This module sends HTTP requests with specially crafted headers making Apache server consume a lot of resources. This attack prevents the victim server from accepting connections from legitimate clients and probably would make the server non-operational. The performance of this exploit depends on the contents of the path parameter. It works better when the requested path points to a static html page, and it's size is not too small.
This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in VLC, which allows user-assisted remote attackers to execute code via a crafted OGG file that triggers format string and overwrites a subroutine pointer during rendering. The module will send an e-mail with a specially crafted HTML page waiting for victim users to connect through it. If target system does not have either the ActiveX plugin (Internet Explorer) or the Mozilla plugin (Firefox, Opera), when the user clicks on the e-mail link the browser will download a file in order to be executed so agent can be deployed. Otherwise, remote file will be executed directly.
The specific flaw exists within the code responsible for ensuring proper privileged execution of methods. If an untrusted method in an applet attempts to call a method that requires privileges, Java will walk the call stack and for each entry verify that the method called is defined within a class that has that privilege. However, this does not take into account an untrusted object that has extended the trusted class without overwriting the target method. Additionally, this can be bypassed by abusing a similar trust issue with interfaces. An attacker can leverage these insecurities to execute vulnerable code under the context of the user invoking the JRE. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime. Authentication is not required to exploit this vulnerability.
In error.php, PhpMyAdmin permits users to insert text and restricted tags (like BBCode). With the tag [a@url@page]Click Me[/a] you can insert your own page, and redirect all users to that page. This can be used to direct users to a page hosting an OS agent.
This module exploits a integer overflow vulnerability in the xpdf and libpoppler software included in most linux distributions. The vulnerability is caused by a integer overflow in the predictor calculation, which causes a buffer overflow in the stack of the StreamPredictor::getNextLine() function. The exploit is triggered when an unsuspecting user opens a specially crafted file distributed via an email.
Subscribe to Linux