The Admin framework in Apple OS X contains a hidden backdoor API to gain root privileges. A local user can exploit this flaw in the checking of XPC entitlements.
This module exploits a vulnerability present in Mac OS X. dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain root privileges via the DYLD_PRINT_TO_FILE environment variable.
This module exploits a command injection vulnerability in HP Client Automation. The flaw exists within the radexecd.exe component which listens by default on TCP port 3465. When handling a remote execution request the process does not properly authenticate the user issuing the request. The command to be executed is also not properly sanitized. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
Authentication is not required to exploit this vulnerability.
Authentication is not required to exploit this vulnerability.
CVE-2014-9390: Git is prone to a vulnerability that may allow attackers to overwrite arbitrary local files.
This module exploits the condition and installs an Agent when a vulnerable GIT client performs a CLONE to the fake repository created.
This module exploits the condition and installs an Agent when a vulnerable GIT client performs a CLONE to the fake repository created.
The best practice for web applications built on top of the Apache Struts 2 framework is to switch off Developer Mode (struts.devMode parameter in the struts.xml configuration file) before going into production.
When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter.
This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system.
This update fixes the CVE identifier associated with the vulnerability exploited by this module.
When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter.
This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system.
This update fixes the CVE identifier associated with the vulnerability exploited by this module.
The best practice for web applications built on top of the Apache Struts 2 framework is to switch off Developer Mode (struts.devMode parameter in the struts.xml configuration file) before going into production.
When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter.
This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system.
When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter.
This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system.
This module exploits a vulnerability in Mac OS X Samba server.
When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow.
This update adds support to Mac OSX 10.6.0 to 10.6.7 ( Server and not server versions ).
Besides, this update improves the exploitation by reverting the Samba server impersonation and installing an agent with root privileges in all Mac OSX supported versions.
When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow.
This update adds support to Mac OSX 10.6.0 to 10.6.7 ( Server and not server versions ).
Besides, this update improves the exploitation by reverting the Samba server impersonation and installing an agent with root privileges in all Mac OSX supported versions.
A Buffer Overflow exist in Sophos Antivirus when parsing encrypted revision 3 PDF files by reading the encryption key contents onto a fixed length stack buffer.
The default Java security properties configuration does not restrict access to certain objects in the com.sun.jmx.mbeanserver packages. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.
This update adds support for Mac OS X 10.7.4 (i386).
This update adds support for Mac OS X 10.7.4 (i386).
The DefaultActionMapper class in Apache Struts2 supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:". The information contained in these prefixes is not properly sanitized before being evaluated as OGNL expressions on the server side, which allows remote attackers to execute arbitrary Java code on the server.
This module exploits the vulnerability in any web application built on top of vulnerable versions of the Apache Struts 2 framework.
This module exploits the vulnerability in any web application built on top of vulnerable versions of the Apache Struts 2 framework.