This is a NSE script written for nmap that adds vulnerability scanning.
83f3c568ec7872a28bedb9da04a868377573b2544d75b2e1d2a7e96f0de281aa
DotNetNuke DNNArticle module versions 10.0 and below suffer from a remote SQL injection vulnerability.
3418ca4d1ae20f2fa6d4bc50f7515ed9bbbff0fa1ebe71846e7fb3de94fd2c36
Drupal Password Policy third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.
c40e41a826657748ed02ee7f8067fcec7db89f9c774f0574fccd0d67621dd868
Drupal Entity API version 7.x suffers from an access bypass vulnerability.
306ad4a749d55e82431c05e5f483a030e0fea776244a2611db478fa23950bfec
Drupal BOTCHA Spam Prevention third party module version 7.x suffers from an information disclosure vulnerability.
e75e969fb138b8aa3836533eddc56d325b52dfa0dd6b756b49f028b37e2b0aa4
BIND is exposed to a new vulnerability which can be exploited remotely in order to derandomize the name server selection algorithm. Exploitation of this vulnerability can be used in conjunction with other off-path DNS cache poisoning exploits in order to make them more efficient. ISC has acknowledged the vulnerability and plans to address this deficiency by re-implementing the SRTT algorithm in future maintenance releases of the BIND 9 code. This whitepaper goes into great detail regarding this issue.
84356c82ef3047b3388b1711d4f92e2ade893d39556c93520d7e0953f3faf27f
Ubuntu Security Notice 1927-1 - Paul Collins discovered that libimobiledevice incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files and access device keys. In the default Ubuntu installation, this issue should be mitigated by the Yama link restrictions.
f119bb9310e69655e310ff5fd8b5ab4e4715f2598b8ece8795beafcd0f842e7f
Ubuntu Security Notice 1926-1 - David Gibson discovered that SPICE incorrectly handled certain network errors. An attacker could use this issue to cause the SPICE server to crash, resulting in a denial of service.
cf1acb68ba0a829481703e54c3382683d9a83d1059212ebee71b20e35b60e212
Tunna is an HTTP tunneling framework that encapsulates TCP traffic and can bind ports from the remote host to the localhost. It can be used to bypass firewall restrictions when testing web applications. It integrates with Metasploit.
c34b4727681dca141173b9fb57f1fa072bb84acc0eef0ce9d956ba209d64326d
This bulletin summary lists two re-released Microsoft security bulletins for August, 2013.
066f7e15f031a55988c403f8d1948b35ece80a4583eaab245bf5e9faa005da1f
Drupal versions 7.22 and 6.28 suffer from cross site scripting vulnerabilities.
e04775da7a9ee6e34c96ad35efc7a981fa752926363c46cfdef6ebd1d28e355d
This Metasploit module exploits a boundary condition error in Intrasrv Simple Web Server 1.0. The web interface does not validate the boundaries of an HTTP request string prior to copying the data to an insufficiently large buffer. Successful exploitation leads to arbitrary remote code execution in the context of the application.
49e8f27267aed47c682375ea5911705765e895cff8046206e064332f203dd75a
This Metasploit module exploits a vulnerability in MiniWeb HTTP server (build 300). The software contains a file upload vulnerability that allows an unauthenticated remote attacker to write arbitrary files to the file system. Code execution can be achieved by first uploading the payload to the remote machine as an exe file, and then upload another mof file, which enables WMI (Management Instrumentation service) to execute the uploaded payload. Please note that this module currently only works for Windows before Vista.
b4d11d94bdfda21fed51296f5789bea65f23c1f03f5b7bd525895268f5a560b0
This Metasploit module exploits a stack based buffer overflow in Ultra Mini HTTPD 1.21 allowing remote attackers to execute arbitrary code via a long resource name in an HTTP request.
038f10bb10c9227f8c10522b7408feabf6f8db03f7a4f6c92e23b302fab084dd
This Metasploit module exploits a buffer overflow vulnerability found in Chasys Draw IES (version 4.10.01). The vulnerability exists in the module flt_BMP.dll, while parsing BMP files, where the ReadFile function is used to store user provided data on the stack in a insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted BMP file. This Metasploit module has been tested successfully with Chasys Draw IES 4.10.01 on Windows XP SP3 and Windows 7 SP1.
56e7fba84288627ba505da717c62532dbb987a53ddb5f03f8701ff982a5809ad
This Metasploit module exploits a vulnerability found in Joomla 2.5.x up to 2.5.13, as well as 3.x up to 3.1.4 versions. The vulnerability exists in the Media Manager component, which comes by default in Joomla, allowing arbitrary file uploads, and results in arbitrary code execution. The module has been tested successfully on Joomla 2.5.13 and 3.1.4 on Ubuntu 10.04. Note: If public access isn't allowed to the Media Manager, you will need to supply a valid username and password (Editor role or higher) in order to work properly.
346ac09164eab95f37585db1e9d762bf419fcb281b6d4c1fd3c23cf6499a9c20
TCP uses 32 bit Seq/Ack numbers in order to make sure that both sides of a connection can actually receive packets from each other. Additionally, these numbers make it relatively hard to spoof the source address because successful spoofing requires guessing the correct initial sequence number (ISN) which is generated by the server in a non-guessable way. It is commonly known that a 32 bit number can be brute forced in a couple of hours given a fast (gigabit) network connection. This article shows that the effort required for guessing a valid ISN can be reduced from hours to minutes if the server uses TCP SYN Cookies (a widely used defense mechanism against SYN-Flooding DOS Attacks), which are enabled by default for various Linux distributions including Ubuntu and Debian.
b8f8a5a1565210c001b8928ecc2c9c00ee0638f668d5a0c9e076bda0c08391c5
This code was written to perform auto-installation of the Bash 3.0 shell sniffer tool.
0db5bc9774ba0b32ffa49115373f366cf35e5d084ff60d03694a15a033162885
This code is a shell sniffer that logs keystrokes for bash 3.0.
9b35fdfae427711f593e60b66dab25db64fbb15c2814f7d9219d9aed5f0ee9e0
Spitefire CMS version 1.1.4 suffers from a cross site request forgery vulnerability.
ea3407f1824ad7c77a3cacdc1905bae5111be20f4e6cfb3d3bf1e7fb544d7510
Soltech CMS version 0.4 suffers from a remote SQL injection vulnerability.
c456e6512195b6a7b73173fbd126978ba516f9a26da09e2b8db06a723582941d
The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.
c91966468587a351ac5a5ab7a6a5efec2d287d47df6ed6e6126cbf0ebccbe4b2
The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.
f02354c5057ad3ef8f665611f60e6520a4278402c6472e75be9045ca31f8566e