Qbik WinGate WWW Proxy Server URL Processing Overflow

This module exploits a stack buffer overflow in Qbik WinGate version 6.1.1.1077 and earlier. By sending malformed HTTP POST URL to the HTTP proxy service on port 80, a remote attacker could overflow a buffer and execute arbitrary code. This module requires Metasploit:...

Squid < 3.0.STABLE19 / 3.1.0.14 / 2.6.STABLE23 strListGetItem Function Remote DoS

According to its banner, the version of the Squid proxy caching server installed on the remote host is older than 3.0.STABLE19 / 3.1.0.14 / 2.6.STABLE23. A bug in the 'strListGetItem' function in 'src/HttpHeaderTools.c' can result in an infinite loop when processing a specially crafted auth heade...

squid proxy server DoS

Crash on authentication, crash on DNS reply parsing...

Proxy Server Fix in Latest Apache Update

Developers at the open-source Apache HTTP Server have released version 1.3.42 of the popular web server to patch a moderate security flaw in modproxy. The H Security...

Archive.org Stored Domain URLs

This module pulls and parses the URLs stored by Archive.org for the purpose of replaying during a web assessment. Finding unlinked and old pages. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/http' clas...

SAP NetWaver JPR Proxy Server — Multiple XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver JPR Proxy Vendor URL: Bugs: XSS Exploits: YES Reported: 25.01.2010 Vendor response: 25.01.2010 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Dmitriy Evdokimov Description SAP NetWeaver...

Sun Java System Web Server 6.17.0 - TRACE Heap Buffer Overflow (PoC)

Sun Java System Web Server 6.17.0 - TRACE Heap Buffer Overflow PoC source: https://www.securityfocus.com/bid/37648/info Sun Java System Web Server is prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this issue to crash the affected application or to obtain...

Sun Java System DSEE Multiple Vulnerabilities - Windows

Sun Java System Directory Server Enterprise Edition DSEE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Sun Java System DSEE Multiple Vulnerabilities (Windows)

This host is running Sun Java System Directory Server Enterprise Edition DSEE and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodsunjavadirservermultvulnwin.nasl 5401 2017-02-23 09:46:07Z teissa $ Sun Java System DSEE Multiple Vulnerabilities Windows Authors: Sharath ...

Sun Java System Directory Proxy Server 6.x < 6.3.1.1 Multiple Vulnerabilities.

The remote host is running the Sun Java System Directory Proxy Server, an LDAP application-layer protocol gateway. It is typically provided with Sun Java System Directory Server Enterprise Edition. The installed version of Sun Java System Directory Proxy Server is older than 6.3.1.1 and thus...

Sun Java System Directory Proxy Server 6.x < 6.3.1 Update 1 Multiple Vulnerabilities

Binary data 5289.prm...

CVE-2009-4441

Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SOKEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service connection slot exhaustion via multiple connections, aka Bug Id 6782659...

Code injection

Unspecified vulnerability in the psearch aka persistent search functionality in Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service psearch outage by using a crafted psearch client to send request...

CVE-2009-4442

Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service connection slot exhaustion by making multiple connections an...

CVE-2009-4443

Unspecified vulnerability in the psearch aka persistent search functionality in Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service psearch outage by using a crafted psearch client to send request...

Directory traversal

Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SOKEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service connection slot exhaustion via multiple connections, aka Bug Id 6782659...

CVE-2009-4440

Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges o...

Code injection

Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service connection slot exhaustion by making multiple connections an...

Design/Logic Flaw

Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges o...

CVE-2009-4443

Unspecified vulnerability in the psearch aka persistent search functionality in Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service psearch outage by using a crafted psearch client to send request...