m0n0wall 1.33 Cross Site Request Forgery Vulnerability

m0n0wall version 1.33 suffers from a cross site request forgery vulnerability that can allow for remote root access to the system. Exploit Title: m0n0wall 1.33 CSRF Remote root Access Date: 30/11/2012 Author: Yann CAM @ Synetis Vendor or Software Link: m0n0.ch - m0n0.ch/wall/downloads.php Version...

Tectia SSH USERAUTH Change Request Password Reset

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'net/ssh' class Metasploit3...

Fedora Update for plib FEDORA-2012-17482

Check for the Version of plib OpenVAS Vulnerability Test Fedora Update for plib FEDORA-2012-17482 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Apple QuickTime 视频文件缓冲区溢出漏洞

CVE ID: CVE-2012-3756 QuickTime是由苹果电脑所开发的一种多媒体架构，能够处理许多的数字视频、媒体段落、音效、文字、动画、音乐格式，以及交互式全景影像的数项类型。 QuickTime在处理特制PM4文件内的'rnet'框时存在缓冲区溢出漏洞，可导致应用意外终止或任意代码执行。 0 Apple Quicktime 7.x 厂商补丁： Apple ----- 请更新到QuickTime 7.7.3： APPLE-SA-2012-11-07-1：QuickTime 7.7.3 链接：http://www.apple.com/quicktime/download/...

[SECURITY] Fedora 18 Update: plib-1.8.5-8.fc18

This is a set of OpenSource LGPL libraries that will permit programmers to write games and other realtime interactive applications that are 100% portable across a wide range of hardware and operating systems. Here is what you need - it's all free and available with LGPL'ed source code on the web...

[SECURITY] Fedora 16 Update: mapserver-6.0.3-4.fc16

Mapserver is an internet mapping program that converts GIS data to map images in real time. With appropriate interface pages, Mapserver can provide an interactive internet map based on custom GIS data...

Omnistar Mailer 7.2 SQL Injection / Cross Site Scripting

Title: ====== Omnistar Mailer v7.2 - Multiple Web Vulnerabilities Date: ===== 2012-10-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=711 VL-ID: ===== 711 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: ============= The...

Dhost Interactive CMS Cross Site Scripting

Exploit Title: Dhost Interactive cms Cross site Scripting Vulnerability Google Dork: Intext:"Powered by Dhost Interactive" Date: 08/29/2012 Author: Crim3R Site : Http://Ajaxtm.com/ Vendor Home : http://www.dhost.hk/ Tested on: all ================================== + search parametr in product.ph...

Silentblast Interactive Shell Upload

-------------------- IN The NAme OF God -------------------- -====CMS Provided by Silentblast Interactive remote file uploader RFU====- Exploit Title:CMS Provided by Silentblast Interactive Exploit Author: FarbodEZRaeL Tested on: Windows xp MAil : [email protected] -====Dork====-...

Struts2 remote command execution vulnerability analysis and prevention-vulnerability and early warning-the black bar safety net

Struts 2 is the struts and WebWork technology based on a merge of the new framework. Its brand new Struts 2 architecture and Struts 1 architecture the difference is huge. Struts 2 with WebWork as the core, using the interceptor mechanism to deal with user's request, such design also makes the...

python-wrapper - Untrusted Search PathCode Execution

python-wrapper - Untrusted Search PathCode Execution python-wrapper untrusted search path/code execution vulnerability Python-wrapper executes any test.py script within the current working directory, when supplied with help'modules'. A non-priviledged user may gain code execution by tricking root...

extmail找回密码带来的可提供交互性社工的问题

简要描述： 大部分的extmail产品用户在使用该产品时并不会注意到该问题,以至于许多这种页面都可以直接通过外网进行访问,由于该产品是属于邮件系统,使用者本身会在网络上留下邮件地址,通过web界面访问得知该系统之后就会给其带来可被交互性社工的危险。呵呵,最近挺忙,事情挺多的 详细说明：...

7T Interactive Graphical SCADA System (IGSS) Server Detection (SCADA)

Binary data 6454.prm...

7T Interactive Graphical SCADA System (IGSS) Server Detection (SCADA)

Binary data 6453.prm...

7T Interactive Graphical SCADA System (IGSS) Server Detection (SCADA)

Binary data 6450.prm...

Fedora Update for step FEDORA-2011-13417

Check for the Version of step OpenVAS Vulnerability Test Fedora Update for step FEDORA-2011-13417 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Interactive Data eSignal Stack Buffer Overflow (CVE-2011-3494)

A stack buffer overflow vulnerability exists in Interactive Data eSignal. The vulnerability is due to insufficient string length validation when copying input into a fixed size stack buffer in certain file types.A remote attacker may exploit this issue by enticing a target user to open a speciall...

FreePBX 2.10.0 / Elastic 2.2.0 Remote Code Execution

!/usr/bin/python Exploit Title: FreePBX / Elastix pre-authenticated remote code execution exploit Google Dork: oy vey Date: March 23rd, 2010 Author: muts Version: FreePBX 2.10.0/ 2.9.0, Elastix 2.2.0, possibly others. Tested on: multiple CVE : notyet Blog post :...

Oracle DataDirect ODBC drivers arsqls24. dll buffer overflow vulnerability-vulnerability warning-the black bar safety net

? php / Oracle DataDirect ODBC drivers arsqls24. dll buffer overflow vulnerability Overflow PoC . oce by rgod This poc will create a suntzu. the oce file which should work against Hyperion Interactive Reporting Studio which is delivered with the Oracle Hyperion Suite. When clicked a login box...

Fedora Update for kig FEDORA-2011-13417

Check for the Version of kig OpenVAS Vulnerability Test Fedora Update for kig FEDORA-2011-13417 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...