17/07/11

Hack Tools/Exploits part 2

Packetstorm Exploits

  1. HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow - This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute arbitrary code.
  2. HP OpenView Network Node Manager Toolbar.exe CGI Cookie Handling Buffer Overflow - This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.0 and 7.53. By sending a CGI request with a specially OvOSLocale cookie to Toolbar.exe, an attacker may be able to execute arbitrary code. Please note that this module only works against a specific build (ie. NNM 7.53_01195)
  3. Java RMI Server Insecure Default Configuration Java Code Execution - This Metasploit module takes advantage of the default configuration of the RMI Registry and RMI Activation services, which allow loading classes from any remote (HTTP) URL. As it invokes a method in the RMI Distributed Garbage Collector which is available via every RMI endpoint, it can be used against both rmiregistry and rmid, and against most other (custom) RMI endpoints as well. Note that it does not work against Java Management Extension (JMX) ports since those do not support remote class loading, unless another RMI endpoint is active in the same Java process. RMI method calls do not support or require any sort of authentication.
  4. MyST BlogSite URL Redirect / Information Leakage - MyST BlogSite suffers from arbitrary URL redirection and information leakage vulnerabilities.
  5. Interactive World SQL Injection - Interactive World suffers from cross site scripting and remote SQL injection vulnerabilities.
  6. Chyrp 2.1 XSS / LFI / Directory Traversal / Shell Upload - Chyrp versions 2.1 and below suffer from cross site scripting, local file inclusion, shell upload, and directory traversal vulnerabilities. Both the oCERT and original advisories are included here.
  7. Dell IT Assistant detectIESettingsForITA.ocx Remote Registry Dump - Dell IT Assistant detectIESettingsForITA.ocx Active-X control readRegVal() remote registry dump exploit.
  8. Paltalk Messenger 10.0 Insecure Method - Paltalk Messenger version 10.0 suffers from an Active-X insecure method vulnerability.
  9. Etoshop Blind SQL Injection - Etoshop suffers from a remote blind SQL injection vulnerability.
  10. Net Quality Web Design SQL Injection - Net Quality Web Design suffers from a remote SQL injection vulnerability.

Securiteam Exploits

  1. Apple Safari Text Nodes Use-after-free Vulnerability - Apple Safari contains a vulnerability caused by a use-after-free error in the WebKit library when processing certain text nodes.
  2. Cisco IPSec VPN Implementation Group Name Enumeration Vulnerability - Cisco IPSec VPN Implementation suffers from a Group Name Enumeration Vulnerability.
  3. Apache Tomcat ServletSecurity Annotation Security Bypass Vulnerability - A vulnerability has been identified in Apache Tomcat, which could be exploited by attackers to bypass restrictions.
  4. Related Posts WordPress Plugin Cross Site Scripting Vulnerability - The Related Posts WordPress Plugin contains a Cross Site Scripting Vulnerability.
  5. Recaptcha WordPress Plugin Cross Site Scripting Vulnerability - The WordPress Recaptcha Plugin contains a Cross Site Scripting Vulnerability.

nb : darknet

Tidak ada komentar:

Posting Komentar