AIX

Exploit fixes

This update fixes several non related issues in the exploit component.

TinyWebGallery Remote Code Execution Exploit

This module exploits a TinyWebGallery local file-include vulnerability because TinyWebGallery fails to properly sanitize user-supplied input. The module takes advantage of the logging capabilities of the attacked software to remotely execute arbitrary code.

Apache Range Header DoS

A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

ISC BIND RRSIG Query DoS

RRSIG Queries can trigger a server crash in ISC BIND servers when Response Policy Zones is in use. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

RPT exploits ordering improvements

With this update, RPT will prioritize newer exploits when attacking a target.

Oracle WebLogic Server Apache Connector Exploit Update

Exploits a buffer overflow in the Apache Connector of Oracle WebLogic Server (formerly known as BEA WebLogic Server). The target path used when launching this module against an Apache Server must be handled by the Apache Connector or the exploit will not succeed. This update changes the default connection method for the module.

ProFTPD Telnet IAC Buffer Overflow Exploit

This module exploits a stack overflow vulnerability in proftpd in order to install an agent. The vulnerability is within the function pr_netio_telnet_gets(). The issue is triggered when processing specially crafted Telnet IAC packets delivered to the FTP server.

Apache Range Header DoS Update

A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server. This update fixes an issue when launching the module from an agent running in a Linux system.

PHP Hash Table Collisions DoS Update

This module sends HTTP requests with specially crafted data making the PHP interpreter to consume lot of resources. This attack prevents the victim server from processing requests from legitimate clients and probably will make the server non-operational. This is update fixes an issue when launching the module from an agent running in a linux system.

PHP Hash Table Collisions DoS

This module sends HTTP requests with specially crafted data making the PHP interpreter to consume lot of resources. This attack prevents the victim server from processing requests from legitimate clients and probably will make the server non-operational. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations.