1072 matches found
MS15-034 HTTP Protocol Stack Request Handling HTTP.SYS Memory Information Disclosure
This module dumps memory contents using a crafted Range header and affects only Windows 8.1, Server 2012, and Server 2012R2. Note that if the target is running in VMware Workstation, this module has a high likelihood of resulting in BSOD; however, VMware ESX and non-virtualized hosts seem stable...
Sendio Detection
The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...
curl: information leakage
libcurl provides applications a way to set custom HTTP headers to be sent to the server by using CURLOPTHTTPHEADER. A similar option is available for the curl command-line tool with the '--header' option. When the connection passes through an HTTP proxy the same set of headers is sent to the prox...
http-vuln-cve2015-1635 NSE Script
Checks for a remote code execution vulnerability MS15-034 in Microsoft Windows systems CVE2015-2015-1635. The script sends a specially crafted HTTP request with no impact on the system to detect this vulnerability. The affected versions are Windows 7, Windows Server 2008 R2, Windows 8, Windows...
HTTP Protocol Detection
Binary data 8167.prm...
[SECURITY] Fedora 22 Update: echoping-6.1-0.1.beta.r434svn.fc22
Echoping is a small program to test approximate performances of a remote host by sending TCP "echo" or other protocol, such as HTTP packets...
Active DoS Exploits for MS15-034 Under Way
UPDATE – Microsoft’s characterization of MS15-034 as a remote code execution vulnerability certainly has a lot of Windows server admins on edge waiting for the other shoe to drop. In the three days since the bulletin was released warning of a critical vulnerability in the HTTP protocol stack,...
Oracle E-Business Suite suffers from a remote vulnerability (CNVD-2015-02471)
Oracle E-Business Suite is a new generation of e-business suite from Oracle. A remote security vulnerability exists in Oracle E-Business Suite. An attacker is allowed to exploit this vulnerability to compromise the 'Create Item Instance' subcomponent in the 'HTTP' protocol...
HTTP.sys a remote code execution vulnerability, CVE-2 0 1 5-1 6 3 5-the vulnerability warning-the black bar safety net
In Microsoft 4 on 1 4, patch released the patch, there is one for the IIS server remote code execution vulnerability hazard is very large, please the majority of users attention. Vulnerability information A remote code execution vulnerability exists in the HTTP Protocol stack HTTP.sys, when the...
Microsoft Windows HTTP.sys Proof Of Concept
/ UNTESTED - MS15-034 Checker THE BUG: 8a8b2112 56 push esi 8a8b2113 6a00 push 0 8a8b2115 2bc7 sub eax,edi 8a8b2117 6a01 push 1 8a8b2119 1bca sbb ecx,edx 8a8b211b 51 push ecx 8a8b211c 50 push eax 8a8b211d e8bf69fbff call HTTP!RtlULongLongAdd 8a868ae1 ; here ORIGNAL POC:...
IIS the latest high-risk Vulnerability, CVE-2 0 1 5-1 6 3 5, AND MS15-0 3 4 analysis-vulnerability warning-the black bar safety net
Foreword In 4 month's patch day, Microsoft by marking“high-risk”MS15-0 3 4 patch fix HTTP. SYS a remote code Vulnerability, CVE-2 0 1 5-1 6 3 5 It. According to Microsoft Bulletin https://technet.microsoft.com/en-us/library/security/MS15-034 the call, when the vulnerability exists in the HTTP...
IIS remote code execution vulnerability, CVE-2 0 1 5-1 6 3 5-the vulnerability warning-the black bar safety net
In Microsoft 4 on 1 4, patch released the patch, there is one for the IIS server remote code execution vulnerability hazard is very large, please the majority of users attention. Vulnerability information A remote code execution vulnerability exists in the HTTP Protocol stack HTTP.sys, when the...
IIS the latest high-risk Vulnerability, CVE-2 0 1 5-1 6 3 5, AND MS15-0 3 4. THE POC and online detection of source-vulnerability warning-the black bar safety net
! HTTP. sys remote code execution vulnerability, CVE-2 0 1 5-1 6 3 5, AND MS15-0 3 4. the A remote code execution vulnerability exists in the HTTP Protocol stack HTTP.sys, when the HTTP.sys not correct parsing specially crafted HTTP request to cause this vulnerability. Successful exploitation of...
MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service
This module will check if scanned hosts are vulnerable to CVE-2015-1635 MS15-034, a vulnerability in the HTTP protocol stack HTTP.sys that could result in arbitrary code execution. This module will try to cause a denial-of-service. This module requires Metasploit: https://metasploit.com/download...
Microsoft HTTP.sys RCE Vulnerability (MS15-034) - Active Check
This host is missing an important security update according to Microsoft Bulletin MS15-034. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
Microsoft Windows HTTP.sys Remote Code Execution Vulnerability (3042553)
This host is missing an important security update according to Microsoft Bulletin MS15-034. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
MS15-034: Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
The version of Windows running on the remote host is affected a vulnerability in the HTTP protocol stack HTTP.sys due to improperly parsing crafted HTTP requests. A remote attacker can exploit this to execute arbitrary code with System privileges. C Tenable Network Security, Inc...
PT-2015-1051
Name of the Vulnerable Software and Affected Versions Microsoft Windows 7 SP1 Microsoft Windows Server 2008 R2 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold Microsoft Windows Server 2012 R2 Description A remote code execution issue exists in the HTTP protocol...
CVE-2015-0251
The moddavsvn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences...
Design/Logic Flaw
The moddavsvn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences...