This Metasploit module exploits an arbitrary command execution vulnerability in the AjaXplorer 'checkInstall.php' script. All versions of AjaXplorer prior to 2.6 are vulnerable.
32002b0c8c4086baf8a3940e0cae06296538c059e5c62586ee1b23ee757f955b
This article will show how to use Hydra to check for weak passwords. Hydra tries all possible password combination against a server on the Internet until one valid one is found to log in to the server. It is a powerful tool for hackers and network administrators alike.
56171bc530902f8968a9598509262077fabc677e9035e86cc837313228edf75b
This Metasploit module exploits a remote buffer overflow in the MailEnable web service. The vulnerability is triggered when a large value is placed into the Authorization header of the web request. MailEnable Enterprise Edition versions prior to 1.0.5 and MailEnable Professional versions prior to 1.55 are affected.
ff2e2ce5c94655dfb9465949f75f90f07c48c21db60b136d56f8315fb6e91c26
This Metasploit module exploits an arbitrary command execution vulnerability in the Raxnet Cacti 'graph_view.php' script. All versions of Raxnet Cacti prior to 0.8.6-d are vulnerable.
77015dcc4a4e48442940b4772f4885d88b39b635512bbe063d6f2de6d3022e2b
Patch for THC's Hydra that adds a dependency checks for openssl needed for the SIP module, modifies checks for libpq.so for Postgresql module, adds a new module for Netware NCP and for Firebird database.
a644e2e1a9eb85606bd9b9f29ac096834058d72e8ab3dca236b8146d7a98e302
iDefense Security Advisory 07.16.07 - Remote exploitation of an authorization bypass vulnerability in Trend Micro Inc.'s OfficeScan for Windows could allow attackers to login to the management console and alter application settings. The OfficeScan installation includes a web management console that allows administrators to configure the application and the Antivirus clients it manages. The web interface login is handled by cgiChkMasterPwd.exe which is passed a hash and an encrypted version of the password generated by an ActiveX control on the login page. If cgiChkMasterPwd.exe is sent an empty encryption string and empty hash it proceeds to issue the client a valid session id which can then be used to access the web management console. iDefense has confirmed the existence of this vulnerability in OfficeScan for Windows 7.3 with all current patches applied. Previous versions may also be affected.
a98a64e827c3881c6d7525e8e9f19ca35a49b345f4e980df850b0db80b122c89
Ipswitch WhatsUp Professional suffers from source disclosure, information disclosure, and cross site scripting flaws. Weaknesses are confirmed in version 2006. Earlier versions may also be susceptible.
a9a7a332f27024112aca7776f100288c07c382051fe5ea02a197f2d35645d3f2
WebCalendar is susceptible to user enumeration flaws.
935103eb1980f6dfbf36877ebf7bdf6873490fa42f6e438f5f00cb6731e32120
GNMS is a free Network Management System, a tool to monitor state of network elements. All nodes are mapped on a window. States can be discovered by service, snmp, custom pooling, moreover syslog and snmp traps can be caught too.
f16b8673b8448308becb28dd480cfd1fc14b98a380a73d19f47ed82be7f83d48
A Malicious user can cause a remote denial of service in Juniper NSM (NetScreen-Security Manager) by sending specially crafted and long strings to guiSrv(port 7800) and devSrv(port 7801).
797817f93ca63bd55c20e9ac4d6c679d95eeadee929cea0952179beb1d73a6e5
Edgewall Trac version 0.9 is susceptible to a SQL injection attack due to a lack of sanity checking on the group variable.
0e476544b659e0558351730fac351de96b79fa2ac9ed9599c2b7042ef2694279
Many time consuming directory listing requests can cause a denial of service in Apache Tomcat versions 5.5.0 through 5.5.11.
086f15a92d10b2d041ac47dd4acff5fdcdb316d12cb606660db99f35aac7f44c
Wzdftpd SITE command arbitrary command execution Metasploit plugin exploit for versions 0.5.4 and below.
3e85d32db1a1b151f81bc4597b865d596dd534d0730ffb45e51d9520107e8d72