Ruby on Rails JSON Processor YAML Deserialization Scanner

This module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the JSON request processor. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby...

Ruby on Rails - JSON Processor YAML Deserialization Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Ruby on Rails JSON Processor YAML...

Ruby on Rails XML Processor YAML Deserialization Scanner

This module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the XML request processor. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby ...

Ezhometech Ezserver 6.4 Stack Overflow

Exploit Title: Ezhometech EzServer =6.4 Stack Overflow Vulnerability Author: modpr0be Contact: researchatSpenteradotcom Platform: Windows Tested on: Windows XP SP3 OptIn, Windows 2003 SP2 OptIn Software Link: http://www.ezhometech.com/buyezserver.htm References:...

EZHomeTech Ezserver 6.4 - Remote Stack Overflow

EZHomeTech Ezserver 6.4 - Remote Stack Overflow Exploit Title: Ezhometech EzServer =6.4 Stack Overflow Vulnerability Author: modpr0be Contact: researchatSpenteradotcom Platform: Windows Tested on: Windows XP SP3 OptIn, Windows 2003 SP2 OptIn Software Link: http://www.ezhometech.com/buyezserver.ht...

Ezhometech Ezserver 6.4 Stack Overflow Exploit

Exploit for windows platform in category remote exploits Exploit Title: Ezhometech EzServer =6.4 Stack Overflow Vulnerability Author: modpr0be Contact: researchatSpenteradotcom Platform: Windows Tested on: Windows XP SP3 OptIn, Windows 2003 SP2 OptIn Software Link:...

http-proxy-brute NSE Script

Performs brute force password guessing against HTTP proxy servers. Script Arguments http-proxy-brute.url sets an alternative URL to use when brute forcing default: http-proxy-brute.method changes the HTTP method to use when performing brute force guessing default: HEAD creds.service, creds.global...

iManager Plugin v1.2.8 (dir) Remote Cross-Site Scripting Vulnerability

Summary With iManager you can manage your files/images on your webserver, and it provides user interface to most of the phpThumb functions. It works either stand-alone or as a plugin to WYSIWYG editors like tinyMCE, SPAW, htmlAREA, Xinha and FCKeditor. Description iManager suffers from a XSS...

TCExam 11.2.011 SQL Injection

TCExam =11.2.011 Multiple SQL Injection Vulnerabilities Vendor: Tecnik.com s.r.l. Product web page: http://www.tcexam.org Affected version: 11.2.009, 11.2.010 and 11.2.011 Summary: TCExam is a FLOSS system for electronic exams also know as CBA - Computer-Based Assessment, CBT - Computer-Based...

QuickOffice v3.1.0 for iPhone/iPod Touch Malformed HTTP Method Remote DoS

No description provided by source. Exploit: QuickOffice v3.1.0 for iPhone/iPod Touch Malformed HTTP Method Remote DoS Author: Nishant Das Patnaik Website: http://nishantdaspatnaik.yolasite.com Software Link: http://itunes.apple.com/us/app/quickoffice-connect/id304673686?mt=8 Version: 3.1.0 Tested...

QuickOffice v3.1.0 for iPhone/iPod Touch Malformed HTTP Method DoS

Exploit for hardware platform in category dos / poc ========================================================================= QuickOffice v3.1.0 for iPhone/iPod Touch Malformed HTTP Method Remote DoS ========================================================================= Exploit: QuickOffice...

iOS QuickOffice 3.1.0 - HTTP Method Remote Denial of Service

Exploit: QuickOffice v3.1.0 for iPhone/iPod Touch Malformed HTTP Method Remote DoS Date: 14/06/2010 Author: Nishant Das Patnaik Website: http://nishantdaspatnaik.yolasite.com Software Link: http://itunes.apple.com/us/app/quickoffice-connect/id304673686?mt=8 Version: 3.1.0 Tested on: iPod 2G with...

IBM WebSphere Application Server < 6.1.0.27 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 27 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - The Eclipse help system included with WebSphere Application Server is affected by a cross-site scripting vulnerability. PK78917 - It...

Cezanne Software 6.5.17 - CFLogon.asp Cross-Site Scripting

Cezanne Software 6.5.17 - CFLogon.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/28774/info Cezanne Software is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

GLSA-200803-19 : Apache: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200803-19 Apache: Multiple vulnerabilities Adrian Pastor and Amir Azam ProCheckUp reported that the HTTP Method specifier header is not properly sanitized when the HTTP return code is '413 Request Entity too large' CVE-2007-6203...

Apache < 2.2.8 Multiple Vulnerabilities

Binary data 4385.prm...

Apache 2.2.x < 2.2.8 Multiple Vulnerabilities (XSS, DoS)

According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.8. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting issue involving modimagemap CVE-2007-5000. - A cross-site scripting issue involving 413 error pages via a...

CVE-2007-6203

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting XSS style attacks using web client components that can send arbitrary...

Cross site scripting

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting XSS style attacks using web client components that can send arbitrary...

CVE-2007-6203

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting XSS style attacks using web client components that can send arbitrary...