Solaris

Exploit fixes

This update fixes several non related issues in the exploit component.

Asterisk HTTP Digest DoS

This module triggers a stack corruption vulnerability in Asterisk by sending a malformed packet to the 8088/TCP port.

Samba Username Map Script Command Injection Exploit Update

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the SamrChangePassword function, when the "username map script" smb.conf option is enabled. This update adds Solaris support.

PureFTPd Bash Variables Injection Exploit (CVE-2014-6271)

This update includes a module exploiting a vulnerability found in Bash. When using PureFTPd in conjuntion with the vulnerable Bash version for user authentication, a Core Impact agent is installed.

Bash Remote Code Execution Exploit

This update includes a module exploiting a vulnerability found in Bash. When using the vulnerable Bash version as the interpreter for CGI pages, remote code execution through those pages is possible.

TinyWebGallery Remote Code Execution Exploit

This module exploits a TinyWebGallery local file-include vulnerability because TinyWebGallery fails to properly sanitize user-supplied input. The module takes advantage of the logging capabilities of the attacked software to remotely execute arbitrary code.

Joomla 1.5.12 Remote Code Execution Exploit

A vulnerability exists in the TinyMCE editor, included in the tiny browser plugin, which allows uploading files without authentication. This can be exploited to upload files with multiple extensions and execute arbitrary PHP code.

SugarCRM Remote Code Execution Exploit

Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name.

PHPMyAdmin Setup Config Remote Code Execution Exploit

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

Apache Range Header DoS

A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.