Trivial Password Flaw Leaves MySQL Databases Exposed

There is a trivially exploitable vulnerability in MySQL that enables an attacker to gain root access to the database server. The bug, which recently was patched, stems from an error in the way that MySQL and MariaDB handle passwords, giving an attacker a chance of getting root access by supplying...

Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Symantec Web...

Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020006 Buffer Overflow

This module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 without Hotfix CPVS56SP1E043 by sending a malformed packet with the opcode 0x40020006 GetObjetsRequest to the 6905/UDP port. The module, which allows code execution under the context of SYSTEM, has been...

MPlayer - '.SAMI' Subtitle File Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'MPlayer SAMI Subtitle File Buffer...

Mozilla Firefox 7 / 8 Out-Of-Bounds Access

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Firefox 7/8 %q Th...

IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile() Method Overflow

This module exploits a buffer overflow vulnerability in the Isig.isigCtl.1 ActiveX installed with IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1. The vulnerability is found in the "RunAndUploadFile" method where the "OtherFields" parameter with user controlled data is use...

VLC Media Player RealText Subtitle Overflow

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

VLC Media Player RealText Subtitle Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'VLC Media Player RealText Subtitle...

VLC Media Player RealText Subtitle Overflow

This module exploits a stack buffer overflow vulnerability in VideoLAN VLC 'VLC Media Player RealText Subtitle Overflow', 'Description' = %q This module exploits a stack buffer overflow vulnerability in VideoLAN VLC MSFLICENSE, 'Author' = 'Tobias Klein', Vulnerability Discovery 'SkD', Exploit 'ju...

Gitorious Remote Command Execution

Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products Gitorious 2.1.1 http://gitorious.org Vendor communication 2012-01-16 Asking vendor for PGP key 2012-01-17 Getting PGP key from vendor 2012-01-17 Sending vulnerability details to vendor 2012-01-19 Vendor...

Traq admincp/common.php Remote Code Execution

This module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. It's in the admincp/common.php script. This function is called in each script located in the /admicp/ directory to make sure the user has admin rights. This is a broken authorization schema because the header...

CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow

This module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary...

ARP Spoof

Spoof ARP replies and poison remote ARP caches to conduct IP address spoofing or a denial of service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ARP Spoof', 'Description' = %q Spoof ARP...

JBoss Seam 2 Remote Command Execution

JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language EL expressions, which allows remote attackers to execute arbitrary code via a crafted URL. This modules also has been tested...

AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow

This module exploits VanDyke Software AbsoluteFTP by overflowing a filename buffer related to the LIST command. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AbsoluteFTP 1.9.6 - 2.2.10 LIST...

HTTP Cross-Site Tracing Detection

Checks if the host is vulnerable to Cross-Site Tracing XST This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Cross-Site Tracing Detection', 'Description' = 'Checks if the host is vulnerable ...

Windows Manage Certificate Authority Removal

This module allows the attacker to remove an arbitrary CA certificate from the victim's Trusted Root store. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Manage Certificate Authority...

Snortreport nmap.php/nbtscan.php Remote Command Execution

This module exploits an arbitrary command execution vulnerability in nmap.php and nbtscan.php scripts. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Snortreport nmap.php/nbtscan.php Remote...

Apache Range Header DoS (Apache Killer)

The byterange filter in the Apache HTTP Server 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, exploit called "Apache Killer" This module requires...

RealNetworks Realplayer QCP Parsing Heap Overflow

This module exploits a heap overflow in Realplayer when handling a .QCP file. The specific flaw exists within qcpfformat.dll. A static 256 byte buffer is allocated on the heap and user-supplied data from the file is copied within a memory copy loop. This allows a remote attacker to execute...