VMware vCenter Server is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine. By exploiting known methods, it is possible to remotely load an MLet file from an attacker controlled web server that points at a jar file.
A vulnerability exists in the av-forward daemon running in AlienVault Unified Security Management appliances. The daemon accepts serialized Python and proceeds to deserialize it without proper validation, allowing unauthenticated arbitrary code execution. This module writes and executes an Impact agent by sending a specially crafted string to the daemon. The resulting agent runs as the 'avforw' use, which is non-privileged.
There is a directory traversal flaw in the fileserver upload/download functionality used for blob messages in Apache ActiveMQ. The vulnerability allows writing files anywhere in the filesystem as long as the user running the process has permissions to do so. It also allows to copy local files to local or remote destinations, the later by means of abusing UNC paths. This module first uses the vulnerability to upload the credentials for the web administration application to a SMB server and parses the credentials. It then uploads a "Java Server Pages" file, which remains accessible only with appropriate credentials. It then uses the previously retrieved credentials to access the page and achieve remote code execution. The upload of content from the server is done using a MOVE HTTP verb against a REST service. Due to its semantics, the file retrieved is also deleted. This module uses the vulnerability to restore the web application passwords file once it's been retrieved. Because something might stop the process at this point, this module is marked as potentially leaving the service unavailable.
Subscribe to Remote