8 matches found
CVE-2002-2103
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities...
Unix Command Shell, Double Reverse TCP SSL (telnet)
Creates an interactive shell through two inbound connections, encrypts using SSL via "-z" option This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 136 include Msf::Payload::Single...
Unix Command Shell, Double Reverse TCP SSL (openssl)
Creates an interactive shell through two inbound connections This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 182 include Msf::Payload::Single include...
Dogfood CRM - 'spell.php' Remote Command Execution (Metasploit)
$Id: dogfoodspellexec.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Dogfood CRM spell.php Remote Command Execution
This module exploits a previously unpublished vulnerability in the Dogfood CRM mail function which is vulnerable to command injection in the spell check feature. Because of character restrictions, this exploit works best with the double-reverse telnet payload. This vulnerability was discovered by...
Unix Command Shell, Double Reverse TCP (telnet)
Creates an interactive shell through two inbound connections This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 130 include Msf::Payload::Single include...
CVE-2002-2103
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities...
CVE-2001-1488
Open Projects Network Internet Relay Chat IRC daemon u2.10.05.18 does not perform a double-reverse DNS lookup, which allows remote attackers to spoof any valid hostname on the Internet. NOTE: a followup post suggests that this is not an issue in the daemon...