what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Zervit 0.02 Buffer Overflow
Posted Apr 15, 2009
Authored by e.wiZz!

Zervit webserver version 0.02 suffers from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
MD5 | 8f16456e4ecfb2e1f4ff1bec48035eb4

Related Files

Oxide Webserver 2.0.4 Denial Of Service
Posted Jul 20, 2012
Authored by Antu Sanadi | Site secpod.com

Oxide Webserver versions 2.0.4 and below suffer from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
MD5 | b095853b9282081b810c3e39455ce280
SimpleWebServer 2.2-rc2 Remote Buffer Overflow
Posted Jul 19, 2012
Authored by mr.pr0n

SimpleWebServer version 2.2-rc2 remote buffer overflow exploit that achieves code execution.

tags | exploit, remote, overflow, code execution
MD5 | a674d34d5ee58a37ae4c282e8c852ebb
Tiki Wiki <= 8.3 unserialize() PHP Code Execution
Posted Jul 6, 2012
Authored by EgiX, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in Tiki Wiki <= 8.3 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the 'tiki-print_multi_pages.php' script, which is called with user controlled data from the 'printpages' parameter. The exploit abuses the __destruct() method from the Zend_Pdf_ElementFactory_Proxy class to write arbitrary PHP code to a file on the Tiki Wiki web directory. In order to run successfully three conditions must be satisfied (1) display_errors php setting must be On to disclose the filesystem path of Tiki Wiki, (2) The Tiki Wiki Multiprint feature must be enabled to exploit the unserialize() and (3) a php version older than 5.3.4 must be used to allow poison null bytes in filesystem related functions. The exploit has been tested successfully on Ubuntu 9.10 and Tiki Wiki 8.3.

tags | exploit, web, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2012-0911
MD5 | f2b5160e61e85582844eefb51772013f
Debian Security Advisory 2506-1
Posted Jul 3, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2506-1 - Qualys Vulnerability and Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where present in HTTP headers, the vulnerability could allow an attacker to bypass policy and execute cross-site script (XSS) attacks through properly crafted HTML documents.

tags | advisory, web
systems | linux, debian
advisories | CVE-2012-2751
MD5 | 67bc8a94713ca7a4762bfdb257d83e24
Zero Day Initiative Advisory 12-106
Posted Jun 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-106 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avaya IP Office Customer Call Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists because Avaya IP Office Customer Call Reporter allows unauthenticated users to upload files to the webserver through ImageUpload.ashx. The uploaded files will not be stripped of their file extensions and the directory where they are uploaded to has no scripting restrictions. This flaw can lead the remote code execution under the context of the user running the IP Office Customer Call Reporter, usually NETWORK SERVICE.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2012-3811
MD5 | 5f62220abf46debe38080c31d399c706
SugarCRM 6.3.1 unserialize() PHP Code Execution
Posted Jun 27, 2012
Authored by EgiX, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in SugarCRM versions 6.3.1 and below which could be abused to allow authenticated SugarCRM users to execute arbitrary code with the permissions of the webserver. The dangerous unserialize() exists in the 'include/MVC/View/views/view.list.php' script, which is called with user controlled data from the 'current_query_by_page' parameter. The exploit abuses the __destruct() method from the SugarTheme class to write arbitrary PHP code to a 'pathCache.php' on the web root.

tags | exploit, web, arbitrary, root, php
advisories | CVE-2012-0694
MD5 | 7d01dafa74c844c1735769142b67e3ac
Zero Day Initiative Advisory 12-091
Posted Jun 9, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-091 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists because Symantec Web Gateway allows unauthenticated users to upload a file while preserving the file extension. This allows users to upload additional script files that can be used to execute remote code from user supplied commands under the context of the webserver.

tags | advisory, remote, web, arbitrary
advisories | CVE-2012-0299
MD5 | 7e0eabccbe8dc17d2aa2f1658b487388
HULK - Http Unbearable Load King
Posted May 18, 2012
Authored by Barry Shteiman | Site sectorix.com

HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.

tags | tool, web, denial of service, python
MD5 | 0fcee2cc0488500336b766af4478c3d8
Ubuntu Security Notice USN-1368-1
Posted Feb 17, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1368-1 - It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. Prutha Parikh discovered that the mod_proxy module did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
MD5 | 1d078ff082d235649b6924ec90bd961f
Viper FakeUpdate Script
Posted Feb 8, 2012
Authored by Bl4ck.Viper

This is a simple script to spawn dns spoofing, arp spoofing, a fake update page for Windows and a backdoored executable on a webserver to cause the Windows box to connect back. Requires Metasploit.

tags | tool, spoof, rootkit
systems | windows, unix
MD5 | e17d0ef919b2eabebc9761c4abdea8c7
Tibetsystem OwnServer 1.0 Directory Traversal
Posted Feb 8, 2012
Authored by Jason Ellison

Tibetsystem DVRs use the OwnServer 1.0 webserver that suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 56f3e8aa61901f737d73f53b412cb750
HServer Webserver 0.1.1 Directory Traversal
Posted Jan 5, 2012
Authored by demonalex

HServer Webserver version 0.1.1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 5de1a299cceeade02811d532c26e1aec
Log2Command 1.0
Posted Jan 2, 2012
Site it.sverigedemokraterna.se

log2command is a PHP script that tracks IPs in log files and executes shell commands per each IP. log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the webserver log file and watches for inactivity from the user's IP. After an amount of time another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command-line program that can be run in the background.

tags | tool, shell, php, rootkit
systems | unix
MD5 | 8e19ae8abd2570913871373fe04844fa
Debian Security Advisory 2368-1
Posted Dec 21, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2368-1 - Several vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-4362, CVE-2011-3389
MD5 | 9bd1fceee6ba528132822e47cbddad9c
GoAhead Webserver 2.5 Cross Site Scripting
Posted Dec 2, 2011
Authored by Prabhu S Angadi | Site secpod.com

GoAhead Webserver version 2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4923f3c0b0d95898abb3ce43d962f502
Secunia Security Advisory 46894
Posted Nov 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in GoAhead WebServer, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
MD5 | 0c3d3f656e256cd92d26815cb1737671
Secunia Security Advisory 46896
Posted Nov 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in GoAhead Webserver, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | c542b77539fc3aa69079d9970cac970d
Ubuntu Security Notice USN-1259-1
Posted Nov 11, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1259-1 - It was discovered that the mod_proxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Stefano Nichele discovered that the mod_proxy_ajp module in Apache when used with mod_proxy_balancer in certain configurations could allow remote attackers to cause a denial of service via a malformed HTTP request. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2011-1176, CVE-2011-3348, CVE-2011-3368
MD5 | e9eb4cdce21f76bca01980910f3b1b4f
Merethis Centreon 2.3.1 Code Execution
Posted Nov 8, 2011
Authored by Christophe de la Fuente | Site trustwave.com

The Centreon supervision and monitoring tool provided by Merethis permits remote code execution from the command help web page allowing an attacker to execute arbitrary commands in the context of the webserver hosting the application. The system also uses a one-way hash without a salt. Versions 2.3.1 and below are affected.

tags | exploit, remote, web, arbitrary, code execution
MD5 | a6b0f2282a375e29d3f39931335be4e4
Administrative PHP Scanner
Posted Oct 11, 2011
Authored by Skote Vahshat

This PHP script scans a given webserver for various phpMyAdmin administrative pages / directories.

tags | tool, scanner, php
systems | unix
MD5 | 06156125c2b02e481d3356010b1daa6a
Browser Exploit Against SSL/TLS
Posted Oct 3, 2011
Authored by Juliano Rizzo, Thai Duong

Browser Exploit Against SSL/TLS, or BEAST, is a proof of concept tool that demonstrates a weakness in the SSL protocol. It allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.

tags | exploit, protocol, proof of concept
MD5 | c0d832089612de08c6935977f7c401f5
MyWebServer 1.0.3 Denial Of Service
Posted Jul 29, 2011
Authored by X-h4ck

MyWebServer version 1.0.3 suffers from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
MD5 | 93a7b73e2f73b85b9359c62fe32e0e9b
MyWebServer 1.0.3 Arbitrary File Download
Posted Jul 29, 2011
Authored by X-h4ck

MyWebServer version 1.0.3 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
MD5 | 632e8526a4ef6868ed6335e066805d6d
MinaliC Webserver Cross Site Scripting
Posted Jul 28, 2011
Authored by Zer0 Thunder

MinaliC Webserver suffers from a cross site scripting vulnerability in the generated 404 page.

tags | exploit, xss
MD5 | 147910b9a0a489270ee46d3a99f138ed
MinaliC Webserver 2.0 Source Disclosure
Posted Jul 27, 2011
Authored by X-h4ck

MinaliC Webserver version 2.0 suffers from a remote source disclosure vulnerability. This is the same issue that was previously discovered in version 1.0.

tags | exploit, remote, info disclosure
MD5 | 3e09e1fd686d3c841e4258105eb7e501
Page 1 of 4
Back1234Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    15 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close