This exploit leverages a broken access control vulnerability in Atlassian Confluence servers, enabling an attacker to bypass authentication. By sending a specially crafted request, an unauthorized admin account can be created on the targeted Atlassian server.
This script allows an attacker to spawn a bash-style shell with the webserver UID. It is currently under development and is not fully functional.
This exploit is a Denial of Service (DoS) attack that targets the HTTP protocol. It sends a specially crafted GET request that causes the server to consume excessive resources and become unresponsive.
There is an authentication bypass vulnerability in page=CD35_SETUP_01 that allows you to set a new password even if the password was previously set. By setting a new password with more than 512 characters, the password gets reset and next time you access the router you will be prompted for a new password.
This module exploits a vulnerability in the handling of certain SWF movies within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.
This module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.
This module exploits a memory corruption flaw in Internet Explorer. This flaw was found in the wild and was a key component of the 'Operation Aurora' attacks that lead to the compromise of a number of high profile companies. The exploit code is a direct port of the public sample published to the Wepawet malware analysis site. The technique used by this module is currently identical to the public sample, as such, only Internet Explorer 6 can be reliably exploited.
Unprivileged users can effectively remove the sticky-bit from the system /tmp directory, making it unsafe to rely on the stickiness of /tmp on Red Hat Linux systems.
This exploit sends a crafted packet to a target server, causing it to crash and become unresponsive.
There are multiple unpatched CSRF vulnerabilities in the administration interfaces for various Linksys routers. Exploits are available that allow remote administration of the router and changing the password to '__pwn3d__'. The victim does not necessarily need to be authenticated since the default passwords for all routers are known to be 'admin'. Most browsers provide some degree of protection against these attacks.
Services By CQR