| Email address | private |
|---|---|
| First Active | 2003-09-13 |
| Last Active | 2015-11-06 |
Java Secure Socket Extension (JSSE) SKIP-TLS exploit that has been tested on JDK 8u25 and 7u72. This is a stand-alone ruby exploit and does not require Metasploit.
a90ce607a0f947ec514acaf7bf40cbc108e1c777beec2ab4ae28f703f377d394OpenSSL alternative chains certificate forgery exploit that has been tested on OpenSSL 1.0.2c, 1.0.2b, 1.0.1o, 1.0.1n, and Fedora 22 (1.0.1k-fips). This is a stand-alone ruby exploit and does not require Metasploit.
8b6f9bcf361b0d86c9e3b63d69ba09cc9e41ac56045a61d07a3c130a7c9e1009This Metasploit module exploits an incomplete internal state distinction in Java Secure Socket Extension (JSSE) by impersonating the server and finishing the handshake before the peers have authenticated themselves and instantiated negotiated security parameters, resulting in a plaintext SSL/TLS session with the client. This plaintext SSL/TLS session is then proxied to the server using a second SSL/TLS session from the proxy to the server (or an alternate fake server) allowing the session to continue normally and plaintext application data transmitted between the peers to be saved. This Metasploit module requires an active man-in-the-middle attack.
22a68679289289a147b9ebdb5f0ea0fe01da2e11c5941c4f87b8111257d42ea5This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.
0be0198fd35b0f082fb3872672e7f1dbe40db0a2ae2abc971e5936c264d03b3bThis Metasploit module exploits a code injection in specially crafted environment variables in Bash, specifically targeting dhclient network configuration scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
79d7a8dc657f6596bbdf6d89daca73b5c6faa99cc6ea47bed9be15fb8d04a23aThis Metasploit module exploits a missing authorization vulnerability in the "update_roles" action of "users" controller of Katello and Red Hat Satellite (Katello 1.5.0-14 and earlier) by changing the specified account to an administrator account.
e0371216c7f1d8860897ca9e5f3d083fc1371c2aca741321b8cb6ff295f73dbfThis Metasploit module exploits a SQL injection vulnerability in the "explorer" action of "miq_policy" controller of the Red Hat CloudForms Management Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier) by changing the password of the target account to the specified password.
b55583d572b94d5be808ddfcb5ca09620c6e831caa6772d47ef4ca397a0d8dfcThis Metasploit module exploits a path traversal vulnerability in the "linuxpkgs" action of "agent" controller of the Red Hat CloudForms Management Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier). It uploads a fake controller to the controllers directory of the Rails application with the encoded payload as an action and sends a request to this action to execute the payload. Optionally, it can also upload a routing file containing a route to the action. (Which is not necessary, since the application already contains a general default route.)
ecc3dfeae56af0d7e8234b449d220c4c30764ffe2c2b2a098d22efcf89701574This Metasploit module exploits a mass assignment vulnerability in the create action of users controller of Foreman and Red Hat OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier) by creating an arbitrary administrator account. For this exploit to work, your account must have create_users permission (e.g., Manager role).
8aba4389b4b51efa17c66a8c2ddaabb0489ae3e020c3f31852637c4d80e383a3This Metasploit module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
c5c9607b201bbed12138b9c01832cadc3f0585df9c929779954f3b1deff22316The Linux kernel failed to properly initialize some entries the proto_ops struct for several protocols, leading to NULL being derefenced and used as a function pointer. By using mmap(2) to map page 0, an attacker can execute arbitrary code in the context of the kernel. Several public exploits exist for this vulnerability, including spender's wunderbar_emporium and rcvalle's ppc port, sock_sendpage.c. All Linux 2.4/2.6 versions since May 2001 are believed to be affected: 2.4.4 up to and including 2.4.37.4; 2.6.0 up to and including 2.6.30.4
9bd69f05ada8cee6b76af8cc4636ab3a3a49a49bfad809f7b97fefaea4e48bb0This is a follow-up document that discusses exploiting the glibc __tzfile_read integer overflow to buffer overflow and leveraging Vsftpd.
9fa157a07080306dfb186dfc7d65fae1fe12c4ff8c7beeb94a90bd9698026603This is a write up that discusses exploiting the glibc __tzfile_read integer overflow to buffer overflow and leveraging Vsftpd.
aa2f52177ccb0dba0def1cbf1e6bb31a25c445b615e0289658b51067f794493eThis is a reverse engineered version of the exploit by ev1lut10n that triggers a denial of service condition using a vulnerability in the Range header of Apache versions 1.3.x, 2.0.64 and below and 2.2.19 and below.
8924bead3b42a1c38477cea3b48584db4ab1b22693ae7553273e5f0bc044c0ffA collection of shellcodes for various platforms such as bsd-x86, linux-x86, sco-x86, and solaris-x86. This project contains a set of assembly components for proof of concept codes on different operating systems and architectures. These components were carefully designed and implemented for maximum reliability, following strict coding standards and requirements, such as system call invocation standards, position independent, register independent and zero free code. A special attention was put on code length when designing and implementing them, resulting in the most reliable and shortest codes for such purpose available today.
5f60ce0fe57bf93f7b9b6dfe2eeef3f12655215826ad25568bf3eafb11595c53This Metasploit module exploits a stack overflow in Borland InterBase by sending a specially crafted create request.
75ccae32e6a681ca52041605578b4c74db2c5a1c796211d8a46bddd7f3d1665bThis Metasploit module exploits a stack overflow in Borland InterBase by sending a specially crafted create request.
7ad400608089f7047729b20b5b39242d6c9b2aa7f9014358c786fa3d52c6c287This Metasploit module exploits a stack overflow in Borland InterBase by sending a specially crafted service attach request.
d3ca8564e0dac6b73da45fac60f76f4deb98eb63f6147abc4897595c43465773This Metasploit module exploits a stack overflow in Borland InterBase by sending a specially crafted attach request.
63172546e969a58b1eeddfce0613c163b394447938646b9e5707ca94544913fbThis Metasploit module exploits a stack overflow in Borland InterBase by sending a specially crafted create request.
6ec0d0b72e02a0c65f646f14cf76eedeab3d9199a07449c8c949412207c2f8d7This Metasploit module exploits a stack overflow in Borland InterBase by sending a specially crafted service attach request.
ab2756fdbe75cf2876139fa363d8263a33fa8d44c707093e27d9ad321e6174dbLinux 2.4 and 2.6 kernel sock_sendpage() NULL pointer dereference exploit. The third and final version of this exploit. This third version features: Complete support for i386, x86_64, ppc and ppc64; The personality trick published by Tavis Ormandy and Julien Tinnes; The TOC pointer workaround for data items addressing on ppc64 (i.e. functions on exploit code and libc can be referenced); Improved search and transition to SELinux types with mmap_zero permission.
4c81627c007c2bba523f9c37b9474159727cda368af2e7454b6bc420e0606a47Linux 2.4 and 2.6 kernel sock_sendpage() NULL pointer dereference exploit. This newer version of the exploit also works with Linux kernel versions that implement COW credentials (e.g. Fedora 11). For SELinux enforced systems, it automatically searches in the SELinux policy rules for types with mmap_zero permission it can transition, and tries to exploit the system with that types.
e7a0caddf89d8627bd0b835e2b2cdebadbbcb4d666e016dac2a4f3f13979e955Linux 2.4 and 2.6 kernel sock_sendpage() local root exploit for powerpc.
7c3b7c143326e680e557cb7d6f0777ebe17c0c85c23641bbd7ba4ac843edfd2eThere exists a vulnerability within a function of Linux eCryptfs (Enterprise Cryptographic Filesystem), which when properly exploited can lead to compromise of the vulnerable system. This vulnerability was confirmed in the Linux kernel version 2.6.30.3. Linux kernel versions 2.6.19 and later have eCryptfs support and may be also affected.
7b90cdef75ea3af4a2047adeb9c65aac0fa6972888b9744805e91c76e8afce1a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed