#!/usr/bin/perl
#
# Title: Incredible PBX remote command execution exploit
# Author: Simo Ben youssef
# Contact: Simo_at_Morxploit_com
# Discovered: 1 September 2014
# Coded: 21 October 2014
# Published: 21 October 2014
# MorXploit Research
# http://www.MorXploit.com
# Vendor: PBX in a Flash
# Vend
On Mon, Oct 20, 2014 at 4:27 AM, Grond wrote:
> Is this kind of file ever *intended* to be used as an executable script?
> If the answer is "no"; then you should apply fixes.
>
Seems to me like it was. Also, wouldn't a user who can edit those files
also be able to, for example, patch the executa
Title: Vulnerabilities in WordPress Database Manager v2.7.1
Author: Larry W. Cashdollar, @_larry0
Date: 10/13/2014
Download: https://wordpress.org/plugins/wp-dbmanager/
Downloads: 1,171,358
Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/
Contacted: 10/13/2014, Vulnerabilities addressed
Mulesoft ESB Runtime 3.5.1 Authenticated Privilege Escalation → Remote Code
Execution
Mulesoft ESB Runtime 3.5.1 allows any arbitrary authenticated user to
create an administrator user due to a lack of permissions check in the
handler/securityService.rpc endpoint. The following HTTP request can
Document Title:
===
File Manager v4.2.10 iOS - Code Execution Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1343
Release Date:
=
2014-10-21
Vulnerability Laboratory ID (VL-ID):
==
Document Title:
===
iFunBox Free v1.1 iOS - File Include Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1344
Release Date:
=
2014-10-20
Vulnerability Laboratory ID (VL-ID):
===
