This is a NSE script written for nmap that adds vulnerability scanning.
83f3c568ec7872a28bedb9da04a868377573b2544d75b2e1d2a7e96f0de281aaDotNetNuke DNNArticle module versions 10.0 and below suffer from a remote SQL injection vulnerability.
3418ca4d1ae20f2fa6d4bc50f7515ed9bbbff0fa1ebe71846e7fb3de94fd2c36Drupal Password Policy third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.
c40e41a826657748ed02ee7f8067fcec7db89f9c774f0574fccd0d67621dd868Drupal Entity API version 7.x suffers from an access bypass vulnerability.
306ad4a749d55e82431c05e5f483a030e0fea776244a2611db478fa23950bfecDrupal BOTCHA Spam Prevention third party module version 7.x suffers from an information disclosure vulnerability.
e75e969fb138b8aa3836533eddc56d325b52dfa0dd6b756b49f028b37e2b0aa4BIND is exposed to a new vulnerability which can be exploited remotely in order to derandomize the name server selection algorithm. Exploitation of this vulnerability can be used in conjunction with other off-path DNS cache poisoning exploits in order to make them more efficient. ISC has acknowledged the vulnerability and plans to address this deficiency by re-implementing the SRTT algorithm in future maintenance releases of the BIND 9 code. This whitepaper goes into great detail regarding this issue.
84356c82ef3047b3388b1711d4f92e2ade893d39556c93520d7e0953f3faf27fUbuntu Security Notice 1927-1 - Paul Collins discovered that libimobiledevice incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files and access device keys. In the default Ubuntu installation, this issue should be mitigated by the Yama link restrictions.
f119bb9310e69655e310ff5fd8b5ab4e4715f2598b8ece8795beafcd0f842e7fUbuntu Security Notice 1926-1 - David Gibson discovered that SPICE incorrectly handled certain network errors. An attacker could use this issue to cause the SPICE server to crash, resulting in a denial of service.
cf1acb68ba0a829481703e54c3382683d9a83d1059212ebee71b20e35b60e212Tunna is an HTTP tunneling framework that encapsulates TCP traffic and can bind ports from the remote host to the localhost. It can be used to bypass firewall restrictions when testing web applications. It integrates with Metasploit.
c34b4727681dca141173b9fb57f1fa072bb84acc0eef0ce9d956ba209d64326dThis bulletin summary lists two re-released Microsoft security bulletins for August, 2013.
066f7e15f031a55988c403f8d1948b35ece80a4583eaab245bf5e9faa005da1fDrupal versions 7.22 and 6.28 suffer from cross site scripting vulnerabilities.
e04775da7a9ee6e34c96ad35efc7a981fa752926363c46cfdef6ebd1d28e355dThis Metasploit module exploits a boundary condition error in Intrasrv Simple Web Server 1.0. The web interface does not validate the boundaries of an HTTP request string prior to copying the data to an insufficiently large buffer. Successful exploitation leads to arbitrary remote code execution in the context of the application.
49e8f27267aed47c682375ea5911705765e895cff8046206e064332f203dd75aThis Metasploit module exploits a vulnerability in MiniWeb HTTP server (build 300). The software contains a file upload vulnerability that allows an unauthenticated remote attacker to write arbitrary files to the file system. Code execution can be achieved by first uploading the payload to the remote machine as an exe file, and then upload another mof file, which enables WMI (Management Instrumentation service) to execute the uploaded payload. Please note that this module currently only works for Windows before Vista.
b4d11d94bdfda21fed51296f5789bea65f23c1f03f5b7bd525895268f5a560b0This Metasploit module exploits a stack based buffer overflow in Ultra Mini HTTPD 1.21 allowing remote attackers to execute arbitrary code via a long resource name in an HTTP request.
038f10bb10c9227f8c10522b7408feabf6f8db03f7a4f6c92e23b302fab084ddThis Metasploit module exploits a buffer overflow vulnerability found in Chasys Draw IES (version 4.10.01). The vulnerability exists in the module flt_BMP.dll, while parsing BMP files, where the ReadFile function is used to store user provided data on the stack in a insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted BMP file. This Metasploit module has been tested successfully with Chasys Draw IES 4.10.01 on Windows XP SP3 and Windows 7 SP1.
56e7fba84288627ba505da717c62532dbb987a53ddb5f03f8701ff982a5809adThis Metasploit module exploits a vulnerability found in Joomla 2.5.x up to 2.5.13, as well as 3.x up to 3.1.4 versions. The vulnerability exists in the Media Manager component, which comes by default in Joomla, allowing arbitrary file uploads, and results in arbitrary code execution. The module has been tested successfully on Joomla 2.5.13 and 3.1.4 on Ubuntu 10.04. Note: If public access isn't allowed to the Media Manager, you will need to supply a valid username and password (Editor role or higher) in order to work properly.
346ac09164eab95f37585db1e9d762bf419fcb281b6d4c1fd3c23cf6499a9c20TCP uses 32 bit Seq/Ack numbers in order to make sure that both sides of a connection can actually receive packets from each other. Additionally, these numbers make it relatively hard to spoof the source address because successful spoofing requires guessing the correct initial sequence number (ISN) which is generated by the server in a non-guessable way. It is commonly known that a 32 bit number can be brute forced in a couple of hours given a fast (gigabit) network connection. This article shows that the effort required for guessing a valid ISN can be reduced from hours to minutes if the server uses TCP SYN Cookies (a widely used defense mechanism against SYN-Flooding DOS Attacks), which are enabled by default for various Linux distributions including Ubuntu and Debian.
b8f8a5a1565210c001b8928ecc2c9c00ee0638f668d5a0c9e076bda0c08391c5This code was written to perform auto-installation of the Bash 3.0 shell sniffer tool.
0db5bc9774ba0b32ffa49115373f366cf35e5d084ff60d03694a15a033162885This code is a shell sniffer that logs keystrokes for bash 3.0.
9b35fdfae427711f593e60b66dab25db64fbb15c2814f7d9219d9aed5f0ee9e0Spitefire CMS version 1.1.4 suffers from a cross site request forgery vulnerability.
ea3407f1824ad7c77a3cacdc1905bae5111be20f4e6cfb3d3bf1e7fb544d7510Soltech CMS version 0.4 suffers from a remote SQL injection vulnerability.
c456e6512195b6a7b73173fbd126978ba516f9a26da09e2b8db06a723582941dThe IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.
c91966468587a351ac5a5ab7a6a5efec2d287d47df6ed6e6126cbf0ebccbe4b2The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.
f02354c5057ad3ef8f665611f60e6520a4278402c6472e75be9045ca31f8566e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed