CosCms 1.721 – OS Command Injection
>> TAG: #Security
CosCms 1.721 – OS Command Injection
mnoGoSearch 3.3.12 (search.cgi) – Arbitrary File Read
Qool CMS v2.0 RC2 – Multiple Vulnerabilities
Remote File Manager v1.2 iOS – Multiple Vulnerabilities
Apple Security Advisory 2013-03-04-1 – Multiple vulnerabilities existed in Java 1.6.0_41, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox, have been addressed.
This Metasploit module exploits a vulnerability in Viscosity 1.4.1 on Mac OS X. The vulnerability exists in the setuid ViscosityHelper, where an insufficient validation of path names allows execution of arbitrary python code as root. This Metasploit module has been tested successfully on Viscosity 1.4.1 over Mac OS X 10.7.5.
This Metasploit module exploits a vulnerability in Tunnelblick 3.2.8 on Mac OS X. The vulnerability exists in the setuid openvpnstart, where an insufficient validation of path names allows execution of arbitrary shell scripts as root. This Metasploit module has been tested successfully on Tunnelblick 3.2.8 build 2891.3099 over Mac OS X 10.7.5.
Setuid Tunnelblick Privilege Escalation
Kaspersky Internet Security 2013 – Denial Of Service Vulnerability
Viscosity setuid-set ViscosityHelper Privilege Escalation