exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

Oracle MySQL UDF Payload Execution
Posted Dec 22, 2017
Authored by Tod Beardsley, Bernardo Damele, h00die | Site metasploit.com

This Metasploit module creates and enables a custom UDF (user defined function) on the target host via the SELECT ... into DUMPFILE method of binary injection. On default Microsoft Windows installations of MySQL versions 5.5.9 and below, directory write permissions not enforced, and the MySQL service runs as LocalSystem. NOTE: This Metasploit module will leave a payload executable on the target system when the attack is finished, as well as the UDF DLL, and will define or redefine sys_eval() and sys_exec() functions.

tags | exploit
systems | windows
MD5 | bcf3d2156b2ec4dfa9eb9e73784fb039

Related Files

Secunia Security Advisory 50229
Posted Aug 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for MySQL. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to gain knowledge of sensitive information and manipulate certain data, by malicious users to gain knowledge of sensitive information, manipulate certain data, bypass certain security restrictions, and cause a DoS, and by malicious people to bypass certain security restrictions.

tags | advisory, local, vulnerability
systems | linux, suse
MD5 | bb4ef65fedc97275f3de90ad272c3465
Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential
Posted Aug 8, 2012
Authored by sinn3r, Mario Ceballos, Jonathan Claudius, Tanya Secker | Site metasploit.com

This exploits an insecure config found in Scrutinizer NetFlow & sFlow Analyzer. By default, the software installs a default password in MySQL, and binds the service to "0.0.0.0". This allows any remote user to login to MySQL, and then gain arbitrary remote code execution under the context of 'SYSTEM'. Examples of default credentials include: 'scrutinizer:admin', and 'scrutremote:admin'.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2012-3951, OSVDB-84317
MD5 | dadd1bd0ca2360eb0022a698d14e8695
Scrutinizer NetFlow / sFlow Analyzer 9.0.1 XSS / Bypass / File Upload
Posted Jul 29, 2012
Authored by Mario Ceballos, Jonathan Claudius | Site trustwave.com

Scrutinizer NetFlow and sFlow Analyzer versions 9.0.1 and below suffer from bypass, cross site scripting, and remote file upload vulnerabilities. It also has undocumented MySQL admin users.

tags | exploit, remote, vulnerability, xss, file upload
advisories | CVE-2012-2626, CVE-2012-2627, CVE-2012-3848, CVE-2012-3951
MD5 | 73d5828d4514d8fed50ab4579ea87f2b
MySQL Squid Access Report 2.1.4 HTML Injection
Posted Jul 23, 2012
Authored by Daniel Godoy

MySQL Squid Access Report version 2.1.4 suffers from an html injection vulnerability.

tags | exploit
MD5 | 6220f3cb2504e476413803a4d4d48ba5
Symantec Web Gateway 5.0.3.18 Blind SQL Injection
Posted Jul 23, 2012
Authored by muts

Symantec Web Gateway version 5.0.3.18 suffers from a remote blind SQL injection backdoor via MySQL triggers.

tags | exploit, remote, web, sql injection
advisories | CVE-2012-2961
MD5 | e17186f788a1aa28c81caa291ae9db30
Secunia Security Advisory 49957
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle MySQL Server, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
MD5 | 478d073d55e20be8a1a704b36593064e
Secunia Security Advisory 49847
Posted Jul 11, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for mysql. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | linux, suse
MD5 | f55472af1e1da3d206c20b0ae2b1bdc3
Hydra Network Logon Cracker 7.3
Posted Jul 5, 2012
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Multiple enhancements and fixed to Hydra main, the SNMP module, the HTTP module, and more. Added IDN and PCRE support for Cygwin.
tags | tool, web, imap
systems | cisco, unix
MD5 | 34f9c21eae24fdc542ba21abc61b05d1
Red Hat Security Advisory 2012-0874-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0874-04 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A flaw was found in the way MySQL processed HANDLER READ NEXT statements after deleting a record. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2012-2102
MD5 | 94cc89d891a30aee3d02bcf79d3a7d26
Secunia Security Advisory 49597
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for mysql. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, redhat
MD5 | 9c4fbed2815a7112b3f0797350ec4f5c
Secunia Security Advisory 49485
Posted Jun 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for mysql-5.1. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, debian
MD5 | 2640843f841c4ae0ae03a1e8ced22e7a
Debian Security Advisory 2496-1
Posted Jun 19, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2496-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.63, which includes additional changes, such as performance improvements and corrections for data loss defects.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-0583, CVE-2012-1688, CVE-2012-1690, CVE-2012-1703, CVE-2012-2122
MD5 | 9b782e4cd47e17d0630aab6ca5ab4d12
Secunia Security Advisory 49490
Posted Jun 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for mysql. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | linux, ubuntu
MD5 | ce6a7d7fbcb9e2a72f3326fe5e2e1f02
MySQL Remote Root Authentication Bypass
Posted Jun 12, 2012
Authored by Sergei A. Golubchik, David Kennedy

MySQL remote root authentication bypass exploit.

tags | exploit, remote, root
systems | linux, debian
advisories | CVE-2012-2122
MD5 | af0757e287def1f51dddfc1c36f54b6f
Secunia Security Advisory 49409
Posted Jun 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and vulnerability have been reported in MySQL, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | e767e4df531bcde426bb2555c6498737
Ubuntu Security Notice USN-1467-1
Posted Jun 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1467-1 - It was discovered that certain builds of MySQL incorrectly handled password authentication on certain platforms. A remote attacker could use this issue to authenticate with an arbitrary password and establish a connection. MySQL has been updated to 5.5.24 in Ubuntu 12.04 LTS. Ubuntu 10.04 LTS, Ubuntu 11.04 and Ubuntu 11.10 have been updated to MySQL 5.1.63. A patch to fix the issue was backported to the version of MySQL in Ubuntu 8.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-2122
MD5 | ba304634301d9490723e5f73aa3db8e1
vBulletin 4.1.12 SQL Information Disclosure
Posted Jun 8, 2012
Authored by HauntIT

vBulletin version 4.1.12 suffers from a MySQL information disclosure vulnerability.

tags | exploit, sql injection, info disclosure
MD5 | fd7539f362a0ea9730bc4e72aae66056
Access Road 0.7.2
Posted Jun 6, 2012
Authored by Patrick Thazard

Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added.

Changes: This release is mainly to fix a critical bug on the NoMore-NoLess views on Windows, and to allow use of the ORACLE JRE 7 with the previous bases from an old JRE.
tags | tool
systems | linux, unix
MD5 | 63c1fbd269de8b08d84e63c9c67198ce
Access Road (Source Release) 0.7.2
Posted Jun 6, 2012
Authored by Patrick Thazard

Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added. This is the source release.

Changes: This release is mainly to fix a critical bug on the NoMore-NoLess views on Windows, and to allow use of the ORACLE JRE 7 with the previous bases from an old JRE.
tags | tool
systems | linux, unix
MD5 | 00410214d083996808966ea102320809
Intercepter Sniffer 0.9.3
Posted Jun 3, 2012
Authored by Ares | Site sniff.su

Intercepter is a sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.

Changes: Major update of sslstripping code. RAW mode updated. Updated wifi mode and improve mitm code. Various other updates.
tags | tool, web, sniffer, imap, protocol
MD5 | 0a04342b822ec633383c05ccdd37df02
Intercepter-NG Console Edition 0.1
Posted Jun 3, 2012
Authored by Ares | Site sniff.su

Intercepter-NG [Console Edition] is a sniffer that offers various capabilities including sniffing for password hashes related to ORACLE/MYSQL/VNC/NNTP/CVS/WWW/HTTP/SOCKS/MRA/FTP/POP3/SMTP/IMAP/LDAP/AIM. It works on NT/Linux/BSD/IOS/Android and is optimized for screen size 80x30 or higher.

tags | tool, web, sniffer, imap
systems | linux, bsd, apple
MD5 | 59d425358d2c05263fbf2efed0ceca04
Secunia Security Advisory 49179
Posted May 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for mysql-cluster. This fixes multiple vulnerabilities, which can be exploited by malicious users to gain escalated privileges and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, suse
MD5 | b11402db4f62471b841cb6ecf22f8dcf
Secunia Security Advisory 49180
Posted May 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for mysql-community-server. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain knowledge of sensitive information and manipulate certain data, by malicious users to gain knowledge of sensitive information, manipulate certain data, and cause a DoS (Denial of Service), and by malicious people to cause a DoS.

tags | advisory, denial of service, local, vulnerability
systems | linux, suse
MD5 | 92e4d8c0f546a535cad4a776fd198068
MD5 MySQL Brute Forcer
Posted May 10, 2012
Authored by baltazar

This is a simple python script for cracking MySQL MD5 passwords.

tags | cracker, python
MD5 | ddb4580bc5f288eb23c3fc01a239324d
SHA-1 MySQL Bruteforcer
Posted Apr 30, 2012
Authored by baltazar

SHA-1 MySQL database brute forcing utility. Written in Python.

tags | cracker, python
MD5 | 7d1a616bc46467c995e23bb4f487748c
Page 1 of 4
Back1234Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    23 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close