PyAMF suffers from insufficient AMF input payload sanitization which results in the XML parser not preventing the processing of XML external entities (XXE). A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger denial of service (DoS) conditions or arbitrarily return the contents of files that are accessible with the running application privileges. Versions 0.7.2 and below are affected.
939e9f52f635c72d8bc7877b8213d3c23d28d84296a37c4314ff4368f14040f1
IPy suffers from a blacklist bypass vulnerability.
52330e16a8c0db217b73de740ed229579f3d9b070a700c148046face2ef36557
The Xalan-Java library is a popular XSLT processor from the Apache Software Foundation. The library implements the Java API for XML Processing (JAXP) which supports a secure processing feature for interpretive and XSLCT processors. The intent of this feature is to limit XSLT/XML processing behaviours to "make the XSLT processor behave in a secure fashion". It has been discovered that the secure processing features suffers from several limitations that undermine its purpose. Versions 2.7.0 and above are affected.
2661a94be4bbc4822c2a0c9ff839ec7aafe7ef60fc89113bfb792b62e32262d9
Apache Solr recently patched multiple XXE injection vulnerabilities and a directory traversal vulnerability.
283241697730163df45a2dba0aa6828858f6868f3b33129bdabe8c4bbf74fba4
These are the presentation slides given at Hack in Paris 2013 giving tips and tricks for using Burp Suite Pro.
6eb93e4f370bae913fe79dd342c4f800b20b1c02177cbc5a77b10acdf66ce7e3
This Metasploit module exploits a vulnerability found in HP's StorageWorks P4000 VSA on versions prior to 9.5. By using a default account credential, it is possible to inject arbitrary commands as part of a ping request via port 13838.
1f354fd80321e3a8c75c32db994ccf7fbd51de54814d94d9641e5bfccae9d6f6
This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms.
24c7b9f43ad4bc7ab845971e498435dbb71b35eb0f5542e9973eab4ad82fb513
HP VSA remote command execution exploit.
e2634c82bf61b7660279ef87efb9959dc4f17ce4f09dbbb9b22dc962a374b58e
Some SVG specifications, like SVG 1.1 and SVG tiny 1.2, allow Java code execution when the file is opened. Proof of concept code included.
d11b15fccafdf18190f23d0b7a7f20f25dfc6fada15ef8cba05227b1c2721da0
This Metasploit module exploits a vulnerability in the XSL parser of the XSL Content Portlet. When Tomcat is present, arbitrary code can be executed via java calls in the data fed to the Xalan XSLT processor. If XSLPAGE is defined, the user must have rights to change the content of that page (to add a new XSL portlet), otherwise it can be left blank and a new one will be created. The second method however, requires administrative privileges.
7495092f0f3708dd15dbc023f72927b1df95d3321e5d2ee8abfac8bf7f05f086
This is a python script that uses the Max-Forwards header in HTTP and SIP to perform a traceroute-like scanning functionality.
5e42c04c9cc710f988a0f3080b9bf3da5742497a0cc702712f9040b3b4444404
This Metasploit module exploits a file creation vulnerability in the Webkit rendering engine. It is possible to redirect the output of a XSLT transformation to an arbitrary file. The content of the created file must be ASCII or UTF-8. The destination path can be relative or absolute. This Metasploit module has been tested on Safari and Maxthon. Code execution can be achieved by first uploading the payload to the remote machine in VBS format, and then upload a MOF file, which enables Windows Management Instrumentation service to execute the VBS.
c3cc069840b33d66dc0f5eb936fd86d7c0e81a9ca3077cb540669d0523d716eb
SharePoint 2007 / 2010 and DotNetNuke versions prior to 6 suffer from a file disclosure vulnerability.
8374996d630a396dfa8c66032e2d7425570f3f5bcac4ab501cc5cc12f9a4a0fd
SLP (Service Location Protocol) remote denial of service proof of concept exploit that can trigger the condition via unicast, broadcast, or multicast.
c9ad95fc494bae9d2eb2c0be708f1ac0e9a1c10697cc75ee4e041e68f87945b2
SBLIM SFCB versions up to 1.3.7 suffer from pre-auth remote integer and heap overflow vulnerabilities.
42a0184386c97d12e4c2ad22e97d99cd9c594992d99abe06d01433004567fb5f
This Metasploit module exploits an arbitrary command execution vulnerability in the Barracuda Spam Firewall appliance. Versions prior to 3.1.18 are vulnerable.
98f68f02962b87f0c2a1221f7accf276203796571faa6c22c97dc9329849ad36
phpMyAdmin versions prior to 2.6.1-rc1 suffer from command execution and file disclosure vulnerabilities.
8c02984588af24414345fa396fdc8e625f4669598c3f3c57ac6388d30d94e921
Exaprobe Security Advisory - The w3who.dll in Windows 2000 is susceptible to multiple cross site scripting attacks and a buffer overflow.
8ece849689003d2f57457e84d45b0e4e644b9bb92da86652b968cbe2ed278a03