exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

mod_rootme-0.2.tgz
Posted Jun 22, 2004
Authored by Christophe Devine

mod_rootme is a very cool module that sets up a backdoor inside of Apache where a simple GET request will allow a remote administrator the ability to grab a root shell on the system without any logging.

Changes: Updated to support the 2.x series.
tags | remote, web, shell, root
SHA-256 | 9a739606a09c5832a815a754bcd656241faf19f768f15d9537d2c76938728b00

Related Files

Modbus Slave 7.3.1 Buffer Overflow
Posted Nov 22, 2021
Authored by Yehia Elghaly

Modbus Slave version 7.3.1 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 39eb7cf402d22f485cd56cc220faeb4a38a297d3d16f3a8b49633e716d0a7ae6
Modbus Slave 7.0.0 Denial Of Service
Posted Oct 29, 2018
Authored by Ihsan Sencan

Modbus Slave version 7.0.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2018-18759
SHA-256 | af71fc2884ac32623befb50350fd285ac9d8bb6be35591c523b9fe0199e6cbe8
Modbus Slave PLC 7 Buffer Overflow
Posted Oct 29, 2018
Authored by Kagan Capar

Modbus Slave PLC 7 .msw buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
SHA-256 | 57a316badac549c6e7e7a70dc048a41ecb4bd53fc9c8f1f0f65a53b66610d752
Modbus Poll 7.2.2 Denial Of Service
Posted Oct 22, 2018
Authored by Cemal Cihad CiFTCi

Modbus Poll version 7.2.2 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 9ad84d566a67041600a87c7ba57361924f3dde7551b9296f72542cc385cef813
ModbusPal 1.6b XML External Entity Injection
Posted May 10, 2018
Authored by Trent Gordon

ModbusPal version 1.6b suffers from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2018-10832
SHA-256 | 53bb5160dea2fc4c4d5c9c108d6af89ad0622323762be453253962cff0dc4dff
mod_accounting 0.5 Blind SQL Injection
Posted Sep 26, 2013
Authored by Wireghoul

mod_accounting version 0.5 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-5697
SHA-256 | 5f80d81efab9b887ab6063336f50467c4282d2a92a64c29cbf5563b42ba9f24a
Mod_auth_pubtkt 0.8
Posted Jun 28, 2012
Site neon1.net

mod_auth_pubtkt is a simple Web single sign-on (SSO) solution for Apache. It validates authentication tickets provided by the client in a cookie using public-key cryptography (DSA or RSA). Thus, only the login server that generates the tickets needs to possess the private key, while Web servers can verify tickets given only the public key. The implementation of the login server is left to the user, but an example and a library in PHP are provided with the distribution.

Changes: A new option and corresponding field in the ticket ("bauth") make it possible to specify the Basic authorization username/password in the ticket (e.g., when reverse proxying to a third party system which cannot use mod_auth_pubtkt). The credentials can optionally be encrypted in the ticket.
tags | web, php
systems | unix
SHA-256 | 6243e220a650147a49269970cfc1491e6c727f6e9ef4eb34673909783bc258b2
Mod_auth_pubtkt 0.7
Posted Jun 4, 2012
Site neon1.net

mod_auth_pubtkt is a simple Web single sign-on (SSO) solution for Apache. It validates authentication tickets provided by the client in a cookie using public-key cryptography (DSA or RSA). Thus, only the login server that generates the tickets needs to possess the private key, while Web servers can verify tickets given only the public key. The implementation of the login server is left to the user, but an example and a library in PHP are provided with the distribution.

Changes: The public key can be set per directory instead of only globally. The login URL is now optional, and a new TKTAuthBadIPURL option has been added. Furthermore, the module now compiles with Apache 2.4 and includes a Perl ticket generation module.
tags | web, php
systems | unix
SHA-256 | 8ff3de9c5acc026c6fd74fd8e599c0c2659cd29c51693dbf67a8bf8c609be94e
MODACOM URoad-5000 1450 Command Execution
Posted Jun 2, 2011
Authored by Alex Stanev | Site sec.stanev.org

MODACOM URoad-5000 version 1450 has a hard-coded backdoor account that allows for remote command execution.

tags | exploit, remote
SHA-256 | 7aa00fead7d830e9d8dce87c99dd46947c5558d1709822584f40bcd93224942c
Model Agentur Script SQL Injection
Posted Feb 8, 2011
Authored by NoNameMT

Model Agentur Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ef48c4dd4a480e31bdb158ccfd38f8fd55aac3ce73e726a0fdfcbf613165dfd8
Modelbook SQL Injection
Posted Apr 29, 2010
Authored by v3n0m

Modelbook suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 962fdcb917cafd16f27f55d4b260d5158b4fc7c58e1cdcda5711fd68f7eb7554
Apache mod_psldap Module 0.93
Posted Apr 21, 2010
Site sourceforge.net

mod_psldap is an Apache module that performs authentication and authorization against an LDAP server with LDAP based session management. It also provides Web 2.0 based capabilities to add, edit, move, and create new records in the LDAP store, leveraging XSL stylesheets to offload heavy processing to the clients and reduce bandwidth consumption by up to 95% or more.

Changes: This release provides new core capabilities to support new actions to register users. It also adds LDAP attributes and client side drag and drop editing of the LDAP records to reassign records to superiors, people to managers, and members to groups. A client side form validation framework was introduced, which simplifies validation through leverage of custom attributes on the input elements.
tags | web
SHA-256 | 41e6461d2c3d8d11aae52da0ed3fb1268f990398109b089181f992a02eccefc6
Apache mod_psldap Module 0.92
Posted Apr 6, 2010
Site sourceforge.net

mod_psldap is an Apache module that performs authentication and authorization against an LDAP server with LDAP based session management. It also provides Web 2.0 based capabilities to add, edit, move, and create new records in the LDAP store, leveraging XSL stylesheets to offload heavy processing to the clients and reduce bandwidth consumption by up to 95% or more.

Changes: This is a bug fix release to address variations on the initially tested configurations. It also restores isolation of site specific configurations to simplify an upgrade.
tags | web
SHA-256 | 100bdf5e1d045107171c2afce229a7edc1206398e366c182a682d2435c79eb43
Model Agency Manager Cross Site Scripting
Posted Dec 13, 2009
Authored by bi0

Model Agency Manager suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8ea501fd62b4294aabcd1c910a5dfef8ae2cf9c6e4be00571350605369851aaf
Model Agency Manager Pro SQL Injection
Posted Sep 10, 2009
Authored by R3d-D3v!L

Model Agency Manager Pro suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e70c724979a5876da8f1e0120b83a142b310f16725c006c8cd1553f25986518c
modcp-xss.txt
Posted Jun 19, 2008
Authored by Jessica Hope

The MCP (Moderation Control Panel) in vBulletin versions 3.7.1 PL1 and below and versions 3.6.10 PL1 and below suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ec09a6b4bdf41191253aeb5ec033a0969ffd23a2580a03b9e200bb727f5c1682
mod_evasive_1.10.1.tar.gz
Posted Feb 5, 2007
Authored by Jonathan A. Zdziarski | Site zdziarski.com

Mod_evasive is a module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive reports abuses via email and syslog facilities. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from requesting the same page more than a few times per second or making more than 50 requests with the same child per second.

tags | web
SHA-256 | 07c45139aa313899484a900f0fc162b3e17eb4f60fe474d7f3dd6c9941e95667
mod_securid-2.0.3.tar.gz
Posted Nov 27, 2006
Authored by Erwan Legrand | Site deny-all.com

The mod_securid Apache module implements RSA SecurID authentication for the Apache Web server. It allows administrators to restrict access to Web sites (or parts of Web sites) to users authenticated using a SecurID token and an ACE server.

Changes: Added configure script. Added process maintenance. Fixed a few bugs.
tags | web
SHA-256 | 87c2643540d71c6fdf5c119067c34b61e9d37872340eca467bdb8ec2afb42713
mod_dosevasive_1.10.tar.gz
Posted Jan 22, 2005
Authored by Jonathan Zdziarski | Site nuclearelephant.com

The Apache DoS Evasive Maneuvers Module is a module for both Apache 1.3 and 2.0 that provides functionality for detecting and fighting off DoS attacks and brute force attacks. It does this by adding addresses to a 10-second '403 List' and rejecting rapidly repeated requests for the same URL from the same addresses, using an internal hash table, on a per-child basis. This module can be configured to talk to ipchains, ipfilter, or any other tool designed to push the attack out to the network layer, and provides email notification in the event of an attack.

tags | web
SHA-256 | 8706ff58be35378fce2b7a916cc2bce6249a00c79eaa09e3ebbdb163d4e87bb9
mod_ssl-2.8.22-1.3.33.tar.gz
Posted Nov 3, 2004
Site modssl.org

mod_ssl provides provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1). It is based on the SSL/TLS toolkit OpenSSL and supports all SSL/TLS related functionality, including RSA and DSA/DH cipher support, X.509 CRL checking, etc. Additionally it provides special Apache related facilities like DBM and shared memory based inter-process SSL session caching. per-URL SSL session renegotiations, DSO support, etc.

Changes: Upgraded to Apache 1.3.33.
tags | encryption
SHA-256 | 1a3746197ff7c145a9ff56af130c00790f20d944bf0d62e48686f2cc248285a2
mod_security-1.8.5.tar.gz
Posted Nov 1, 2004
Site modsecurity.org

Mod_security is an Apache module whose purpose is to protect vulnerable applications and reject human or automated attacks. In addition to filtering requests, it also can create Web application audit logs. Understands regular expressions and POST payloads and runs on both branches of Apache. Windows binary available here.

Changes: This is is a maintenance release, which fixes minor problems found in v1.8.4.
tags | web
systems | windows
SHA-256 | 9d68e207e9b9c5a0f4504c919c2144de025eab61f8646127a7774509673a2982
mod_ssl-2.8.21-1.3.32.tar.gz
Posted Oct 26, 2004
Site modssl.org

mod_ssl provides provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1). It is based on the SSL/TLS toolkit OpenSSL and supports all SSL/TLS related functionality, including RSA and DSA/DH cipher support, X.509 CRL checking, etc. Additionally it provides special Apache related facilities like DBM and shared memory based inter-process SSL session caching. per-URL SSL session renegotiations, DSO support, etc.

Changes: Upgraded to Apache 1.3.32.
tags | encryption
SHA-256 | 1717eb96e9de60a24d73e9616fb7e6bcc9d47891c6e77cb26d4bf529c4382260
mod_ssl-2.8.20-1.3.31.tar.gz
Posted Oct 26, 2004
Site modssl.org

mod_ssl provides provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1). It is based on the SSL/TLS toolkit OpenSSL and supports all SSL/TLS related functionality, including RSA and DSA/DH cipher support, X.509 CRL checking, etc. Additionally it provides special Apache related facilities like DBM and shared memory based inter-process SSL session caching. per-URL SSL session renegotiations, DSO support, etc.

Changes: With OpenSSL 0.9.7, prevent session resumption during a renegotiation to force the client to negotiate a new (and acceptable to mod_ssl) cipher suite. Additionally, ensure that a correct cipher suite has been negotiated afterwards.
tags | encryption
advisories | CVE-2004-0885
SHA-256 | 4f307413360dcdc90283082e77179b8aa65256afaf718a5a7bc9668e25c6a72d
mod_security-1.8.4.tar.gz
Posted Sep 22, 2004
Site modsecurity.org

Mod_security is an Apache module whose purpose is to protect vulnerable applications and reject human or automated attacks. In addition to filtering requests, it also can create Web application audit logs. Understands regular expressions and POST payloads and runs on both branches of Apache.

Changes: Cool bug fixes.
tags | web
SHA-256 | da0c870fa4a338b0c96f55a1f1628faa5c1e63c009e3b4330f1fad221cab1a34
mod_authz_svn-copy-advisory.txt
Posted Jul 26, 2004
Site subversion.tigris.org

Subversion versions up to and including 1.0.5 have a bug in mod_authz_svn that allows users with write access to read portions of the repository that they do not have read access to.

tags | advisory
SHA-256 | aefe57e387f1f845c751e1078943c6c758ae74b2db1ff47970653f4b44b69547
Page 1 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close