This Metasploit module uses a denial-of-service (DoS) condition appearing in a variety of programming languages. This vulnerability occurs when storing multiple values in a hash table and all values have the same hash value. This can cause a web server parsing the POST parameters issued with a request into a hash table to consume hours of CPU with a single HTTP request. Currently, only the hash functions for PHP and Java are implemented. This Metasploit module was tested with PHP + httpd, Tomcat, Glassfish and Geronimo. It also generates a random payload to bypass some IDS signatures.
b029e67e4fc45769ef0806adf780beee36692122a886f5bb14135c025f43efbcTechnical paper detailing the recent flaw discovered in the Google Desktop personal search engine that would allow a third party to read snippets of files.
bc3de621a7d0768b813e469932ef206b664a8991be9263bc21fd71e79a3846a2Analysis of an Electronic Voting System - This paper describes several security flaws in Diebold electronic voting machines. Voters may be able to cast multiple ballots with little built in traceability, administrative functions can be performed by regular voters, and inside poll workers, software developers, and janitors can rig the vote. The smart card system is insecure and uses plaintext passwords. The code appears unaudited and there is no ability to do a paper recount.
4195f132bcaecb86b41e4710a96c5bfb1819b0c3bcee08b19876dba8e2cfdd2e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed