This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly known as “Sandworm”. Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable.
Monthly Archives: October 2014
Drupal HTTP Parameter Key/Value SQL Injection
This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).
Linux PolicyKit Race Condition Privilege Escalation
A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec. Those vulnerable include RHEL6 prior to polkit-0.96-2.el6_0.1 and Ubuntu libpolkit-backend-1 prior to 0.96-2ubuntu1.1 (10.10) 0.96-2ubuntu0.1 (10.04 LTS) and 0.94-1ubuntu1.1 (9.10).
Centreon SQL Injection / Command Injection
Centreon versions 2.5.2 and below and Centreon Enterprise Server versions 2.2 and below and 3.0 and below suffer from remote SQL injection and remote command injection vulnerabilities.
Vuln: WebKit CVE-2013-2928 Multiple Unspecified Security Vulnerabilities
WebKit CVE-2013-2928 Multiple Unspecified Security Vulnerabilities
Vuln: WebKit CVE-2013-5228 Use After Free Memory Corruption Vulnerability
WebKit CVE-2013-5228 Use After Free Memory Corruption Vulnerability
Vuln: WebKit CVE-2013-6625 Use After Free Remote Code Execution Vulnerability
WebKit CVE-2013-6625 Use After Free Remote Code Execution Vulnerability
Vuln: TYPO3 Calendar Base Extension Denial of Service Vulnerability
TYPO3 Calendar Base Extension Denial of Service Vulnerability
CVE-2014-2278
Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the partitionIndex parameter and leveraging CVE-2014-2279.2 to access it via the directory specified by the fileId parameter.
CVE-2014-2279
Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. (dot dot) in the logname parameter to out/out.LogManagement.php or (2) remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to op/op.AddFile2.php. NOTE: vector 2 can be leveraged to execute arbitrary code by using CVE-2014-2278.