Unix Command Shell, Reverse TCP SSL (via perl)

Creates an interactive shell via perl, uses SSL This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 173 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def...

Oracle Java SE CVE-2013-0431 Remote Java Runtime Environment Vulnerability

Description Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'JMX' sub-component. This vulnerability affects the following supported versions: 7 Update 11 and prior Note: This issue wa...

CVE-2012-1701

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Highly Interactive Web UI...

Code injection

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Highly Interactive Web UI...

CVE-2012-1701

Oracle Siebel CRM 8.1.1 and 8.2.2 are listed as affected in the January 2013 CPU advisory. The connected Nessus plugin for Oracle Siebel CRM (January 2013 CPU) enumerates multiple CVEs, including CVE-2012-1701, affecting Siebel components such as Calendar, Security, and various server/infrastruct...

CVE-2012-1701

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Highly Interactive Web UI...

pfSense 2.0.1 - Cross-Site Scripting / Cross-Site Request Forgery / Remote Command Execution

Exploit Title: pfSense 2.0.1 XSS & CSRF Remote root Access Date: 04/01/2013 Author: Yann CAM @ Synetis Vendor or Software Link: www.pfsense.org Version: 2.0.1 Category: XSS & CSRF Remote root Access Google dork: Tested on: FreeBSD pfSense firewall/router distribution description :...

CVE-2012-3133

Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vecto...

Buffer overflow

Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vecto...

m0n0wall 1.33 Cross Site Request Forgery Vulnerability

m0n0wall version 1.33 suffers from a cross site request forgery vulnerability that can allow for remote root access to the system. Exploit Title: m0n0wall 1.33 CSRF Remote root Access Date: 30/11/2012 Author: Yann CAM @ Synetis Vendor or Software Link: m0n0.ch - m0n0.ch/wall/downloads.php Version...

Tectia SSH USERAUTH Change Request Password Reset

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'net/ssh' class Metasploit3...

Fedora Update for plib FEDORA-2012-17482

Check for the Version of plib OpenVAS Vulnerability Test Fedora Update for plib FEDORA-2012-17482 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Apple QuickTime 视频文件缓冲区溢出漏洞

CVE ID: CVE-2012-3756 QuickTime是由苹果电脑所开发的一种多媒体架构，能够处理许多的数字视频、媒体段落、音效、文字、动画、音乐格式，以及交互式全景影像的数项类型。 QuickTime在处理特制PM4文件内的'rnet'框时存在缓冲区溢出漏洞，可导致应用意外终止或任意代码执行。 0 Apple Quicktime 7.x 厂商补丁： Apple ----- 请更新到QuickTime 7.7.3： APPLE-SA-2012-11-07-1：QuickTime 7.7.3 链接：http://www.apple.com/quicktime/download/...

[SECURITY] Fedora 18 Update: plib-1.8.5-8.fc18

This is a set of OpenSource LGPL libraries that will permit programmers to write games and other realtime interactive applications that are 100% portable across a wide range of hardware and operating systems. Here is what you need - it's all free and available with LGPL'ed source code on the web...

[SECURITY] Fedora 16 Update: mapserver-6.0.3-4.fc16

Mapserver is an internet mapping program that converts GIS data to map images in real time. With appropriate interface pages, Mapserver can provide an interactive internet map based on custom GIS data...

Omnistar Mailer 7.2 SQL Injection / Cross Site Scripting

Title: ====== Omnistar Mailer v7.2 - Multiple Web Vulnerabilities Date: ===== 2012-10-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=711 VL-ID: ===== 711 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: ============= The...

Dhost Interactive CMS Cross Site Scripting

Exploit Title: Dhost Interactive cms Cross site Scripting Vulnerability Google Dork: Intext:"Powered by Dhost Interactive" Date: 08/29/2012 Author: Crim3R Site : Http://Ajaxtm.com/ Vendor Home : http://www.dhost.hk/ Tested on: all ================================== + search parametr in product.ph...

Silentblast Interactive Shell Upload

-------------------- IN The NAme OF God -------------------- -====CMS Provided by Silentblast Interactive remote file uploader RFU====- Exploit Title:CMS Provided by Silentblast Interactive Exploit Author: FarbodEZRaeL Tested on: Windows xp MAil : [email protected] -====Dork====-...

Struts2 remote command execution vulnerability analysis and prevention-vulnerability and early warning-the black bar safety net

Struts 2 is the struts and WebWork technology based on a merge of the new framework. Its brand new Struts 2 architecture and Struts 1 architecture the difference is huge. Struts 2 with WebWork as the core, using the interceptor mechanism to deal with user's request, such design also makes the...

python-wrapper - Untrusted Search PathCode Execution

python-wrapper - Untrusted Search PathCode Execution python-wrapper untrusted search path/code execution vulnerability Python-wrapper executes any test.py script within the current working directory, when supplied with help'modules'. A non-priviledged user may gain code execution by tricking root...