This update includes a module that executes a program designed to test a buffer overflow in glibc's __nss_hostname_digits_dots function. The function is used by the gethostbyname*() functions family used for name resolution. Under some circumstances, the use of those functions when the vulnerable underlying function is present, may lead to remote code execution, privilege escalation, or information disclosure.
This module exploits a vulnerability in the Linux Kernel. The futex_requeue function in kernel/futex.c in the Linux kernel does not ensure that calls have two different futex addresses, which allows local attackers to gain privileges via a crafted FUTEX_REQUEUE command.
This update includes a module implementing a DHCP server that'll attack querying hosts using the GNU Bash Environment Variables Injection vulnerability.
This module exploits a vulnerability in Apache Struts. The specific vulnerability is in the ParametersInterceptor, which allows a direct manipulation of the ClassLoader and as a result an attacker can execute arbitrary Java code in the target machine.
This update adds support for Apache Struts 2.3.16, Windows (x86 and x64) and Linux (x64) platforms.
This update adds support for Apache Struts 2.3.16, Windows (x86 and x64) and Linux (x64) platforms.
OpenSSL is susceptible to a buffer overflow vulnerability. This issue allows remote attackers to crash a vulnerable server.
This module exploits a buffer overflow vulnerability in OpenSSL by sending a crafted packet to port 10161, causing a denial of service effect.
This module exploits a buffer overflow vulnerability in OpenSSL by sending a crafted packet to port 10161, causing a denial of service effect.
This update is to add the exploit in order to attack Drupal core CMS 7.x versions prior to 7.32 using default configuration (CVE-2014-3704).
This update add verification for CVE-2014-6278 to all available attack
vectors.
vectors.
This module exploits a vulnerability in the Linux Kernel. The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local attackers to escalate privileges triggering a race condition involving read and write operations with long strings.
This update adds support for Ubuntu 14.04.
This update adds support for Ubuntu 14.04.
A vulnerability in GNU Bash when processing trailing strings after function definitions in the values of environment variables allows remote attackers to execute arbitrary code via a crafted environment.
This vulnerability can be leveraged to bypass restricted SSH access (i.e. when the SSH server forces the execution of a specific command, ignoring any command supplied by the client, either by specifying a 'ForceCommand' directive in the 'sshd_config' file, or by using the 'command' keyword in the 'authorized_keys' file) when the default shell for the user is Bash, allowing the remote attacker to execute arbitrary commands on the vulnerable system.
The module included leverages this vulnerability to install an agent.
This vulnerability can be leveraged to bypass restricted SSH access (i.e. when the SSH server forces the execution of a specific command, ignoring any command supplied by the client, either by specifying a 'ForceCommand' directive in the 'sshd_config' file, or by using the 'command' keyword in the 'authorized_keys' file) when the default shell for the user is Bash, allowing the remote attacker to execute arbitrary commands on the vulnerable system.
The module included leverages this vulnerability to install an agent.
MediaWiki with DjVU or PDF file upload allows a remote attackers to execute arbitrary commands by exploting a bug in the with parameter in thumb.php while previewing the uploaded file.