Linksys WRT160n apply.cgi Remote Command Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex/proto/tftp' class Metasploit3 'Linksys...

Linksys WRT160N v2 - 'apply.cgi' Remote Command Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex/proto/tftp' class Metasploit3 'Linksys...

CVE-2013-2430

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability v...

PT-2013-1819 · Red Hat · Red Hat Server +2

Name of the Vulnerable Software and Affected Versions: Red Hat Storage Management Console version 2.0 Red Hat Native Client version 2.0 Red Hat Server version 2.0 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by...

CVE-2013-0886

Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client aka NaCl code, which has unspecified impact and attack vectors...

CVE-2013-0884

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client aka NaCl code, which has unspecified impact and attack vectors...

CVE-2013-0884

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client aka NaCl code, which has unspecified impact and attack vectors...

CVE-2013-0886

Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client aka NaCl code, which has unspecified impact and attack vectors...

CVE-2013-0884

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client aka NaCl code, which has unspecified impact and attack vectors...

CVE-2013-0886

Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client aka NaCl code, which has unspecified impact and attack vectors...

CVE-2013-0884

CVE-2013-0884 is referenced in connected OpenSUSE/Gentoo/Nessus entries as a Chromium/Chrome issue described as an “Inappropriate load of NaCl.” The available connected documents confirm the affected component is part of Chromium/Chrome’s NaCl handling, but do not provide detailed root-cause anal...

CVE-2013-0886

CVE-2013-0886 : Google Chrome on Mac OS X prior to 25.0.1364.99 is affected by improper signal handling in Native Client (NaCl) code, with unspecified impact and attack vectors. The NVD CVSSv2 score is 7.5 (Network, Low complexity, No auth, Partial confidentiality/integrity/availability impact). ...

Oracle Java JavaFX WCGraphicsManager Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JavaFX...

RHEL 5 / 6 : mod_cluster-native (RHSA-2012:0037)

An updated modcluster-native package that fixes one security issue is now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scorin...

RHEL 4 / 5 : jbossas (RHSA-2011:1309)

Updated jbossas packages that fix one security issue are now available for JBoss Enterprise Application Platform 4.2.0.CP09 for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVS...

Java Applet AverageRangeStatisticImpl Remote Code Execution

This module abuses the AverageRangeStatisticImpl from a Java Applet to run arbitrary Java code outside of the sandbox, a different exploit vector than the one exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier. This module requires Metasploit:...

java 7.x -- security manager bypass

US CERT reports: Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The Java JRE plug-in provides its own Security Manager. Typically, a web applet runs with a security manager...

Cross site scripting

Cross-site scripting XSS vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins...

CVE-2012-6464

Cross-site scripting XSS vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins...

CVE-2012-5445

CVE-2012-5445 affects Cisco Unified IP Phone 7900 series (Cisco Native Unix kernel) prior to 9.3.1-ES10. The vulnerability arises from improper validation of unspecified kernel system calls in the TNP phones, enabling either arbitrary code execution or a memory overwrite-based denial of service w...