This Metasploit module exploits a stack based buffer overflow in the CGI version of PHP 5.4.x before 5.4.3. The vulnerability is due to the insecure handling of the HTTP headers. This Metasploit module has been tested against the thread safe version of PHP 5.4.2, from "windows.php.net", running with Apache 2.2.22 from "apachelounge.com".
9911ce27bffaa90bdbd0d7a764559440c9b73d2a107c14d2ddcf46c3708a6749OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
6995314a908498c5904ad2566463c2004b1165ce2b70aeae39b99203e53f670aQNAP Turbo NAS with firmware versions 3.6.1 Build 0302T and below suffer from a command injection vulnerability that allows for remote code execution.
bcec74851c024f2e1466935f495fd1687810e39d50b44f12aa001bc14964e143Joomla hwdVideoShare version r805 suffers from a remote shell upload vulnerability.
bc1e6119f2ed610cbf46770b53e894f80bf571ef0fd6dd76866a7970a5544ce0Expressive suffers from a remote SQL injection vulnerability.
719742cd414eeb3533f6a8fe09ad8f2f72d205bbf4046d2802e193d710e842d7Gate49 suffers from a remote SQL injection vulnerability.
26da9555ed1f769d448d67b2816b5465620fa020b873bdf5b302314bc644eab4Glucone suffers from a remote SQL injection vulnerability.
6b6c790953a313e47f767bcbf9356d4021c0adab153cda27758fe04f8af292ceManol Informatics suffers from a remote SQL injection vulnerability.
6752d7e43a75a70b533ea9a0efa866da86bd5ecd2862477af9206882556add0aMedia K! suffers from a remote SQL injection vulnerability.
207339c70378e0c78d578936f7cd3c9bcb2139b6a881535ab0cbd25e8a765b84Monoloco suffers from a remote SQL injection vulnerability.
eb6e40e3bea3c080719e40543dbf7f007c5a90e6cc9fc560561b2aa933569ef2Smallbiz suffers from a remote SQL injection vulnerability.
0fcfc4f0b435df6d2a9d946a9c55177e726adcb25df3baec36c7d0e40cdd54c0Solcreation suffers from a remote SQL injection vulnerability.
b9b141cdb438e2e18385f3cd84807f397b87bc20008e194edb64588c4950b5a1SYSTMSTERCHI suffers from a remote SQL injection vulnerability.
dfb2932ee4ca852d23143b271a7540ae59e16b1657e2380de28b61b986959b52Web Experience suffers from a remote SQL injection vulnerability.
1a2140363adcc47f391c00b123ad5e2917d76237a3b653a84f87b1919fdd9f2bWebMultiMedia suffers from a remote SQL injection vulnerability.
d194b4b00577fe3c98cbf0c69053101742c4c01d141251533c63293021174424WordPress Organizer plugin versions 1.2.1 and below suffers from cross site scripting, path disclosure, and directory traversal vulnerabilities.
499ba81c5e032c115807a91abe6758588eeb0c10a987d47065e5c933fa096c56Annexwaretexolution suffers from a remote SQL injection vulnerability that allows for authentication bypass.
f9ca2282667d5376953e28788a6e3cd602bd3468bc2680fbae4318a77b4c32dbUC Sniff is a VoIP/UC Sniffer / Assessment / Pentest tool with some useful new features, such as IP Video Sniffing. UCSniff is a Pro of of Concept tool to demonstrate the risk of unauthorized recording of VoIP and Video - it can help you understand who can eavesdrop, and from what parts of your network. It is intended for next generation enterprise VoIP/UC Infrastructures that rely on Voice VLANs to segment UC applications for QoS requirements. UCSniff was born from pentesting and the "VoIP Hopper" tool as an idea to combine automated Voice VLAN Discovery and VLAN Hop with MitM, along with targeted VoIP attacks against users in the VoIP Corporate Directory. Eavesdropping is one of many potential UC-specific attacks that can take place, and UCSniff can be used by other researchers and security professionals as a base tool to explore this idea. UCSniff is a text and GUI application, written in C/C++, that runs in the Linux and Windows OS environment. It is freely available under the GPLv3 license for anyone to download and use.
31c61d8d179ca67e76b8f36f1e366088b663c0282554470ac68d0535614f9b33
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed