This update fixes several non related issues in the exploit component.
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. This module works if map:map_yp_alias is set as the imap server address in config.php, which is not the default setting.
This update improves os detection and adds runtime cost.
This update improves os detection and adds runtime cost.
Exploits a buffer overflow in the Apache Connector of Oracle WebLogic Server (formerly known as BEA WebLogic Server). The target path used when launching this module against an Apache Server must be handled by the Apache Connector or the exploit will not succeed.
This update changes the default connection method for the module.
This update changes the default connection method for the module.
A denial of service vulnerability has been found in the way the multiple
overlapping ranges are handled by the Apache HTTPD server.
This update fixes an issue when launching the module from an agent running
in a Linux system.
overlapping ranges are handled by the Apache HTTPD server.
This update fixes an issue when launching the module from an agent running
in a Linux system.
This module sends HTTP requests with specially crafted data making the
PHP interpreter to consume lot of resources. This attack prevents the
victim server from processing requests from legitimate clients and
probably will make the server non-operational.
This is update fixes an issue when launching the module from an agent running in a linux system.
PHP interpreter to consume lot of resources. This attack prevents the
victim server from processing requests from legitimate clients and
probably will make the server non-operational.
This is update fixes an issue when launching the module from an agent running in a linux system.
This module sends HTTP requests with specially crafted data making the
PHP interpreter to consume lot of resources. This attack prevents the
victim server from processing requests from legitimate clients and
probably will make the server non-operational.
This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
PHP interpreter to consume lot of resources. This attack prevents the
victim server from processing requests from legitimate clients and
probably will make the server non-operational.
This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
A denial of service vulnerability has been found in the way the multiple
overlapping ranges are handled by the Apache HTTPD server.
This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
overlapping ranges are handled by the Apache HTTPD server.
This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
RRSIG Queries can trigger a server crash in ISC BIND servers when Response Policy Zones is in use.
This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
With this update, RPT will prioritize newer exploits when attacking a target.
This module exploits a stack overflow vulnerability in proftpd in order to install an agent. The vulnerability is within the function pr_netio_telnet_gets(). The issue is triggered when processing specially crafted Telnet IAC packets delivered to the FTP server.