This is a NSE script written for nmap that adds vulnerability scanning.
1a48a563112f7d4ed132994b785b521aDotNetNuke DNNArticle module versions 10.0 and below suffer from a remote SQL injection vulnerability.
5f08c601e0c660b1504874f2377ea360Drupal Password Policy third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.
7e5badbf44d775e6ef21db793b16d7d2Drupal Entity API version 7.x suffers from an access bypass vulnerability.
903cef3449552daf1aec8d86e24edeb1Drupal BOTCHA Spam Prevention third party module version 7.x suffers from an information disclosure vulnerability.
f8b4682557894b56c327bd77a9e4315eBIND is exposed to a new vulnerability which can be exploited remotely in order to derandomize the name server selection algorithm. Exploitation of this vulnerability can be used in conjunction with other off-path DNS cache poisoning exploits in order to make them more efficient. ISC has acknowledged the vulnerability and plans to address this deficiency by re-implementing the SRTT algorithm in future maintenance releases of the BIND 9 code. This whitepaper goes into great detail regarding this issue.
dfeff92eab9896fa7fecfa797864d3f2Ubuntu Security Notice 1927-1 - Paul Collins discovered that libimobiledevice incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files and access device keys. In the default Ubuntu installation, this issue should be mitigated by the Yama link restrictions.
fcec954da3de82af2ef0036ccf690f10Ubuntu Security Notice 1926-1 - David Gibson discovered that SPICE incorrectly handled certain network errors. An attacker could use this issue to cause the SPICE server to crash, resulting in a denial of service.
88b0ae00eca328bb7e8899264a2cdc32Tunna is an HTTP tunneling framework that encapsulates TCP traffic and can bind ports from the remote host to the localhost. It can be used to bypass firewall restrictions when testing web applications. It integrates with Metasploit.
6d81549dfb9171d253569397c9f0b250This bulletin summary lists two re-released Microsoft security bulletins for August, 2013.
ff57460d27b22a02f58c10e2dca3eeedDrupal versions 7.22 and 6.28 suffer from cross site scripting vulnerabilities.
4eb998e931c5824252e44f9186af20d8This Metasploit module exploits a boundary condition error in Intrasrv Simple Web Server 1.0. The web interface does not validate the boundaries of an HTTP request string prior to copying the data to an insufficiently large buffer. Successful exploitation leads to arbitrary remote code execution in the context of the application.
da075e4e6bcae38ea0d3d84857e63162This Metasploit module exploits a vulnerability in MiniWeb HTTP server (build 300). The software contains a file upload vulnerability that allows an unauthenticated remote attacker to write arbitrary files to the file system. Code execution can be achieved by first uploading the payload to the remote machine as an exe file, and then upload another mof file, which enables WMI (Management Instrumentation service) to execute the uploaded payload. Please note that this module currently only works for Windows before Vista.
fa38cf29be5e352355ed7ba6d0f4e3e4This Metasploit module exploits a stack based buffer overflow in Ultra Mini HTTPD 1.21 allowing remote attackers to execute arbitrary code via a long resource name in an HTTP request.
ba6c03a595c72b9373824b200d1411dcThis Metasploit module exploits a buffer overflow vulnerability found in Chasys Draw IES (version 4.10.01). The vulnerability exists in the module flt_BMP.dll, while parsing BMP files, where the ReadFile function is used to store user provided data on the stack in a insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted BMP file. This Metasploit module has been tested successfully with Chasys Draw IES 4.10.01 on Windows XP SP3 and Windows 7 SP1.
ff8438fa506ca940bd0b7688c3585603This Metasploit module exploits a vulnerability found in Joomla 2.5.x up to 2.5.13, as well as 3.x up to 3.1.4 versions. The vulnerability exists in the Media Manager component, which comes by default in Joomla, allowing arbitrary file uploads, and results in arbitrary code execution. The module has been tested successfully on Joomla 2.5.13 and 3.1.4 on Ubuntu 10.04. Note: If public access isn't allowed to the Media Manager, you will need to supply a valid username and password (Editor role or higher) in order to work properly.
cf5b61f56c69e484e93a550bb8d8378cTCP uses 32 bit Seq/Ack numbers in order to make sure that both sides of a connection can actually receive packets from each other. Additionally, these numbers make it relatively hard to spoof the source address because successful spoofing requires guessing the correct initial sequence number (ISN) which is generated by the server in a non-guessable way. It is commonly known that a 32 bit number can be brute forced in a couple of hours given a fast (gigabit) network connection. This article shows that the effort required for guessing a valid ISN can be reduced from hours to minutes if the server uses TCP SYN Cookies (a widely used defense mechanism against SYN-Flooding DOS Attacks), which are enabled by default for various Linux distributions including Ubuntu and Debian.
e45ccc2ac51d5bc09c7ebdf637082168This code was written to perform auto-installation of the Bash 3.0 shell sniffer tool.
7180cd9a300346b510a10080701627c4This code is a shell sniffer that logs keystrokes for bash 3.0.
15f6b35cbcc70e3a7bfa07915825be60Spitefire CMS version 1.1.4 suffers from a cross site request forgery vulnerability.
f10d4bebcce01e452ba299b2927a785bSoltech CMS version 0.4 suffers from a remote SQL injection vulnerability.
1615b0dd5bf6134a85ce6b6be7b3b3a0The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.
66b47dfda969e55a09e7ac25861c8486The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.
0dbe90f085f956db88aac3e897a70289
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed