Exploit the possiblities
Showing 1 - 25 of 34 RSS Feed

Files Date: 2012-07-06

Poison Ivy 2.3.2 C&C Server Buffer Overflow
Posted Jul 6, 2012
Authored by juan vazquez, Gal Badishi, Andrzej Dereszowski | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Poison Ivy 2.3.2 C&C server. The exploit does not need to know the password chosen for the bot/server communication. If the C&C is configured with the default 'admin' password, the exploit should work fine. In case of the C&C configured with another password the exploit can fail. The 'check' command can be used to determine if the C&C target is using the default 'admin' password. Hopefully an exploit try won't crash the Poison Ivy C&C process, just the thread responsible of handling the connection. Because of this the module provides the RANDHEADER option and a bruteforce target. If RANDHEADER is used a random header will be used. If the bruteforce target is selected, a random header will be sent in case the default for the password 'admin' doesn't work. Bruteforce will stop after 5 tries or a session obtained.

tags | exploit, overflow
MD5 | b8ca3ffa1d3da60d8b3f9b99912ede26
Umbraco CMS Remote Command Execution
Posted Jul 6, 2012
Authored by juan vazquez, Toby Clarke | Site metasploit.com

This Metasploit module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorised file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path traversal vulnerability, allowing code to be placed into the web-accessible /umbraco/ directory. The module writes, executes and then overwrites an ASPX script; note that though the script content is removed, the file remains on the target. Automatic cleanup of the file is intended if a meterpreter payload is used. This Metasploit module has been tested successfully on Umbraco CMS 4.7.0.378 on a Windows 7 32-bit SP1. In this scenario, the "IIS APPPOOL\ASP.NET v4.0" user must have write permissions on the Windows Temp folder.

tags | exploit, web, asp, file upload
systems | windows, 7
MD5 | 55b249c7b416e0039642bb1ad643fe1b
Tiki Wiki <= 8.3 unserialize() PHP Code Execution
Posted Jul 6, 2012
Authored by EgiX, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in Tiki Wiki <= 8.3 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the 'tiki-print_multi_pages.php' script, which is called with user controlled data from the 'printpages' parameter. The exploit abuses the __destruct() method from the Zend_Pdf_ElementFactory_Proxy class to write arbitrary PHP code to a file on the Tiki Wiki web directory. In order to run successfully three conditions must be satisfied (1) display_errors php setting must be On to disclose the filesystem path of Tiki Wiki, (2) The Tiki Wiki Multiprint feature must be enabled to exploit the unserialize() and (3) a php version older than 5.3.4 must be used to allow poison null bytes in filesystem related functions. The exploit has been tested successfully on Ubuntu 9.10 and Tiki Wiki 8.3.

tags | exploit, web, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2012-0911
MD5 | f2b5160e61e85582844eefb51772013f
Basilic 1.5.14 diff.php Arbitrary Command Execution
Posted Jul 6, 2012
Authored by Larry W. Cashdollar, sinn3r, juan vasquez | Site metasploit.com

This Metasploit module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account.

tags | exploit, arbitrary, php
MD5 | 9d16ea294133914f3b79a69c57218572
Hack Box With DotDotPwn Directory Traversal Fuzzer
Posted Jul 6, 2012
Authored by Levi Francisco Pineda

This is a brief whitepaper that demonstrates using DotDotPwn for directory traversal fuzzing against the Lyric Xibelis CSF.

tags | paper
MD5 | 22dda8a606f285136aa86848323a6feb
sflog! 1.00 LFI / Password Disclosure / Shell Upload
Posted Jul 6, 2012
Authored by dun

sflog! versions 1.00 and below suffer from local file inclusion, administrative password disclosure, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion, info disclosure
MD5 | f7595d6fc73ab2011bfdc0c93d3b352c
Apache Sling 2.1.0 Denial Of Service
Posted Jul 6, 2012
Authored by IO Active | Site sling.apache.org

The CopyFrom operation of the Sling POST servlet allows for copying a parent node to one of its descendant nodes, creating an infinite loop that ultimately results in denial of service, once memory and/or storage resources are exhausted.

tags | exploit, denial of service
advisories | CVE-2012-2138
MD5 | 247b8f5058aa4214c0cc1dcb22dcf959
Mandriva Linux Security Advisory 2012-102
Posted Jul 6, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-102 - A vulnerability has been discovered and corrected in krb5. A kadmind denial of service issue has been addressed, which could only be triggered by an administrator with the create privilege. The updated packages have been patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2012-1013
MD5 | 188fac78cf692cee77ab05f2a6716f96
Asterisk Project Security Advisory - AST-2012-011
Posted Jul 6, 2012
Authored by Nicolas Bouliane, Kinsey Moore | Site asterisk.org

Asterisk Project Security Advisory - If a single voicemail account is manipulated by two parties simultaneously, a condition can occur where memory is freed twice causing a crash.

tags | advisory
advisories | CVE-2012-3812
MD5 | 77428c3c2deacae36ccac65a178ebd16
Asterisk Project Security Advisory - AST-2012-010
Posted Jul 6, 2012
Authored by Terry Wilson, Steve Davies | Site asterisk.org

Asterisk Project Security Advisory - If Asterisk sends a re-invite and an endpoint responds to the re-invite with a provisional response but never sends a final response, then the SIP dialog structure is never freed and the RTP ports for the call are never released. If an attacker has the ability to place a call, they could create a denial of service by using all available RTP ports.

tags | advisory, denial of service
MD5 | 97efa304659dce2c49033c6d442bd34c
IPv6 Redirect Messages Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

rd-attack is a tool for finding vulnerabilities based on ICMPv6 Redirect messages.

tags | tool, vulnerability
systems | unix
MD5 | becd9b763c1be344036ba2305a9b754e
IPv6 Node Information Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

ni6 is a security assessment tool that exploits potential flaws in the processing of ICMPv6 Node Information messages.

tags | tool
systems | unix
MD5 | 26c798bd6b7de4fdebfc08408cab1de5
IPv6 Jumbograms Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

jumbov6 is a tool to assess IPv6 implementations with respect to attack vectors based on IPv6 jumbograms.

tags | tool
systems | unix
MD5 | 34d457b8a32506e0dd7cad03bc8345f6
UK CPNI IPv6 Toolkit 1.1
Posted Jul 6, 2012
Authored by Fernando Gont

This toolkit house various IPv6 tool that have been tested to compile and run on Debian GNU/Linux 6.0, FreeBSD 8.2, NetBSD 5.1, OpenBSD 5.0, and Ubuntu 11.10.

tags | tool, scanner
systems | linux, netbsd, unix, freebsd, openbsd, debian, ubuntu
MD5 | 462267262837e1e1eeaef194da4cad1c
IPv6 Address Monitoring Tool 0.1
Posted Jul 6, 2012
Authored by Fernando Gont

ipv6mon is a tool for IPv6 address monitoring on local area networks.

tags | tool, local
systems | unix
MD5 | 13c3a054cf31f677b3d9118b7a9b077b
IPv6 ICMPv6 Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

icmp6-attack is a tool for assessing vulnerabilities in ICMPv6 error messages.

tags | tool, vulnerability
systems | unix
MD5 | 04e663b812b818498af53c58c663f7b7
IPv6 Fragmentation Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

frag6 is a security assessment tool for attack vectors based on IPv6 fragmentation.

tags | tool
systems | unix
MD5 | 808da8dcc85c967f115281399fba4e64
IPv6 Flow Assessment Tool 1.0
Posted Jul 6, 2012
Authored by Fernando Gont

flow6 is a tool that performs a security assessment of the IPv6 Flow Label Field.

tags | tool
systems | unix
MD5 | d92fb5151511b56dbe25d8cd9c0ea3b7
Elfchat 5.1.2 Pro Cross Site Scripting
Posted Jul 6, 2012
Authored by Avatar Fearless

ElfChat version 5.1.2 Pro suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c529f8e3722c4baefe97b464319fbd6b
Secunia Security Advisory 49826
Posted Jul 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the PHPFreeChat plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 597b2898a8d37b9adbfad14fe7c538ae
Secunia Security Advisory 49825
Posted Jul 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Knews Multilingual Newsletters plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | ba677b518f75631eb66623c255085331
Secunia Security Advisory 49821
Posted Jul 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Contus Vblog plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | 3d1403e10bb196df31f56b1613b2e242
Secunia Security Advisory 49823
Posted Jul 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the custom tables plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | b69b36916200d17997472d58ce6b4e2a
Secunia Security Advisory 49827
Posted Jul 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the church_admin plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 24f8c64f02946ba51146d2844ca03ba7
Secunia Security Advisory 49814
Posted Jul 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
MD5 | 6cd1d6c83e1c6d4933dc315984d5e225
Page 1 of 2
Back12Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    14 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close