CVE-2013-5035

Vulnerability: Race conditions in HtmlCleaner (library used by Open-Xchange AppSuite) allow remote authenticated users to read other users’ private emails when rapid mail-send or draft-save operations occur. Affected versions: HtmlCleaner prior to 2.6; Open-Xchange AppSuite 7.2.2 before rev13 (an...

Ultra Mini HTTPD Stack Buffer Overflow

This module exploits a stack based buffer overflow in Ultra Mini HTTPD 1.21, allowing remote attackers to execute arbitrary code via a long resource name in an HTTP request. This exploit has to deal with the fact that the application's request handler thread is terminated after 60 seconds by a...

CVE-2013-3724

The mkrequestheaderprocess function in mkrequest.c in Monkey 1.1.1 allows remote attackers to cause a denial of service thread crash and service outage via a '\0' character in an HTTP request...

CVE-2013-3724

The mkrequestheaderprocess function in mkrequest.c in Monkey 1.1.1 allows remote attackers to cause a denial of service thread crash and service outage via a '\0' character in an HTTP request...

MojoPortal 2.3.9.7 Cross Site Scripting

Class Stored Cross-Site Scripting Remote Yes Credit Michael Savage of Dionach [email protected] Vulnerable MojoPortal 2.3.9.7 MojoPortal is prone to a stored cross-site scripting vulnerability because it does not escape the titles of forum threads when inserting into the page title element. An...

Oracle Linux 5 : boost (ELSA-2012-0305)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0305 advisory. 1.33.1-15 - Fix bugs in parsing invalid regexps - Resolves: 766755 1.33.1-14 - Delete leftover .orig files after patches are successfully applied...

Oracle Linux 4 : cyrus-sasl (ELSA-2007-0795)

From Red Hat Security Advisory 2007:0795 : An updated cyrus-sasl package that addresses a security issue and fixes various other bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The cyrus-sas...

Bifrost 1.2d - Remote Buffer Overflow Vulnerability

Exploit for windows platform in category remote exploits !/usr/bin/python2.7 By : Mohamed Clay import socket from time import sleep from itertools import izip, cycle import base64 import threading import sys def rc4cryptdata, key: x = 0 box = range256 for i in range256: x = x + boxi + ordkeyi %...

LotusCMS 3.0 PHP Code Execution

LotusCMS version 3.0 remote PHP code execution exploit as disclosed in 2011. It spawns a reverse shell. !/usr/bin/python Script that spawns a reverse shell python on vulnerable LotusCMS 3.0 installations. Uses a simple PHP eval vulnerability. http://secunia.com/secuniaresearch/2011-21/ infodox -...

MyMarket 1.72 bypass admin login & product_details blind sqli

Exploit for php platform in category web applications Exploit Title: MyMarket 1.72 bypass admin login & productdetails blind sqli Google Dork: intext:"MyMarket version 1.71" Tested on: Linux Bug finder & Exploit Coder:NEt Bomber http://fb.me/net.bomba Beside other sqli exploits found on exploits...

[jSQL Injection v0.4] Java tool for automatic database injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Version 0.4 features: GET, POST, header, cookie methods Normal, error based, blind, time based algorithms Automatic...

The Windows kernel-EPATHOBJ 0day exploit-vulnerability warning-the black bar safety net

This vulnerability is through the PATHALLOCfor memory pressure of the test broke, the first use of PATHRECpointing to the same user space PATHREC EPATHOBJ::bFlatten it will”spin”for an unlimited linked list traversal. Such as:PathRecord-next = PathRecord; Although it will spin,but it will be by...

kernel security update

CentOS Errata and Security Advisory CESA-2013:0847 Updated kernel packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring...

win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase

Exploit for windows platform in category dos / poc I'm quite proud of this list cycle trick, here's how to turn it into an arbitrary write. First, we create a watchdog thread that will patch the list atomically when we're ready. This is needed because we can't exploit the bug while HeavyAllocPool...

[Show Threads] Tool to list all the Threads in the running Process

Show Threads is the small command-line Tool to list all the Threads in the running Process. You can either specify the Process ID or Process Name to enumerate the threads. For each thread, it displays Thread ID and the Base Priority. Being a command-line tool makes it easy for automation. It can ...

RedHat Update for glibc RHSA-2013:0769-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenJDK: java.beans.ThreadGroupContext missing restrictions (Beans, 7200507)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans...

Janissaries Joomla Civicrm Shell Upload

||| /|/ | /\ | //|| /\ / / / / / / /// ----------------------------------------------------------------------------- Janissaries Joomla ComCivicrm Exploitation Tool with MultiThread Coded by Miyachung Stay away from lamers o.O Contact: [email protected] Special Thanks : B127Y Site:...

RedHat Update for 389-ds-base RHSA-2013:0742-01

Check for the Version of 389-ds-base OpenVAS Vulnerability Test RedHat Update for 389-ds-base RHSA-2013:0742-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

CentOS Update for 389-ds-base CESA-2013:0742 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scripttagname:"affected",...