IBM Tivoli Endpoint Manager - POST Query Buffer Overflow (Metasploit)

$Id: ibmtivoliendpointbof.rb 12925 2011-06-12 00:04:55Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

IBM Tivoli Endpoint Manager POST Query Buffer Overflow

This module exploits a stack based buffer overflow in the way IBM Tivoli Endpoint Manager versions 3.7.1, 4.1, 4.1.1, 4.3.1 handles long POST query arguments. This issue can be triggered by sending a specially crafted HTTP POST request to the service lcfd.exe listening on TCP port 9495. To trigge...

Cisco Security Agent Management Console ‘st_upload’ RCE Exploit

No description provided by source. !/usr/bin/env python Exploits Cisco Security Agent Management Console ‘stupload’ CVE-2011-0364 gerry eisenhaur [email protected] import httplib import mimetools import StringIO boundary = mimetools.chooseboundary hostuid =...

Cisco Security Agent Management Console - st_upload Remote Code Execution

Cisco Security Agent Management Console - stupload Remote Code Execution !/usr/bin/env python Exploits Cisco Security Agent Management Console ‘stupload’ CVE-2011-0364 gerry eisenhaur import httplib import mimetools import StringIO boundary = mimetools.chooseboundary hostuid =...

Oracle WebLogic Session Fixation Via HTTP POST

Exploit for multiple platform in category web applications Name Oracle WebLogic – Session Fixation Via HTTP POST Request Vendor Website http://www.oracle.com/ Date Released 11 March 2011 – CVE-2010-4437 Affected Software Oracle WebLogic Server 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, 10.3.3 Researche...

Oracle WebLogic - POST Session Fixation

Oracle WebLogic - POST Session Fixation Name Oracle WebLogic – Session Fixation Via HTTP POST Request Vendor Website http://www.oracle.com/ Date Released 11 March 2011 – CVE-2010-4437 Affected Software Oracle WebLogic Server 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, 10.3.3 Researcher Roberto Suggi Liveran...

Oracle WebLogic - POST Session Fixation

Name Oracle WebLogic – Session Fixation Via HTTP POST Request Vendor Website http://www.oracle.com/ Date Released 11 March 2011 – CVE-2010-4437 Affected Software Oracle WebLogic Server 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, 10.3.3 Researcher Roberto Suggi Liverani Description Oracle WebLogic servlet...

EggAvatar For vBulletin 3.8.x SQL Injection

!/usr/bin/env perl use LWP::UserAgent; sub banner print "\n"; print " DSecurity \n"; print "\n"; print " Email:dsecurity.vnatgmail.com \n"; print "\n"; if@ARGVnew; $ua-agent"DSecurity"; $ua-cookiejar; sub login@ my $username=shift; my $password=shift; my $req = HTTP::Request-newPOST =...

Cross-site Scripting (XSS) Vulnerability in Question and Answer Forum

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Question and Answer Forum WordPress plugin which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Question and Answer Forum The vulnerability exists due to input...

dotProject 2.1.5 - Cross-Site Request Forgery

Source: http://packetstormsecurity.org/files/view/98245/dotProject2.1.5-xsrf.txt input type="hidden" name="userrole" value="1...

NetLink - Arbitrary File Upload

====================================== NetLink Remote Arbitrary File Upload Vulnerability Download: http://sourceforge.net/projects/kp-netlink/ by lumut-- Homepage: lumutcherenza.biz ====================================== upload.php "; echo ""; echo "Filename: ".$filename; echo "File Type:...

Multiple Vulnerabilities in BEdita

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BEdita which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in BEdita The vulnerability exists due to input sanitation error in...

The OWASP HTTP Post Tool ! Download Now

The OWASP HTTP Post Tool allows you to test your web applications to ensure its stability from HTTP GET and HTTP POST attacks. This tool was programmed by the author to over come the short comings of other HTTP attack tools such as Slowloris and PyLoris. In other words this QA tool was created to...

D-Link DIR-300 - WiFi Key Security Bypass

D-Link DIR-300 - WiFi Key Security Bypass source: https://www.securityfocus.com/bid/45038/info The D-Link DIR-300 wireless router is prone to a security-bypass vulnerability. Remote attackers can exploit this issue to modify the WiFi key and possibly other configuration settings. Successful...

Cross-site Scripting (XSS) Vulnerability in NinkoBB

High-Tech Bridge SA Security Research Lab has discovered vulnerability in NinkoBB which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in NinkoBB: CVE-2010-4874 The vulnerability exists due to input sanitation error in parameters...

Multiple Vulnerabilities in Zomplog

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Zomplog which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in Zomplog 1.1 The vulnerability exists due to input sanitation...

Microsoft IIS Repeated Parameter Request Denial of Service (MS10-065; CVE-2010-1899)

IIS is a collection of Internet services packaged with several versions of the Windows operating system. A denial of service vulnerability has been reported in Microsoft Internet Information Services IIS. A remote attacker could use this issue to create a denial of service condition, thus crashin...

Cross-site Scripting (XSS) Vulnerability in AChecker

High-Tech Bridge SA Security Research Lab has discovered vulnerability in AChecker which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in AChecker: CVE-2010-3455 The vulnerability exists due to input sanitation error in the "uri" parameter in...

Cross-site Scripting (XSS) Vulnerabilities in ATutor

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ATutor which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in ATutor The vulnerability exists due to input sanitation error in the "cid" parameter in...

Multiple Vulnerabilities in SantaFox

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SantaFox which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in SantaFox: CVE-2010-3463 The vulnerability exists due to input...