382784dbb613ed3191964599d233372cec2
Apache Tomcat versions 8.0.0-RC1 through 8.0.0-RC5, 7.0.0 through 7.0.47, and 6.0.0 through 6.0.37 suffer from an information disclosure vulnerability via XXE when running untrusted web applications.
e5038c902c4a597115e468b2cd9304969026597458d6fd3280891c6e2c2d59df
Red Hat Security Advisory 2014-0211-01 - PostgreSQL is an advanced object-relational database management system. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.
b42104045524c5b6c7136d8eb51782dbe945f7f2d689f9496c733b7271a311ba
WordPress Zedity plugin version 2.4.0 suffers from a cross site scripting vulnerability.
bf216e13309ba2da46c46dfe289f9ead0670f5dc9fc964553aa0349e0959017f
Private Camera Pro version 5.0 suffers from cross site scripting, command injection, and local file inclusion vulnerabilities.
17fb206f13e33a50cc85ae1512cbabef9096f351f2e53a74039828fd6491558d
Apache Tomcat versions 8.0.0-RC1 through 8.0.0-RC5, 7.0.0 through 7.0.47, and 6.0.0 through 6.0.37 suffer from a denial of service vulnerability due to an incomplete fix for CVE-2012-3544.
8ac3ea938f07d2896bed13e92312af0a063d45b0633a23f122e4629acf2c3085
Joomla-Base suffers from cross site scripting, XML injection, denial of service, and path disclosure vulnerabilities.
9c3d160db634706c722994d1718973ddd740dd54ab93bb856a71efe8bd1ddd6d
The Dilbert website suffers from a cross site scripting vulnerability. The author was unable to get a response from them and is releasing the details.
4725b63a3575c31c7ef77659a5bd8f137e8e475e3c68ed9fca8a7bd89a4b9646
The Telegraph website suffers from a cross site scripting vulnerability. The author was unable to get a response from them and is releasing the details.
c7c9dc4aba767147fa0567b50208e10db6efc702eac4f87f9312c857efc107f8
HP Security Bulletin HPSBST02937 - A potential security vulnerability has been identified with HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly known as HP LeftHand Virtual SAN Appliance) dbd_manager. The vulnerability could be remotely exploited resulting in execution of arbitrary code. Revision 1 of this advisory.
a65650fb55a317acafa21e8f72f0a1f4fada511dee733a20476db56dbb334434
The New York Times website suffers from a cross site scripting vulnerability. The author was unable to get a response from them and is releasing the details.
c95e989d546836b2092632c31447519ff2a90322f114cf8e1c1a72daaec85e8a
FeedWeb version 2.4 suffers from a cross site scripting vulnerability.
a8ab6eec37820a53bb0fdd5de59e820583e5bbaff61956894396a5ba8a41b110