This Metasploit module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager versions 11.0, 12.0 and 12.1. When supplying a specially crafted XXE request an attacker can reach SQL injection affected components. As xp_cmdshell is enabled in the included database instance, it's possible to execute arbitrary system commands on the remote system with SYSTEM privileges.
ef19d7abd0e99695337b2df4433d4785cfa21593bd61b704d3aa78a9d8ce5183Red Hat Security Advisory 2014-0212-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA Platform 5.3.1. It includes various bug fixes.
083d0305dc9b69b6fb620edee0c12f90b0c62b6152a1739f807e78fc9c42146cUbuntu Security Notice 2121-1 - Suman Jana discovered that GnuTLS incorrectly handled version 1 intermediate certificates. This resulted in them being considered to be a valid CA certificate by default, which was contrary to documented behaviour.
e31472c1008f49db136961e116376c9d6245bcd51804c58ec233ad40a1dc16b3HP Security Bulletin HPSBMU02971 - A potential security vulnerability has been identified in the Web Console component of HP Application Information Optimizer (formerly HP Database Archiving). The vulnerability could be exploited to allow remote execution of code and information disclosure. Revision 1 of this advisory.
7fa114f44e68956bc8ed3ff8e81ed51edc85fcef8252cb59af1e782d0de5c135Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
5f6e1facff15ba1522757d0f05523382784dbb613ed3191964599d233372cec2Apache Tomcat versions 8.0.0-RC1 through 8.0.0-RC5, 7.0.0 through 7.0.47, and 6.0.0 through 6.0.37 suffer from an information disclosure vulnerability via XXE when running untrusted web applications.
e5038c902c4a597115e468b2cd9304969026597458d6fd3280891c6e2c2d59dfRed Hat Security Advisory 2014-0211-01 - PostgreSQL is an advanced object-relational database management system. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.
b42104045524c5b6c7136d8eb51782dbe945f7f2d689f9496c733b7271a311baWordPress Zedity plugin version 2.4.0 suffers from a cross site scripting vulnerability.
bf216e13309ba2da46c46dfe289f9ead0670f5dc9fc964553aa0349e0959017fPrivate Camera Pro version 5.0 suffers from cross site scripting, command injection, and local file inclusion vulnerabilities.
17fb206f13e33a50cc85ae1512cbabef9096f351f2e53a74039828fd6491558dApache Tomcat versions 8.0.0-RC1 through 8.0.0-RC5, 7.0.0 through 7.0.47, and 6.0.0 through 6.0.37 suffer from a denial of service vulnerability due to an incomplete fix for CVE-2012-3544.
8ac3ea938f07d2896bed13e92312af0a063d45b0633a23f122e4629acf2c3085Joomla-Base suffers from cross site scripting, XML injection, denial of service, and path disclosure vulnerabilities.
9c3d160db634706c722994d1718973ddd740dd54ab93bb856a71efe8bd1ddd6dThe Dilbert website suffers from a cross site scripting vulnerability. The author was unable to get a response from them and is releasing the details.
4725b63a3575c31c7ef77659a5bd8f137e8e475e3c68ed9fca8a7bd89a4b9646The Telegraph website suffers from a cross site scripting vulnerability. The author was unable to get a response from them and is releasing the details.
c7c9dc4aba767147fa0567b50208e10db6efc702eac4f87f9312c857efc107f8HP Security Bulletin HPSBST02937 - A potential security vulnerability has been identified with HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly known as HP LeftHand Virtual SAN Appliance) dbd_manager. The vulnerability could be remotely exploited resulting in execution of arbitrary code. Revision 1 of this advisory.
a65650fb55a317acafa21e8f72f0a1f4fada511dee733a20476db56dbb334434The New York Times website suffers from a cross site scripting vulnerability. The author was unable to get a response from them and is releasing the details.
c95e989d546836b2092632c31447519ff2a90322f114cf8e1c1a72daaec85e8aFeedWeb version 2.4 suffers from a cross site scripting vulnerability.
a8ab6eec37820a53bb0fdd5de59e820583e5bbaff61956894396a5ba8a41b110
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed