Family Connections CMS 2.7.1 Remote Command Execution

$theme = isset$argv1 ? $argv1 : 'default'; system"clear"; if fileexists"$dir/themes/$theme/style.css" echo "\n themes/$theme/style.css already exists.\n\n"; echo "Overwrite y/n ? "; $handle = fopen "php://stdin","r"; $line = fgets$handle; if trim$line != 'y' exit; $worked = system"php -q...

OpenSSH >= 2.3.0 AllowTcpForwarding Port Bouncing

According to its banner, the remote host is running OpenSSH, version 2.3.0 or later. Such versions of OpenSSH allow forwarding TCP connections. If the OpenSSH server is configured to allow anonymous connections e.g. AnonCVS, remote, unauthenticated users could use the host as a proxy. C Tenable,...

Fedora Update for squid FEDORA-2011-15256

Check for the Version of squid OpenVAS Vulnerability Test Fedora Update for squid FEDORA-2011-15256 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

http-vuln-cve2011-3368 NSE Script

Tests for the CVE-2011-3368 Reverse Proxy Bypass vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests: the loopback test, with 3 payloads to handle different rewrite rules the internal hosts test. According to Contextis, we expect a delay before a server error. Th...

CentOS Update for httpd CESA-2011:1392 centos4 i386

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1392 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

UPnP requests accepted over router WAN interfaces

Overview Some Internet router devices incorrectly accept UPnP requests over the WAN interface. Description Universal Plug and Play UPnP is a networking protocol mostly used for personal computing devices to discover and communicate with each other and the Internet. Some UPnP enabled router device...

New Aldi Botnet Aims to Be "People's Bot" for Under $10

A new, exceptionally cheap botnet builder has surfaced called Aldi Bot and is for sale online for as little as US $8. Aldi Bot first appeared in August and is named after the popular supermarket chain, according to a post this week on GData’s SecurityBlog. Its authors initially offered it for €10...

[SECURITY] Fedora 14 Update: squid-3.1.15-1.fc14

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

RealVNC NULL Authentication Mode Bypass

This module exploits an Authentication bypass Vulnerability in RealVNC Server version 4.1.0 and 4.1.1. It sets up a proxy listener on LPORT and proxies to the target server The AUTOVNC option requires that vncviewer be installed on the attacking machine. This module requires Metasploit:...

RealVNC 4.1 Authentication Bypass

No description provided by source. $Id: realvnc41bypass.rb 13641 2011-08-26 04:40:21Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

NFC connectivity troubleshooting steps

Challenge A job fails with an error related to NFC Network File Copy connectivity. For example: Error: NFC storage connection is unavailable. Failed to create NFC download stream. Failed to create NFC upload stream. Cause The cause of most NFC errors fall into 4 primary categories: DNS The proxy ...

RealVNC Authentication Bypass

Exploit for windows platform in category remote exploits $Id: realvnc41bypass.rb 13641 2011-08-26 04:40:21Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information ...

Blue Coat Authentication and Authorization Agent (BCAAA) 5 - Remote Buffer Overflow (Metasploit)

$Id: bcaaabof.rb 13137 2011-07-09 04:10:52Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Nmap NSE net: socks-open-proxy

Checks if an open socks proxy is running on the target. The script attempts to connect to a proxy server and send socks4 and socks5 payloads. It is considered an open proxy if the script receives a Request Granted response from the target port. The payloads try to open a connection to...

FreeBSD Ports: tinyproxy

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

TinyBB 1.4 - Blind SQL Injection Full Path Disclosure

TinyBB 1.4 - Blind SQL Injection Full Path Disclosure Exploit Title : TinyBB 1.4 Sql Injection + Path Disclosure Google Dork : "Proudly powered by TinyBB" Date : 7 April 2011 Author : swami Contact : flaviodotbaldassiatgmaildotcom Version : 1.4 Tested on : Centos 5.5 with magicquotesgpc off Thank...

iCMS 1.1 - Admin SQL Injection Brute Force

iCMS 1.1 - Admin SQL Injection Brute Force !/usr/bin/python INFORMATION Exploit Title: iCMS v1.1 Admin SQLi/bruteforce Exploit Author: TecR0c Date: 18/3/2011 Software link: http://bit.ly/hbYy35 Tested on: Linux bt Version: v1.1 XXX: The likelihood of this exploit being successful is low as it...

IF-CMS 2.07 - Local File Inclusion (1)

!/usr/bin/python INFORMATION Exploit Title: If-CMS 2.07 Pre-Auth Local File Inclusion 0day Exploit Author: TecR0c Date: 13/3/2011 Software link: http://bit.ly/hh9ZB4 Tested on: Linux bt Version: 2.07 PHP.ini Settings: gpcmagicquotes = Off import...

N'CMS 1.1E Pre-Auth Local File Inclusion Code Execution

!/usr/bin/python INFORMATION Exploit Title: NCMS 1.1E Pre-Auth Local File Inclusion Remote Code Exploit Date: 11/3/2011 Software link: http://bit.ly/eJAyw5 Tested on: Linux bt Version: 1.1E PHP.ini Settings: gpcmagicquotes = Off Note: The web application was lucky to not be exploited by session...

N`CMS 1.1E - Local File Inclusion / Remote Code

!/usr/bin/python INFORMATION Exploit Title: NCMS 1.1E Pre-Auth Local File Inclusion Remote Code Exploit Date: 11/3/2011 Software link: http://bit.ly/eJAyw5 Tested on: Linux bt Version: 1.1E PHP.ini Settings: gpcmagicquotes = Off Note: The web application was lucky to not be exploited by session...