Reliable exploit for the Plesk PHP code injection vulnerability disclosed by Kingcope in June 2013. Can deliver inline and reverse shells using the payloads library, as well as offering (buggy) file upload features.
40b90d76d0580f70886001e5bf3051b5
This is a simple PHP backdoor using HTTP headers to inject the code as opposed to a GET or POST variable. Uses the fictional "Code: " header as an example, for learning purposes. This is not production code.
9339a47d8494f20c33278bdc964714ef
This is a NSE script written for nmap that adds vulnerability scanning.
049138cd6131584ff1da9ac9a198df8d
Red Hat Security Advisory 2013-0982-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that Thunderbird allowed data to be sent in the body of XMLHttpRequest HEAD requests. In some cases this could allow attackers to conduct Cross-Site Request Forgery attacks.
903811d2af09150f068d973a8d858a82
Mandriva Linux Security Advisory 2013-177 - Updated dbus packages fix security vulnerability. Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in _dbus_printf_string_upper_bound(). This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. Depending on the dbus services running, it could lead to complete system crash.
659ae4c2b1bfd769215afd3570c4f34f
Red Hat Security Advisory 2013-0981-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that Firefox allowed data to be sent in the body of XMLHttpRequest HEAD requests. In some cases this could allow attackers to conduct Cross-Site Request Forgery attacks.
2e90a737c464505cf878f2958bff33fb
IceWarp Mail Server versions 10.4.5 and below suffer from cross site scripting and XML external entity injection vulnerabilities.
1acdb9051822f7a15d1fa63ed39e5550
This bulletin summary lists two re-released Microsoft security bulletins for June, 2013.
684602a63dcdbf464079ad86b30b5980
Xopie Virtual Shop suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
ff20477761941e992caa980baf20df46
Magnolia CMS versions 4.5.8 and below suffer from multiple access control vulnerabilities that allow a non-administrative user to access and execute administrative functionalities.
97da8b20aa2e3b954b05d663b492ca45
HP Security Bulletin HPSBHF02878 - A potential security vulnerability has been identified with the HP Smart Zero Client. This vulnerability could be exploited by a local user on the device to gain unauthorized access. Revision 1 of this advisory.
015ba799723b7b2a4cbe4364553d2ff1
Mandriva Linux Security Advisory 2013-178 - Updated nfs-utils packages fix a security vulnerability. It was reported that rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending on PTR resolution for GSSAPI authentication. Because of this, if a user where able to poison DNS to a victim's computer, they would be able to trick rpc.gssd into talking to another server than the intended server (with stricter security). If the victim has write access to the second server, and the attacker has read access (when they normally might not on the secure server), the victim could write files to that server, which the attacker could obtain (when normally they would not be able to). To the victim this is transparent because the victim's computer asks the KDC for a ticket to the second server due to reverse DNS resolution; in this case Krb5 authentication does not fail because the victim is talking to the correct server.
df555586c3be1a1502c07d95d63a4836
Red Hat Security Advisory 2013-0983-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when processed by an application using libcurl that handles untrusted URLs, would possibly cause it to crash or, potentially, execute arbitrary code.
d19c014f0dea84b64804cd3dc62b3167
Against is a very fast ssh attack script which includes a multithreaded port scanning module (tcp connect) for discovering possible targets and a multithreaded brute-forcing module which attacks in parallel (multiprocessing) all discovered hosts or given ip addresses from a list.
18cffea53cef93cb1daf8ca912066d18
The OpenID idp software "Barnraiser Prairie" suffers from a directory traversal vulnerability.
fec1d0b6ad93e91a3e8b3d29c1d6f1f4
Baby FTP Server version 1.24 suffers from a denial of service vulnerability.
83ad19e719b69fa8366201ac6a04d946