Dogfood CRM spell.php Remote Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Dogfood CRM...

Cacti graph_view.php Remote Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Cacti...

TikiWiki tiki-graph_formula Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'TikiWiki...

jetty 6.x 7.x - Cross-Site Scripting Information Disclosure Injection

jetty 6.x 7.x - Cross-Site Scripting Information Disclosure Injection Jetty 6.x and 7.x Multiple Vulnerabilities Name Multiple Vulnerabilities in Jetty Systems Affected Jetty 7.0.0 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Vendor...

jetty 6.x - 7.x xss information disclosure injection

No description provided by source. Jetty 6.x and 7.x Multiple Vulnerabilities Name Multiple Vulnerabilities in Jetty Systems Affected Jetty 7.0.0 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Vendor http://www.mortbay.org/jetty/ Advisory...

jetty 6.x < 7.x - Cross-Site Scripting / Information Disclosure / Injection

Jetty 6.x and 7.x Multiple Vulnerabilities Name Multiple Vulnerabilities in Jetty Systems Affected Jetty 7.0.0 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Vendor http://www.mortbay.org/jetty/ Advisory...

RHEL 4 / 5 : neon (RHSA-2009:1452)

Updated neon packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. neon is an HTTP and WebDAV client library, with a C interface. It provides a high-level...

[SECURITY] Fedora 11 Update: neon-0.28.6-1.fc11

neon is an HTTP and WebDAV client library, with a C interface; providing a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete S...

Oracle Application Server Spy Servlet SID Enumeration

This module makes a request to the Oracle Application Server in an attempt to discover the SID. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Application Server Spy Servlet SID...

CVE-2008-5519

The JK Connector aka modjk 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving 1 a request from a different client that included a Content-Length header but no POST dat...

CVE-2008-5519

The JK Connector aka modjk 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving 1 a request from a different client that included a Content-Length header but no POST dat...

CVE-2008-5519

The CVE refers to the mod_jk (JK Connector) for Apache Tomcat, affected in the 1.2.0–1.2.26 range. The root cause is an error in handling certain HTTP requests, enabling an attacker to obtain sensitive information via Content-Length-related scenarios (e.g., a request with Content-Length but no PO...

RedHat Security Advisory RHSA-2009:0344

The remote host is missing updates announced in advisory RHSA-2009:0344. libsoup is an HTTP client/library implementation for GNOME written in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into...

evolution28, libsoup security update

CentOS Errata and Security Advisory CESA-2009:0344 Updated libsoup and evolution28-libsoup packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libsoup is an...

Moderate: Red Hat Security Advisory: libsoup security update

Updated libsoup and evolution28-libsoup packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libsoup is an HTTP client/library implementation for GNOME writte...

Generic Botnet Server Detection (HTTP Client)

Binary data 4401.prm...

Webmin File Disclosure

A vulnerability has been reported in Webmin and Usermin, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an unspecified error within the handling of an URL. This can be exploited to read the contents of any files on the...

mpg123 audio player DoS

Ebdless loop in HTTP client code if HTTP server closes connection before file ctransferred completely...

Cacti graph_view.php Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the Raxnet Cacti 'graphview.php' script. All versions of Raxnet Cacti prior to 0.8.6-d are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...

Barracuda IMG.PL Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the Barracuda Spam Firewall appliance. Versions prior to 3.1.18 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...