Microsoft SQL Server - Payload Execution (via SQL Injection) (Metasploit)

$Id: mssqlpayloadsqli.rb 11730 2011-02-08 23:31:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

PT-2011-2598 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions 9.0.1 CHF1 and earlier Description: The issue allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. The vendor disputes the...

Automated Solutions Modbus/TCP OPC Server - Remote Heap Corruption (PoC)

!/usr/bin/python asmb-heap.py Automated Solutions Modbus/TCP OPC Server Remote Heap Corruption PoC Jeremy Brown 0xjbrown41-gmail-com Jan 2011 A specially crafted length field in a MODBUS packet header can trigger heap corruption. 00408312 | 8B5424 3C MOV EDX,DWORD PTR SS:ESP+3C - move length into...

Digital Forensics Framework v0.9.0 latest version download !

"DFF Digital Forensics Framework is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules." This is...

Apple iOS Safari - decodeURIComponent Remote Crash

Apple iOS Safari - decodeURIComponent Remote Crash Apple iPhone 3 Safari JavaScript - decodeURIComponent Remote Crash decodeURIComponent'$string'; "; iffileputcontents"./crash.html", $code echo"Point your safari mobile browser to crash.html.\r\n"; else echo"Cannot create file.\r\n"; ?...

Discuz!x官方 敏感信息泄露

简要描述： 由于官方项目的DEBUG缓存未清除，导致服务器大量信息泄漏。 当然一般其他网站只要未使用过DEBUG包的项目该问题不存在 详细说明： dbhost = 172.32.1.168 dbuser = superbase dbpw = Oh dbcharset = gbk pconnect = 0 dbname = superbase tablepre = pre 漏洞证明： http://www.discuz.net/data/debugadmin.php?I //phpinfo; http://www.discuz.net/data/debugadmin.php?C&c=...

WSN Links - SQL Injection

WSN Links - SQL Injection 'WSN Links' SQL Injection Vulnerability CVE-2010-4006 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the search.php code that allows for SQL injection of various parameters. By assembling portion...

WSN Links - SQL Injection

'WSN Links' SQL Injection Vulnerability CVE-2010-4006 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the search.php code that allows for SQL injection of various parameters. By assembling portions of SQL code between the...

Tomcat remote denial of service vulnerability analysis(CVE-2 0 1 0-2 2 2 7)-vulnerability warning-the black bar safety net

The present article is an analysis of the POC process, the pressure of the N months, and now before the issue. Using the analysis of POC, Tomcat in addition to the latest versionsee the specific website, and JBOSS in addition to the latest version, can fight, POC see the article. JBOSS official h...

Webster HTTP Server GET Buffer Overflow

This exploits a stack buffer overflow in the Webster HTTP server. The server and source code was released within an article from the Microsoft Systems Journal in February 1996 titled "Write a Simple HTTP-based Server Using MFC and Windows Sockets". This module requires Metasploit:...

Apache 2.2 (Windows) Local Denial of Service

Exploit for windows platform in category dos / poc ============================================ Apache 2.2 Windows Local Denial of Service ============================================ !c:\perl\bin\ Exploit Title: Apache 2.2 local denail of service windows Date: 25/10/2010 Author: FB1H2S Software...

Apache 2.2 (Windows) - Local Denial of Service

Apache 2.2 Windows - Local Denial of Service !c:\perl\bin\ Exploit Title: Apache 2.2 local denail of service windows Date: 25/10/2010 Author: FB1H2S Software Link: http://httpd.apache.org/. Version: APACHE 2.2.16 Tested on: wINDOWS xP SERVICE PACK 3 CVE : Save the file as .pl in apache cgi-bin...

DEBIAN-CVE-2010-3902

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list...

CVE-2010-3192

Certain run-time memory protection mechanisms in the GNU C Library aka glibc or libc6 print argv0 and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program tha...

Mandriva Linux Security Advisory : kernel (MDVSA-2010:198)

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount symlinks, which allows attackers to have an unknown impact, related to LOOKUPFOLLOW. CVE-2010-1088 The tcfilltclass function in...

CVE-2008-7261

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file...

CVE-2008-7261

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file...

CVE-2008-7261

The CVE-2008-7261 entry affects IBM FileNet P8 Application Engine (P8AE) Workplace (WP) component, specifically version 3.5.1 prior to 3.5.1-010. The issue arises because DEBUG messages containing user credentials are written into the log4j.xml file, potentially allowing local users to read sensi...

Novell iPrint Client Browser Plugin - ExecuteRequest debug Stack Overflow

Novell iPrint Client Browser Plugin - ExecuteRequest debug Stack Overflow // Calc.exe shellcode = unescape'%uc931%ue983%ud9de%ud9ee%u2474%u5bf4%u7381%u3d13%u5e46%u8395'+ '%ufceb%uf4e2%uaec1%u951a%u463d%ud0d5%ucd01%u9022%u4745%u1eb1'+ '%u5e72%ucad5%u471d%udcb5%u72b6%u94d5%u77d3%u0c9e%uc291%ue19e'+...

Novell iPrint Client Browser Plugin - ExecuteRequest debug Stack Overflow

// Calc.exe shellcode = unescape'%uc931%ue983%ud9de%ud9ee%u2474%u5bf4%u7381%u3d13%u5e46%u8395'+ '%ufceb%uf4e2%uaec1%u951a%u463d%ud0d5%ucd01%u9022%u4745%u1eb1'+ '%u5e72%ucad5%u471d%udcb5%u72b6%u94d5%u77d3%u0c9e%uc291%ue19e'+ '%u873a%u9894%u843c%u61b5%u1206%u917a%ua348%ucad5%u4719%uf3b5'+...