This module exploits an error in the PAM authentication code and installs an agent into the target host.
This update improves the reliability of the exploit.
This update improves the reliability of the exploit.
OpenKM allows administrative users (those having the AdminRole) to run bean shell scripts. Due to this permission an attacker could lure an OpenKM administrator to a malicious web page that causes arbitrary OS commands to run in the administrators OpenKM session context.
SING is prone to a local privilege-escalation vulnerability, that allows an unprivileged process to elevate privileges to root.
This module exploits an argument injection vulnerability in PHP up to version 5.3.12 and 5.4.2 when running as a standalone CGI processor and takes advantage of the -d flag to achieve remote code execution.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
Input passed via the "page" parameter to index.php is not properly sanitised in the "Router()" function in core/lib/router.php before being used in an "eval()" call. This can be exploited to execute arbitrary PHP code.
This update fixes an issue with the SSL support in the exploit for Usermin's and Webmin's perl format string vulnerability (CVE-2005-3912).
The ExceptionDelegator component of the XWork framework, part of the Apache Struts 2 web framework, as shipped with Atlassian FishEye, interprets parameters values as OGNL expressions when handling a type conversion error.
This can be exploited to execute arbitrary code on the vulnerable server by tricking a logged-in user with administrator privileges within the FishEye site to visit a specially crafted web page.
This can be exploited to execute arbitrary code on the vulnerable server by tricking a logged-in user with administrator privileges within the FishEye site to visit a specially crafted web page.
Unsafe type handling performed by the AtomicReferenceArray class of the Oracle Java Runtime Environment can be abused to cause a type confusion error.
This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.
This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.
The PAM MOTD module in Ubuntu does not correctly handle path permissions when creating user file stamps. A local attacker can exploit this to gain root privileges.
This update improves the reliability of the exploit.
This update improves the reliability of the exploit.
Due to insuficient checks when accessing the memory of a process vi /proc/PID/mem the linux kernel is prone to a privilige escalation.