Apache-+-PHP-5.x

quick'n'dirty VERY UGLYY C=000DEEE IZ N0T MY STYLE : - for connect back shell start netcat/nc and bind port on given host:port - is ip-range scanner not is multithreaded, but iz multithreaded iz in random scanner and is scanner from file greets to MustLive - no ssl support - more php paths can be...

AIX OpenSSL Advisory : openssl_advisory10.asc

The version of OpenSSL installed on the remote host is affected by the following vulnerabilities : - A memory double-free error exists related to handling DTLS packets that allows denial of service attacks. CVE-2014-3505 - An unspecified error exists related to handling DTLS handshake messages th...

openssl: race condition in ssl_parse_serverhello_tlsext

A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execut...

Vulnerability in OpenSSL - Race condition in ssl_parse_serverhello_tlsext

A race condition was found in sslparseserverhellotlsext. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension, it could write up to 255 bytes to freed memory. Found by Gabor Tyukasz LogMeIn Inc...

Dirs3arch - HTTP(S) Directory/File Brute Forcer

dirs3arch is a simple command line tool designed to brute force directories and files in websites. Features Keep alive connections Multithreaded Detect not found web pages when 404 not found errors are masked .htaccess, web.config, etc. Recursive brute forcing Usage: dirs3arch.py -u|--url target...

ProSysInfo TFTP server TFTPDWIN <= 0.4.2 Univ. Remote BOF Exploit

No description provided by source. !/usr/bin/perl ProSysInfo TFTP server TFTPDWIN = 0.4.2 Universal Remote Buffer Overflow Exploit Works on all Windows versions. ---------------------------------------- Exploit by SkD [email protected] Let's take a description from their page at:...

Apple OS X iTunes 8.1.1 ITMS Overflow

No description provided by source. $Id: itmsoverflow.rb 10998 2010-11-11 22:43:22Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

Simple Machines Forum 1.1.3 - Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl Written By Michael Brooks contact: th3dotr00katgmaildotcom SMF 1.1.3 Extremely fast Blind SQL Injection Exploit! -Binary Search -Multi-Threaded -NO benchmark's Two SQL Injection flaws. Works with magicquotesgpc=On or Off. Total Bypass of SMF's SQL...

PT-2017-6406 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.15.2 Description: A race condition in the ip4 datagram release cb function allows local users to gain privileges or cause a denial of service use-after-free by leveraging incorrect expectations about locking...

openSUSE Security Update : libopenssl-devel (openSUSE-SU-2010:0965-2)

Multithreaded OpenSSL servers using the TLS server extension are vulnerable to a buffer overrun attack CVE-2010-3864. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update libopenssl-devel-3562. The...

Nosql-Exploitation-Framework - A FrameWork For NoSQL Scanning and Exploitation Framework

A FrameWork For NoSQL Scanning, Enumeration and Exploitation. NoSQL Databases are schema less databases. They were invented to store data easily and flexibly. NoSQL Databases have gained popularity and its security has always been under the scanner. The NoSQL Exploitation Framework focuses...

openssl: freelist misuse causing a possible use-after-free

Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a multithreaded environment...

DEBIAN-CVE-2010-5298

Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a multithreaded environment...

Race condition

Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a multithreaded environment...

CVE-2010-5298

CVE-2010-5298 – OpenSSL race condition in ssl3_read_bytes (s3_pkt.c) . OpenSSL versions up to 1.0.1g are affected when SSL_MODE_RELEASE_BUFFERS is enabled, enabling a remote attacker to inject data across sessions or cause a denial of service (use-after-free and parsing error) over an SSL connect...

CVE-2010-5298

Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a multithreaded environment...

CVE-2010-5298

Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a multithreaded environment...

CVE-2010-5298

Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a multithreaded environment...

Vulnerability in OpenSSL - SSL_MODE_RELEASE_BUFFERS session injection or denial of service

A race condition in the ssl3readbytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSLMODERELEASEBUFFERS is enabled, which is not the default and not common...

DEBIAN-CVE-2014-1950

Use-after-free vulnerability in the xccpupoolgetinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xccpumapalloc function, which allows local users with access to management functions to cause a denial of service heap corrupti...