This code exploits a common misconfiguration in JBoss Application Server. Whenever the JMX Invoker is exposed with the default configuration, a malicious "MarshalledInvocation" serialized Java object allows to execute arbitrary code. This exploit works even if the "Web-Console" and the "JMX Console" are protected or disabled.
2f89a911033600e43c401de947c053ee9c90b4063ccb92f8ff41a305ec2aa1aaZend Java Bridge version 3.1 remote code execution exploit that takes advantage of a specific flaw in the javamw.jar service.
5b230d5d0d8b69815ef55baf27ebfe72e28fd2c2e03ebc062420fdb5fcd6d19eThis Metasploit module exploits a buffer overflow in NetSupport Manager Agent. It uses a similar ROP to the proftpd_iac exploit in order to avoid non executable stack.
97cfba55ad99e70aab89080a5fd28096914ddedef3359cfe0a68bdb2d98b0bffNetSupport Manager Agent suffers from a stack-based buffer overflow vulnerability. Version 11 for Linux, 9.50 for Solaris, and 11.00 for Mac OS X are confirmed vulnerable. The advisory and exploit are both included in this archive.
6417f7b4beba8da9495af360dd98ebbd189845733d7c21caf922ea23a26883beIBM WebSphere suffers from arbitrary file retrieval vulnerabilities.
de8dc2b772ab07ee4cd4c5c0720677050407868ec9368f5cf31cdc98f583d590Oracle Secure Backup Administration Server suffers from authentication bypass and command injection vulnerabilities.
8bbf1a7668ebf7f94b2ec20073f80c9f8f048f84184c40ab8880774b4df54dd6This is a presentation called HTTP Parameter Pollution that focuses on manipulation and injection of HTTP GET/POST parameters.
df989e106011230b8418a8adeaad6d36878992bf93ca8fd2ac0c12fef5be85faMortbay Jetty versions 7.0.0-pre5 and below dispatcher servlet denial of service exploit.
f66271be2229a03b1932399b1b0b4487d492f57519db5138a2bb1f932b5197b8ZeroShell versions 1.0beta11 and below suffer from a remote code execution vulnerability.
15b6637e4b0289913a8d4d63a52e96e1a32f244030761fbf336ec8cf371497fdThe 3Com OfficeConnect wireless cable/dsl router suffers from an authentication bypass vulnerability.
aa080901b45cce39e49530c28026faaa434bace8effcbd668c55029fb4655d06DFLabs PTK versions 1.0 and below suffer from a local command execution vulnerability. Full exploitation details provided.
5695f2251816085038d0b232c49173e5e2e8df4fefa8aac2a2c8d23da4b18bdbThe Nokia Mini Map Browser suffers from a silent crash vulnerability.
ea8657ee3bff0560317b033c2fec9f30414dbc0595ff68403bf49e94ffbca132This is a list of fuzzing vectors used in order to trigger directory traversal vulnerabilities. It is quite a huge list composed using different encodings and bizarre attack patterns reported in several vulnerability advisories.
4ba540799aa51a24dc790a72c68a21a526b853367d539adee6941a805954e2e4Further analysis regarding the HP System Management
50cafab5d8ea833ac02ac9ae4a102f63d72c36a385c1f8949e6ee5291fbf724fThe Philips VOIP841 DECT cordless phone with an embedded Skype client suffers from a hidden administrative interface with a default login, directory traversal, and cross site scripting vulnerabilities.
ca377cc63b1fdc961af36a095f187918a72cd8179c8b5930245727e8467eb649Simple PHP Blog version 0.5.0.1, 0.4.8, and all previous versions suffer from cross site scripting and arbitrary file upload vulnerabilities.
3027e00fe1c5d2f7de12da1db873e56561637229d6fbf0c6be6c6cc5383dd35cGCALDaemon version 1.0-beta13 is susceptible to denial of service attacks via a specially crafted HTTP request.
bf70ecc515ce42e68f77786ee109556869210e65b7c5f9d7ca197255326672c8It is possible to bypass HTTP basic authentication on Boa version 0.93.15.
ca7942dc4171dd5917fcf795566ace2e929664f8d6e883117aa9a78d535cf174Hummingbird Collaboration versions 5.2.1 and below suffer from cross site scripting, improper file handling, and information disclosure vulnerabilities.
f3a90a238b8ae699d77c308f0f0bf299c07360001f625c4774af61491c1676e7By sending trigger packets to the management port (280/http-mgmt) of a Siemens Santis 50 wireless router, the device freezes the web interface and allows unauthenticated access to the telnet CLI.
55fd63fc68a9ff21180c20280c664708b42386f538608ed1c889437dee91b9b0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed