exploit the possibilities
Showing 1 - 25 of 33 RSS Feed

Files

Modbus Slave 7.0.0 Denial Of Service
Posted Oct 29, 2018
Authored by Ihsan Sencan

Modbus Slave version 7.0.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2018-18759
MD5 | 8f4a5e2e88403b1bf3c2434d33c61bf0

Related Files

Debian Security Advisory 4470-1
Posted Jun 23, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4470-1 - Two vulnerabilities have been discovered in pdns, an authoritative DNS server which may result in denial of service via malformed zone records and excessive NOTIFY packets in a master/slave setup.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2019-10162, CVE-2019-10163
MD5 | ff8f17b50af1f0bb3cb6636d1fe40756
Modbus Slave PLC 7 Buffer Overflow
Posted Oct 29, 2018
Authored by Kagan Capar

Modbus Slave PLC 7 .msw buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
MD5 | 6bebf0422799ee464534dc7b276b419d
FreeBSD Security Advisory - FreeBSD-SA-16:08.bind
Posted Jan 27, 2016
Authored by ISC | Site security.freebsd.org

FreeBSD Security Advisory - There is an off-by-one error in a buffer size check when performing certain string formatting operations. Slaves using text-format db files could be vulnerable if receiving a malformed record in a zone transfer from their master. Masters using text-format db files could be vulnerable if they accept a malformed record in a DDNS update message. Recursive resolvers are potentially vulnerable when debug logging is enabled and if they are fed a deliberately malformed record by a malicious server. A server which has cached a specially constructed record could encounter this condition while performing 'rndc dumpdb'.

tags | advisory
systems | freebsd
advisories | CVE-2015-8704
MD5 | 58ee0826c7ba3739bb2d731b7fc83928
IO Slaves KDE Insufficient Input Validation
Posted Nov 19, 2014
Authored by D. Burton, T. Brown | Site portcullis-security.com

It was discovered that a number of the protocol handlers (referred to as IO slaves) did not satisfactorily handle malicious input. It is possible for an attacker to inject JavaScript by manipulating IO slave URI such that the JavaScript from the manipulated request is returned in the response.

tags | exploit, javascript, protocol
advisories | CVE-2014-8600
MD5 | 36248d1b9a357a4aabeb1f26abe80403
Mandriva Linux Security Advisory 2011-071
Posted Apr 8, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-071 - kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702. Additionally it was discovered that kdelibs4 for 2009.0 was using an old private copy of the ca-bundle.crt file containing the root CA certs, this has now been resolved so that it uses the system wide and up to date /etc/pki/tls/certs/ca-bundle.crt file last updated with the MDVSA-2011:068 advisory.

tags | advisory, arbitrary, root, spoof
systems | linux, mandriva
advisories | CVE-2011-1094
MD5 | 71a536ee8df36ac9849f5aed2bdbec60
Ubuntu Security Notice USN-1100-1
Posted Mar 31, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1100-1 - It was discovered that OpenLDAP did not properly check forwarded authentication failures when using a slave server and chain overlay. If OpenLDAP were configured in this manner, an attacker could bypass authentication checks by sending an invalid password to a slave server. It was discovered that OpenLDAP did not properly perform authentication checks to the rootdn when using the back-ndb backend. An attacker could exploit this to access the directory by sending an arbitrary password. Ubuntu does not ship OpenLDAP with back-ndb support by default. This issue did not affect Ubuntu 8.04 LTS. It was discovered that OpenLDAP did not properly validate modrdn requests. An unauthenticated remote user could use this to cause a denial of service via application crash.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-1024, CVE-2011-1025, CVE-2011-1081
MD5 | 105acb722cf292813b82a0d12174cf64
Mandriva Linux Security Advisory 2011-056
Posted Mar 30, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-056 - chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server. bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name, which allows remote attackers to bypass intended access restrictions via an arbitrary password. modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service via a relative Distinguished Name that contains an empty value for the OldDN field. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, arbitrary, root
systems | linux, mandriva
advisories | CVE-2011-1024, CVE-2011-1025, CVE-2011-1081
MD5 | 163855e28dd547d30ccf2fe21546492e
Mandriva Linux Security Advisory 2011-055
Posted Mar 30, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-055 - chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server. modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service via a relative Distinguished Name that contains an empty value for the OldDN field.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2011-1024, CVE-2011-1081
MD5 | 7e8fa8300fb8a5afdc20cc30018442df
Mandriva Linux Security Advisory 2011-025
Posted Feb 10, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-025 - The MIT krb5 KDC database propagation daemon is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause the termination of the listening process that spawned it, preventing the slave KDC it was running on From receiving database updates from the master KDC. The MIT krb5 Key Distribution Center daemon is vulnerable to denial of service attacks from unauthenticated remote attackers. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2010-4022, CVE-2011-0281, CVE-2011-0282
MD5 | 7b526947f7ae90f2ca47e7ea2fd3b474
MIT krb5 Security Advisory 2011-001
Posted Feb 8, 2011
Site web.mit.edu

MIT krb5 Security Advisory 2011-001 - The MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause the termination of the listening process that spawned it, preventing the slave KDC it was running on from receiving database updates from the master KDC.

tags | advisory
advisories | CVE-2010-4022
MD5 | 38e5527bcf61940cfcd89ea7c7813dd2
TPTI-07-15.txt
Posted Sep 20, 2007
Authored by Ganesh Devarajan | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Automated Solutions Modbus TCP Slave ActiveX Control. Authentication is not required to exploit this vulnerability. The specific flaw exists within MiniHMI.exe which binds to TCP port 502. When processing malformed Modbus requests on this port a controllable heap corruption can occur which may result in execution of arbitrary code.

tags | advisory, remote, arbitrary, tcp, activex
advisories | CVE-2007-4827
MD5 | 0d534b93256518fcf493b72761cb45fa
KDE Security Advisory 2007-03-26.1
Posted Mar 28, 2007
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - The KDE FTP ioslave parses the host address in the PASV response of a FTP server response. mark from bindshell.net pointed out that this could be exploited via JavaScript for automated port scanning. It was not possible to demonstrate the vulnerability via JavaScript with Konqueror from KDE 3.5.x. However, other scenarios are possible. Systems affected are KDE up to and including KDE version 3.5.6.

tags | advisory, javascript
advisories | CVE-2007-1564
MD5 | e41d0dae2db60f0e276e0faac260dac9
Debian Linux Security Advisory 1273-1
Posted Mar 28, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1273-1 - Several vulnerabilities have been discovered in nas, the Network Audio System. A stack-based buffer overflow in the accept_att_local function in server/os/connection.c in nas allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection. Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value. The AddResource function in server/dia/resource.c allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID. Array index error allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c. The ReadRequestFromClient function in server/os/io.c allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546, CVE-2007-1547
MD5 | 8cadded62e8d82be3b752f801c87f741
Debian Linux Security Advisory 1169-1
Posted Sep 7, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1169-1 - Several local vulnerabilities have been discovered in the MySQL database server. Michal Prokopiuk discovered that remote authenticated users are permitted to create and access a database if the lowercase spelling is the same as one they have been granted access to. Beat Vontobel discovered that certain queries replicated to a slave could crash the client and thus terminate the replication.

tags | advisory, remote, local, vulnerability
systems | linux, debian
advisories | CVE-2006-4226, CVE-2006-4380
MD5 | d681538479702c1b2dc6181ee316561c
Mandriva Linux Security Advisory 2006.158
Posted Sep 7, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-158 - MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects. There is also a bug in the MySQL-Max (and MySQL) init script where the script was not waiting for the mysqld daemon to fully stop. This impacted the restart behavior during updates, as well as scripted setups that temporarily stopped the server to backup the database files.

tags | advisory, denial of service, local
systems | linux, mandriva
advisories | CVE-2006-4389
MD5 | 8ba06d45177758f0f30e180b234174b8
Mandriva Linux Security Advisory 2006.083
Posted May 17, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-083: A race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.

tags | advisory, local
systems | linux, mandriva
MD5 | 13bd5d34120c6931c24b26d65c1f0472
IRC_slave.a.txt
Posted Mar 21, 2006
Authored by saic | Site saic.sapht.com

IRC_slave.a is a perl script designed to listen on a specified IRC channel and execute commands on the host running the script.

tags | perl
MD5 | 0d52b703511a82455067f0f1a77c10fe
bugzila-2.16.10.txt
Posted Dec 29, 2005
Authored by David Miller | Site bugzilla.mozilla.org

Bugzilla versions 2.9 through 2.16.10 use a script called syncshadowdb to manually replicate data between a master database and a slave. The script uses temporary files in an unsafe way since it selects a name for the file based on PID and does not make any effort to determine if the file exists and if it is a symlink. A local user could use this to direct symlink attacks and overwrite files that Bugzilla has access to.

tags | advisory, local
MD5 | c431672933e2b7aa1270fc278c499911
RFC-NG-3.3.0.tar.gz
Posted Nov 20, 2005
Authored by Claudio Panichi | Site rfc.sourceforge.net

RFC (Remote Filesystem Checker) is a set of scripts that aims to help system administrators run a filesystem checker (like tripwire, aide, etc.) from a master-node to several slave-nodes using ssh, scp, sudo, and few other common shell commands.

Changes: Minor release with an updated AFICK and nice contributions from some RFC's users.
tags | tool, remote, shell, integrity
MD5 | b6391162c7ed6c8186c2d0b132b6356c
Ubuntu Security Notice 152-1
Posted Jul 22, 2005
Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice USN-152-1 - Andrea Barisani discovered a flaw in the SSL handling of pam-ldap and libnss-ldap. When a client connected to a slave LDAP server using SSL, the slave server did not use SSL as well when contacting the LDAP master server. This caused passwords and other confident information to be transmitted unencrypted between the slave and the master.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2005-2069
MD5 | 7b48ea67d909e579b55b086390dbeda1
Gentoo Linux Security Advisory 200507-13
Posted Jul 15, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200507-13 - Rob Holland of the Gentoo Security Audit Team discovered that pam_ldap and nss_ldap fail to use TLS for referred connections if they are referred to a master after connecting to a slave, regardless of the ssl start_tls ldap.conf setting. Versions less than 239-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-2069
MD5 | 93f4108556b7a42d38c62c4455cb042f
KDE Security Advisory 2005-01-01.1
Posted Jan 5, 2005
Authored by KDE Desktop | Site kde.org

KDE Security Advisory: KDE applications which use the ftp kioslave, e.g. Konqueror, allow remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline ( %0a ) before the ftp command, which causes the commands to be inserted into the resulting FTP session. Due to similarities between the ftp and the SMTP protocol, this vulnerability allows to misuse the ftp slave to connect to a SMTP server and issue arbitrary commands, like sending an email. Systems affected: All KDE releases up to including KDE 3.3.2.

tags | advisory, remote, arbitrary, protocol
advisories | CVE-2004-1165
MD5 | 3af2dd0e12572e297f77d9a3106813fb
dc_ifenslave.c
Posted Oct 26, 2004
Authored by Diabolic Crab | Site hackerscenter.com

Local root exploit for /sbin/ifenslave.

tags | exploit, local, root
MD5 | 7e68f47a92a772438255870a518529e6
RFC-NG-3.2.0.tar.gz
Posted Aug 31, 2004
Authored by Claudio Panichi | Site rfc.sourceforge.net

RFC (Remote Filesystem Checker) is a set of scripts that aims to help system administrators run a filesystem checker (like tripwire, aide, etc.) from a master-node to several slave-nodes using ssh, scp, sudo, and few other common shell commands.

Changes: Minor fixes.
tags | tool, remote, shell, integrity
MD5 | b6100e037ba1ba86bf1b55381eb51b82
webdevil-v1.tar.gz
Posted May 17, 2004
Authored by Mike Jackson

Webdevil is a tool used to create a distributed performance test against webservers by keeping connections alive until the server times them out. Slave daemon is included to assist in stress testing.

tags | denial of service
MD5 | 56e37bef1c7c45d2b7a6d99f143f0ccf
Page 1 of 2
Back12Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close