This Metasploit module exploits a source code disclosure/download vulnerability in versions 4.0.14 and prior of LiteSpeed.
db2d2b8012838a44a1d1f84b4eef832a3a44a4bbe6ff3f32e536756ab33bac39This Metasploit module exploits a directory traversal flaw in the Samba CIFS server. To exploit this flaw, a writeable share must be specified. The newly created directory will link to the root filesystem.
da49454c5f849f765142c42e065734b0088421d4e93444a769a657b11fdb04afThis Metasploit module triggers Denial of Service condition in the Microsoft Internet Information Services (IIS) FTP Server 5.0 through 7.0 via a list (ls) -R command containing a wildcard. For this exploit to work in most cases, you need 1) a valid ftp account: either read-only or write-access account 2) the "FTP Publishing" must be configured as "manual" mode in startup type 3) there must be at least one directory under FTP root directory. If your provided an FTP account has write-access privilege and there is no single directory, a new directory with random name will be created prior to sending exploit payload.
67404248bb76198423211333f1d01b1d47d12b762daf1e199c5e9619ec7c4de7The byterange filter in the Apache HTTP Server 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, exploit called "Apache Killer".
0734a15f0aad55080228d326c0a457d79a25be07a59d2418157e4a484a6b1003This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor (rtld). The rtld unsetenv() function fails to remove LD_* environment variables if __findenv() fails. This can be abused to load arbitrary shared objects using LD_PRELOAD, resulting in privileged code execution.
b7d2e9a938e3bd3e306735ac30c5547fb5873fe1a798d291f7cd437bdee37ad0OpenSSH allows for unlimited password cracking in a two minute timeframe.
25629b480318a8e57f7afa8ce9daa4ea9ed171b4e2087d872c4851d327423301Apache and PHP remote command execution exploit that leverages php5-cgi.
9d57dc343cc59f716358c28109591d65f8d5b225d645fd188e0084e43bad3ad6ProFTPd installs with mod_sftp and mod_sftp_pam activated contain a memory exhaustion vulnerability.
95185308c28fd558885085b49bb19eba912372bf47baf1e28699dce9ade846a9Mikrotik RouterOS versions 5.x and 6.x suffer from an sshd remote pre-authentication heap corruption vulnerability. Included is a 50 meg Mikrotik package that includes all research items.
74610d5d75efcfb4a984b83085a1bd9e64779bd5d156fb3a81b92d7bb3439349Apache suEXEC suffers from privilege escalation and information disclosure vulnerabilities.
6eddc12273e6a9546d9219b053ff012eff046f9697318a4bec44daadab5df846This whitepaper document how the brute forcing exploit works for a buffer overflow vulnerability in nginx versions 1.3.9 and 1.4.0 on x86.
83e7a76cda024bdc1720e8569cb20218c76aa3c5b8a8f5ddfad4818e03f8afe9Squid version 3.3.5 remote denial of service crash exploit.
247867b58f499ec2f8cbd7f45618c22bc77cf0fc844f2741c42df41f4033fd68nginx version 1.3.9 and 1.4.0 x86 brute force proof of concept remote exploit that spawns a reverse shell.
c08d90d9385b3dfaf58239db1bfee804fe103d21d4ebed131c2c37bd98971111Reliable exploit for the Plesk PHP code injection vulnerability disclosed by Kingcope in June 2013. Can deliver inline and reverse shells using the payloads library, as well as offering (buggy) file upload features.
b76333a40c15eeb1e6e0fe351ee9f933ff24a237da980ed7dc853fd2e1f0d52cParallels Plesk version 9.5.4 (and possibly other versions) suffers from a remote PHP code execution vulnerability. This rar archive includes a working exploit and details surrounding the issue.
45eedc54848a9db5ff66ce3b3a0d147ce2510e8bc440ebf972f7b958ef500803ircd-hybrid version 8.0.5 on CentOS 6 denial of service exploit.
1ad9d4b2dbdf42d96561ba07e7956a32432227a3ff63dc81f94e3ce9afd25f47This archive has a whitepaper that discusses research and methods used to circumvent Microsoft Windows 7 and 8 memory protections in order to execute arbitrary assembly code. Proof of concepts are also provided.
c8e610b00b7c56c4bacab2f28c7776039d77d68be2dd25ef959f8e2a888d5f82This Metasploit module abuses the "wmicimsv" service on IBM System Director Agent 5.20.3 to accomplish arbitrary DLL injection and execute arbitrary code with SYSTEM privileges. In order to accomplish remote DLL injection it uses a WebDAV service as disclosed by kingcope on December 2012. Because of this, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. It is enabled and automatically started by default on Windows XP SP3, but disabled by default on Windows 2003 SP2.
57ad1d7f1d323cfb6acd126a3292c26cbc21aecfac9b4ae0aa47d8c45a07aaadThis Metasploit modules takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers (due to the use of a .mof file). This may result in arbitrary code execution under the context of SYSTEM. However, please note in order to use this module, you must have a valid MySQL account on the target machine.
4bdddccff72e6f861ece38c09f5e2d07982390d9788ff9574617a88479fcf1dcThis Metasploit module exploits a vulnerability in Tectia SSH server for Unix-based platforms. The bug is caused by a SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ request before password authentication, allowing any remote user to bypass the login routine, and then gain access as root.
a8cae2783ae383b985cfe414beea92207b93fca99d51ada21c788b6eff779cccFreeFTPD remote SYSTEM level exploit that does not require a username. All versions as of 12/03/2012 are affected.
b7bff25b29023037bee1293ab7a4b53100ef5e4b3588f6dc35cf4926f6199596FreeSSHD suffers from a remote authentication bypass vulnerability.
0f3bd20a3e70422b385aedbcf9be79dcffb498416d75c29e1820bbafa68dab21The SSH USERAUTH CHANGE REQUEST routines in SSH Tectia (a commercial version of OpenSSH) suffer from a remote authentication bypass vulnerability.
90574e5a353e4c3a76ad8f415c316dc006d8d28e2cf0d2589bd14d0b13c310a8This is the telnet encrypt key id priv8 modified version of synscan.
941d0545a6636757939b84f3cf7f19204935caab6241cc3cf55bcb2b2b71ba5eOracle MySQL suffers from a user enumeration vulnerability. This is a utility that demonstrates the issue.
8460a0977a201113cdd0cf16e055c51392db08aa506165c818a881ce632dbd1d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed