exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Hiawatha WebServer 7.4 Denial Of Service
Posted Mar 7, 2011
Authored by ipax | Site dclabs.com.br

Hiawatha WebServer version 7.4 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 80318ee6a80e3cdf8451955911b1bdd5b63a92301b713132026bb94ed35fbc6b

Related Files

Oxide Webserver 2.0.4 Denial Of Service
Posted Jul 20, 2012
Authored by Antu Sanadi | Site secpod.com

Oxide Webserver versions 2.0.4 and below suffer from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | 78053e16329204d000b42f631dfb570dbbbb076108666340fe38090874ae6db5
SimpleWebServer 2.2-rc2 Remote Buffer Overflow
Posted Jul 19, 2012
Authored by mr.pr0n

SimpleWebServer version 2.2-rc2 remote buffer overflow exploit that achieves code execution.

tags | exploit, remote, overflow, code execution
SHA-256 | d479bd8f4fea4bdf5c0972e056189d54814dde491f87ef49ea5a3093231a8ef1
Tiki Wiki <= 8.3 unserialize() PHP Code Execution
Posted Jul 6, 2012
Authored by EgiX, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in Tiki Wiki <= 8.3 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the 'tiki-print_multi_pages.php' script, which is called with user controlled data from the 'printpages' parameter. The exploit abuses the __destruct() method from the Zend_Pdf_ElementFactory_Proxy class to write arbitrary PHP code to a file on the Tiki Wiki web directory. In order to run successfully three conditions must be satisfied (1) display_errors php setting must be On to disclose the filesystem path of Tiki Wiki, (2) The Tiki Wiki Multiprint feature must be enabled to exploit the unserialize() and (3) a php version older than 5.3.4 must be used to allow poison null bytes in filesystem related functions. The exploit has been tested successfully on Ubuntu 9.10 and Tiki Wiki 8.3.

tags | exploit, web, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2012-0911
SHA-256 | 04e6daabf6b6a5dba1b8fa576bc4f910b4df1c7b90652847142a832796744523
Debian Security Advisory 2506-1
Posted Jul 3, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2506-1 - Qualys Vulnerability and Malware Research Labs discovered a vulnerability in ModSecurity, a security module for the Apache webserver. In situations where present in HTTP headers, the vulnerability could allow an attacker to bypass policy and execute cross-site script (XSS) attacks through properly crafted HTML documents.

tags | advisory, web
systems | linux, debian
advisories | CVE-2012-2751
SHA-256 | 268fa7526f03a156888745c47b7f004f546de02d75ff3065034b7484a643b7e5
Zero Day Initiative Advisory 12-106
Posted Jun 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-106 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avaya IP Office Customer Call Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists because Avaya IP Office Customer Call Reporter allows unauthenticated users to upload files to the webserver through ImageUpload.ashx. The uploaded files will not be stripped of their file extensions and the directory where they are uploaded to has no scripting restrictions. This flaw can lead the remote code execution under the context of the user running the IP Office Customer Call Reporter, usually NETWORK SERVICE.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2012-3811
SHA-256 | c9875f083e981a649b82cd3fc96e172a5e7ead7522bb0fcbbb19128b2cc1d8b9
SugarCRM 6.3.1 unserialize() PHP Code Execution
Posted Jun 27, 2012
Authored by EgiX, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in SugarCRM versions 6.3.1 and below which could be abused to allow authenticated SugarCRM users to execute arbitrary code with the permissions of the webserver. The dangerous unserialize() exists in the 'include/MVC/View/views/view.list.php' script, which is called with user controlled data from the 'current_query_by_page' parameter. The exploit abuses the __destruct() method from the SugarTheme class to write arbitrary PHP code to a 'pathCache.php' on the web root.

tags | exploit, web, arbitrary, root, php
advisories | CVE-2012-0694
SHA-256 | 1e73a4a4f9bf312d43feeea95213bce49f5dcf97660320b96cca53b8c0f4ba3d
Zero Day Initiative Advisory 12-091
Posted Jun 9, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-091 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists because Symantec Web Gateway allows unauthenticated users to upload a file while preserving the file extension. This allows users to upload additional script files that can be used to execute remote code from user supplied commands under the context of the webserver.

tags | advisory, remote, web, arbitrary
advisories | CVE-2012-0299
SHA-256 | e6455c20b1364db65ee13fb4709268297326339c75eaaeafc7611ed4f8084cdd
HULK - Http Unbearable Load King
Posted May 18, 2012
Authored by Barry Shteiman | Site sectorix.com

HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.

tags | tool, web, denial of service, python
SHA-256 | d9c1a1a5082375991a0038f05e0d43d9b63ed9ae620deaea9690c624aa50a37a
Ubuntu Security Notice USN-1368-1
Posted Feb 17, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1368-1 - It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. Prutha Parikh discovered that the mod_proxy module did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
SHA-256 | fa8c135df3525e7c504b7b8471eb4ffb02bbcb4cef2d2668c2621785aaf45c6c
Viper FakeUpdate Script
Posted Feb 8, 2012
Authored by Bl4ck.Viper

This is a simple script to spawn dns spoofing, arp spoofing, a fake update page for Windows and a backdoored executable on a webserver to cause the Windows box to connect back. Requires Metasploit.

tags | tool, spoof, rootkit
systems | windows, unix
SHA-256 | fafffa5a5d80b84aa1e06752a7b0e865780f651a7fbff17eb1f66ed93cefbbbc
Tibetsystem OwnServer 1.0 Directory Traversal
Posted Feb 8, 2012
Authored by Jason Ellison

Tibetsystem DVRs use the OwnServer 1.0 webserver that suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 0528fefede727d710f185434e149a12cf44e5683460a8921a5460b534383ec45
HServer Webserver 0.1.1 Directory Traversal
Posted Jan 5, 2012
Authored by demonalex

HServer Webserver version 0.1.1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 49733523d8cba8346a2ff327155c4842b6258ea7e7136eb8110990eef92ad759
Log2Command 1.0
Posted Jan 2, 2012
Site it.sverigedemokraterna.se

log2command is a PHP script that tracks IPs in log files and executes shell commands per each IP. log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the webserver log file and watches for inactivity from the user's IP. After an amount of time another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command-line program that can be run in the background.

tags | tool, shell, php, rootkit
systems | unix
SHA-256 | df3d9c8ed704fef75b0299e0e7a5d3f53ce40512cc6b54ed3e1432b1ad72df36
Debian Security Advisory 2368-1
Posted Dec 21, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2368-1 - Several vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-4362, CVE-2011-3389
SHA-256 | f07a24700e2eeea7198aeaf2eec0970239a3a34b71aaa8f180afb3e0a6490a33
GoAhead Webserver 2.5 Cross Site Scripting
Posted Dec 2, 2011
Authored by Prabhu S Angadi | Site secpod.com

GoAhead Webserver version 2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a64980839b8a19e5dc3c0736e1c0d10a190c74aa831d46d6f409efc77bf48153
Secunia Security Advisory 46894
Posted Nov 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in GoAhead WebServer, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | 6c4a864347cfcddbf0fda6633539bc7d0498505bc2ca33492cdf82c5945ddf39
Secunia Security Advisory 46896
Posted Nov 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in GoAhead Webserver, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | cf756aaec357f154fa55bae2c2ed7cc8a77ae662dc8a834183f9829af978f9ea
Ubuntu Security Notice USN-1259-1
Posted Nov 11, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1259-1 - It was discovered that the mod_proxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Stefano Nichele discovered that the mod_proxy_ajp module in Apache when used with mod_proxy_balancer in certain configurations could allow remote attackers to cause a denial of service via a malformed HTTP request. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2011-1176, CVE-2011-3348, CVE-2011-3368
SHA-256 | 7bef884df5589e1fd12588b714aa616b41b6f836aa2d49c1baa9c3029d8685d0
Merethis Centreon 2.3.1 Code Execution
Posted Nov 8, 2011
Authored by Christophe de la Fuente | Site trustwave.com

The Centreon supervision and monitoring tool provided by Merethis permits remote code execution from the command help web page allowing an attacker to execute arbitrary commands in the context of the webserver hosting the application. The system also uses a one-way hash without a salt. Versions 2.3.1 and below are affected.

tags | exploit, remote, web, arbitrary, code execution
SHA-256 | 8baa1a03e20514db0ebdff56296a1f3d2b0ea0473b7d740b7747c685e31fb6df
Administrative PHP Scanner
Posted Oct 11, 2011
Authored by Skote Vahshat

This PHP script scans a given webserver for various phpMyAdmin administrative pages / directories.

tags | tool, scanner, php
systems | unix
SHA-256 | 43b359163a0d78664ab5ee845e18e82ef711188e22723956ec574d7fa9b891a4
Browser Exploit Against SSL/TLS
Posted Oct 3, 2011
Authored by Juliano Rizzo, Thai Duong

Browser Exploit Against SSL/TLS, or BEAST, is a proof of concept tool that demonstrates a weakness in the SSL protocol. It allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.

tags | exploit, protocol, proof of concept
SHA-256 | 8526928f509f97d7e0834f717c78107205e579fe4ff0afe98df28f0c90da1eca
MyWebServer 1.0.3 Denial Of Service
Posted Jul 29, 2011
Authored by X-h4ck

MyWebServer version 1.0.3 suffers from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | 673ed7cfec26749b14ec4996ad07fbed7d17e304de1e91825849f7949f92e9ba
MyWebServer 1.0.3 Arbitrary File Download
Posted Jul 29, 2011
Authored by X-h4ck

MyWebServer version 1.0.3 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | d4996c4c733d4a5b035b5aae5c50a79599b51430fd59a050497f73d8eeff330f
MinaliC Webserver Cross Site Scripting
Posted Jul 28, 2011
Authored by Zer0 Thunder

MinaliC Webserver suffers from a cross site scripting vulnerability in the generated 404 page.

tags | exploit, xss
SHA-256 | 900ea491b5a59093ad12a47315ce52d24123e044ab6e62772d3b13759ddaa82d
MinaliC Webserver 2.0 Source Disclosure
Posted Jul 27, 2011
Authored by X-h4ck

MinaliC Webserver version 2.0 suffers from a remote source disclosure vulnerability. This is the same issue that was previously discovered in version 1.0.

tags | exploit, remote, info disclosure
SHA-256 | 4cd2e2d5f428953b64047a57af7e3483a0f17db0463847ae0b5095258ad1f9ae
Page 1 of 4
Back1234Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close