5083 matches found
[Web-Sorrow] Tool for Misconfiguration, Version Detection, Enumeration, and Server Information Scanning
Web-Sorrow is a perl based tool for misconfiguration, version detection, enumeration, and server information scanning. It's entirely focused on Enumeration and collecting Info on the target server. Web-Sorrow is a "safe to run" program, meaning it is not designed to be an exploit or perform any...
CVE-2013-0212
store/swift.py in OpenStack Glance Essex 2012.1, Folsom 2012.2 before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive...
CVE-2012-5634
CVE-2012-5634 affects Xen when using Intel VT-d PCI passthrough and a device behind a legacy PCI bridge. The VT-d configuration is not properly validated, allowing a local guest to inject an interrupt and potentially cause a denial of service to other guests. The vulnerability is documented in Xe...
CVE-2012-5634
Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt...
USN-1710-1: OpenStack Glance vulnerability
Dan Prince discovered an issue in Glance error reporting. An authenticated attacker could exploit this to expose the Glance operator's Swift credentials for a misconfigured or otherwise unusable Swift endpoint...
CVE-2013-0212
store/swift.py in OpenStack Glance Essex 2012.1, Folsom 2012.2 before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive...
WordPress W3 Total Cache Misconfiguration Leaves Some Blogs Vulnerable
An apparent misconfiguration exists in W3 Total Cache W3TC, a popular plugin for the WordPress blogging platform, that could allow an attacker to browse and download password hashes and other database information. W3 Total Cache W3TC is a framework for WordPress that helps speed up blogs by cachi...
WordPress Plugin - W3 Total Cache Remote Sql Injection Exploit
Exploit for php platform in category web applications From the developers' description 1, W3 Total Cache is: The most complete WordPress performance framework. Recommended by web hosts like: MediaTemple, Host Gator, Page.ly and WP Engine and countless more. Trusted by countless sites like:...
Oracle MySQL For Microsoft Windows MOF Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Oracle MySQL for Microsoft Windows MO...
Oracle MySQL for Microsoft Windows MOF Execution
This module takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers due to the use of a .mof file. This may result in arbitrary code execution under the context of SYSTEM. This module requires a valid MySQL account on the target machine. This module...
Oracle MySQL (Windows) - MOF Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Oracle MySQL for Microsoft Windows MO...
PT-2012-6060 · Mariadb Foundation +2 · Mariadb +2
Name of the Vulnerable Software and Affected Versions: MySQL versions 5.5.19 and possibly other versions MariaDB versions 5.5.28a and possibly other versions Description: The issue allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL...
php(5.3.10-5.4.0)_XSS_vulns.txt
============================================================================================= Vulnerable Software: PHP 5.3.10/5.4.0 php-5.3.10-Win32-VC9-x86.zip MD5 SUM: af452dfa681ae03ff42eea6d1c7348cd php-5.4.0-Win32-VC9-x86.zip MD5 SUM: b1b0abe883f84eb6d76793aabf1aa612 Downloaded...
PHP 5.3.10 / 5.4.0 Cross Site Scripting
============================================================================================= Vulnerable Software: PHP 5.3.10/5.4.0 php-5.3.10-Win32-VC9-x86.zip MD5 SUM: af452dfa681ae03ff42eea6d1c7348cd php-5.4.0-Win32-VC9-x86.zip MD5 SUM: b1b0abe883f84eb6d76793aabf1aa612 Downloaded...
Squid Proxy Port Scanner
A exposed Squid proxy will usually allow an attacker to make requests on their behalf. If misconfigured, this may give the attacker information about devices that they cannot normally reach. For example, an attacker may be able to make requests for internal IP addresses against an open Squid prox...
Microsoft IIS Default Welcome Page Information Disclosure Vulnerability
Microsoft IIS Webserver is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
NASA Subdomains FCKEditor - Multiple Vulnerabilities
Document Title: =============== NASA Subdomains FCKEditor - Multiple Vulnerabilities References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=400 Release Date: ============= 2012-01-28 Vulnerability Laboratory ID VL-ID: ==================================== 400 Produc...
NASA Subdomains FCKEditor - Multiple Vulnerabilities
Document Title: =============== NASA Subdomains FCKEditor - Multiple Vulnerabilities References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=400 Release Date: ============= 2012-01-28 Vulnerability Laboratory ID VL-ID: ==================================== 400 Produc...
JBoss addURL Misconfiguration Attack
No description provided by source. !/usr/bin/perl Exploit Title: JBoss, JMX Console, misconfigured DeploymentScanner Date: Oct 3 2011 Author: y0ug at codsec.com Version: Tested on: Linux CVE : CVE-2010-0738 POC against misconfigured JBoss JMX Console It use the addUrl method in DeploymentScanner...
Debian Security Advisory DSA 2246-1 (mahara)
The remote host is missing an update to mahara announced via advisory DSA 2246-1. OpenVAS Vulnerability Test $Id: deb22461.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2246-1 mahara Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...