This Metasploit module uses a denial-of-service (DoS) condition appearing in a variety of programming languages. This vulnerability occurs when storing multiple values in a hash table and all values have the same hash value. This can cause a web server parsing the POST parameters issued with a request into a hash table to consume hours of CPU with a single HTTP request. Currently, only the hash functions for PHP and Java are implemented. This Metasploit module was tested with PHP + httpd, Tomcat, Glassfish and Geronimo. It also generates a random payload to bypass some IDS signatures.
b029e67e4fc45769ef0806adf780beee36692122a886f5bb14135c025f43efbcThis security advisory discusses how attackers can exploit the downgrade dance and break the cryptographic security of SSL 3.0.
b2ffe2b23e29fc61a2e99711e7ff799ee26f04addd8cccd1516efb84b8489efeExceed onDemand (EoD) suffers from session hijacking, password obfuscation, man-in-the-middle, and authentication bypass vulnerabilities. Proof of concept code provided.
667344493d498ee4a511a4f3cb7bee65b956a21a9dc42e1d4bf5104530d4f3adeasyXDM library versions 2.4.16 and below suffer from cross site scripting and parameter injection vulnerabilities.
19287ecdc95f0de8cf7a407c73fe7767c29a4796809ff7e42f9f42c9b254d703easyXDM library versions prior to 2.4.19 suffer from a cross site scripting vulnerability using the location.hash value.
32a34c0b9a458b9716a047d0c5d149f245276bb10610212af8490aca25078e1cCodeIgniter version 2.1.1 suffers from a cross site scripting filter bypass vulnerability.
3ef2a27952806217b13309e73061a93a5159c4ffa2318c44e42a0fe6cd29d93d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed