This update adds Windows (XP) to the supported target systems for this exploit.
This module exploits a vulnerability in PHPMyAdmin. server_databases.php fails when it attemps to sanitize the sort_by parameter. It allows an attacker to inject code, and execute it on the web server with www-data privileges.
This module exploits a stack buffer overflow vulnerability in the Sourcefire Snort DCE/RPC preprocessor. An unauthenticated, remote attacker can exploit this vulnerability to execute arbitrary code with the privileges of the Snort process.
This update improves the reliability for Redhat Enterprise Linux 4 and FreeBSD 6.2 on Impact 8.0
This update improves the reliability for Redhat Enterprise Linux 4 and FreeBSD 6.2 on Impact 8.0
A Remote Code Execution (RCE) vulnerability has been found in filter/tex/texed.php. Due to the fact this file does not properly check the input parameters, it is possible to exploit this vulnerability in order to execute arbitrary commands on the target server. This module starts a web server on the CORE IMPACT Console to publish the agent, which is downloaded from the target. In order to exploit this vulnerability register_globals must be enabled (in PHP) and the TeX Notation filter in Moodle must be turned on.
This module exploits a Remote Code Execution vulnerability in Mantis version 1.1.3 caused by Mantis handling the sort parameter in manage_proj_page without the proper validation. This allows for remote code execution on Mantis' Web server.
This module exploits a command injection error in the Oracle Secure Backup Administration server.
This module exploits the random number generator in Debian's OpenSSL package being predictable. This vulnerability is used to generate SSH keys and to install an agent into the target host.
The exploit will generate the complete vulnerable keyspace, and will try to log as the provided user. If the user is root, the agent will have superuser capabilities.
This update improves exploit performance when used through Network Attack and Penetration RPT.
The exploit will generate the complete vulnerable keyspace, and will try to log as the provided user. If the user is root, the agent will have superuser capabilities.
This update improves exploit performance when used through Network Attack and Penetration RPT.
This module sends HTTP requests that causes the Squid Web Proxy to stop running.
This module improves several features for client side exploits.
This module exploits a Reflected Cross-Site Scripting vulnerability in Openfire to install an agent.