This Metasploit module exploits a stack buffer overflow in Poison Ivy 2.3.2 C&C server. The exploit does not need to know the password chosen for the bot/server communication. If the C&C is configured with the default 'admin' password, the exploit should work fine. In case of the C&C configured with another password the exploit can fail. The 'check' command can be used to determine if the C&C target is using the default 'admin' password. Hopefully an exploit try won't crash the Poison Ivy C&C process, just the thread responsible of handling the connection. Because of this the module provides the RANDHEADER option and a bruteforce target. If RANDHEADER is used a random header will be used. If the bruteforce target is selected, a random header will be sent in case the default for the password 'admin' doesn't work. Bruteforce will stop after 5 tries or a session obtained.
a5fb5f9fb5256f9b9ed0a73d71160bd6699b2d23e1947554a86a9c745e5bff43This Metasploit module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorised file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path traversal vulnerability, allowing code to be placed into the web-accessible /umbraco/ directory. The module writes, executes and then overwrites an ASPX script; note that though the script content is removed, the file remains on the target. Automatic cleanup of the file is intended if a meterpreter payload is used. This Metasploit module has been tested successfully on Umbraco CMS 4.7.0.378 on a Windows 7 32-bit SP1. In this scenario, the "IIS APPPOOL\ASP.NET v4.0" user must have write permissions on the Windows Temp folder.
a969edd9061df64ff92c55db7b277da617626bfa9448eab4978dfbd56a0d42bbThis Metasploit module exploits a php unserialize() vulnerability in Tiki Wiki <= 8.3 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the 'tiki-print_multi_pages.php' script, which is called with user controlled data from the 'printpages' parameter. The exploit abuses the __destruct() method from the Zend_Pdf_ElementFactory_Proxy class to write arbitrary PHP code to a file on the Tiki Wiki web directory. In order to run successfully three conditions must be satisfied (1) display_errors php setting must be On to disclose the filesystem path of Tiki Wiki, (2) The Tiki Wiki Multiprint feature must be enabled to exploit the unserialize() and (3) a php version older than 5.3.4 must be used to allow poison null bytes in filesystem related functions. The exploit has been tested successfully on Ubuntu 9.10 and Tiki Wiki 8.3.
04e6daabf6b6a5dba1b8fa576bc4f910b4df1c7b90652847142a832796744523This Metasploit module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account.
80e3ce82a2d97fa36f0665883aecc56cc126a901567bd0c4251832c7ded7ffe7This is a brief whitepaper that demonstrates using DotDotPwn for directory traversal fuzzing against the Lyric Xibelis CSF.
ff84469d0184c84c0a03b4b6268f4e4a0fc7743706154150f36511ad985f17fdsflog! versions 1.00 and below suffer from local file inclusion, administrative password disclosure, and remote shell upload vulnerabilities.
a330468dd724ab2f78215e629c1c00b9dcb52c8249a68c63ac563236adda7e5aThe CopyFrom operation of the Sling POST servlet allows for copying a parent node to one of its descendant nodes, creating an infinite loop that ultimately results in denial of service, once memory and/or storage resources are exhausted.
8995843141b2cea69c3716091acf10088f9d4eadff4f7ee2520234cfcb689c33Mandriva Linux Security Advisory 2012-102 - A vulnerability has been discovered and corrected in krb5. A kadmind denial of service issue has been addressed, which could only be triggered by an administrator with the create privilege. The updated packages have been patched to correct this issue.
9811d67a56f6266e921605d63970c98925047dd6fd4ff986c85c9011098f43e2Asterisk Project Security Advisory - If a single voicemail account is manipulated by two parties simultaneously, a condition can occur where memory is freed twice causing a crash.
c4c29da204c724036feeafa9e5d1fe5e12c23b551ecfc323429909297800ebdaAsterisk Project Security Advisory - If Asterisk sends a re-invite and an endpoint responds to the re-invite with a provisional response but never sends a final response, then the SIP dialog structure is never freed and the RTP ports for the call are never released. If an attacker has the ability to place a call, they could create a denial of service by using all available RTP ports.
7393ac1f7dc8c09c81891ad81cc71a05d76badd9fadaf47998c0f0251965ab45rd-attack is a tool for finding vulnerabilities based on ICMPv6 Redirect messages.
75ef138e80c715c496ab039939f1aa91edb626d283e4705e8ad8c770aa02c623ni6 is a security assessment tool that exploits potential flaws in the processing of ICMPv6 Node Information messages.
ef026e19bb05a8e35114e31349134c5a2a5d5688a0963bba15b3d387466c534cjumbov6 is a tool to assess IPv6 implementations with respect to attack vectors based on IPv6 jumbograms.
70bfa103033977fae419ba459c2326bf358ca0f22ea9e70abc5986d263dfaae1This toolkit house various IPv6 tool that have been tested to compile and run on Debian GNU/Linux 6.0, FreeBSD 8.2, NetBSD 5.1, OpenBSD 5.0, and Ubuntu 11.10.
495e347d4bbbe9c0d3103f47b8d7a0f7d1a5f329d8d7205e15208bf12efcc139ipv6mon is a tool for IPv6 address monitoring on local area networks.
87998c9beb90c410776520cb78807d8b97edb1ae4718be2cd8ed998cb9c50079icmp6-attack is a tool for assessing vulnerabilities in ICMPv6 error messages.
ea6d02dca82a6ab1ff31fe84a06fc2903dd5f62c1fff178f155d3db8be6f32d2frag6 is a security assessment tool for attack vectors based on IPv6 fragmentation.
ff17013fa710766492566513213184ed833099c8a1d20510c6d0688633371093flow6 is a tool that performs a security assessment of the IPv6 Flow Label Field.
fec38fb5001ec4bc83eaff5713607b708f5dff5075d86fa4946185e0b8774005ElfChat version 5.1.2 Pro suffers from a cross site scripting vulnerability.
5dbc0c25c91ac9c248972741c037874ae862593c456258d1c27f34c121b8cf11Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the PHPFreeChat plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
4e4dfae1d2d31df99da08a5522d54b24e7199f00899121c3fbf42eae6c3ca680Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Knews Multilingual Newsletters plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
f46b22b703464c1c0511904b0ea5258a6a49c0323e95c819d3f658ab34556693Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Contus Vblog plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
0ff2417c74091799c32bf1e597e7aef40b81f282cf3a097ff1220a3ff19b3944Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the custom tables plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
220fe9d65f81acd053ef51471802014765e9abed1b49dc7b22ea6a5c9c8be0ceSecunia Security Advisory - Sammy Forgit has discovered a vulnerability in the church_admin plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
be28034156cfbf05ed35a6fd69452d00912abd1cd795f9e7df7fd71ee2b53e7aSecunia Security Advisory - Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users to cause a DoS (Denial of Service).
b7947a87aac075fa7aa6e3df7d8e6620d59bd7ecd00abf0a98895f209630fd34
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed