This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions < 2.2.0. This issue is caused by a failure to properly handle unicode characters in OGNL extensive expressions passed to the web server. By sending a specially crafted request to the Struts application it is possible to bypass the "#" restriction on ParameterInterceptors by using OGNL context variables. Bypassing this restriction allows for the execution of arbitrary Java code.
bde580196763354b6003c3f35f903357Struts2/XWork suffers from a remote command execution vulnerability.
7b3e0de9c487574165854c0ba0e90d8eSpring Framework suffers from an arbitrary code execution vulnerability. Versions affected include 3.0.0 to 3.0.2, 2.5.0 to 2.5.6SEC01 (community releases) and 2.5.0 to 2.5.7 (subscription customers).
244b9e7b94b99f806358aa981f7143d2OWASP Stinger and Struts servlet input validation filters suffer from a bypass vulnerability.
09b2efb70510c9796e3e1b76c2a7ee91HITBSecConf2006 Presentation - Yet Another Web Application Testing Toolkit (YAWATT).
b4922f9e8a485ecd99a4cf30eb975cf2OpenCMS versions 6.2.1, 6.2, 6.0.3, and 6.0.4 are vulnerable to multiple access control and input validation vulnerabilities. Other versions may be vulnerable as well. Authenticated users can perform attacks allow arbitrary file access, viewing the source of JSP files, the uploading of malicious files, and more.
cb097692e1a6cd47657ef42b2d8ef9fbBlogger's personal page redirection mechanism contains a classic HTTP response splitting vulnerability in the "Location" HTTP header. The problem occurs due to use of unsanitized user-supplied data in the "Location" HTTP header, which enables attacker to inject CRLF(%0d%0a) characters thus splitting server's response taking full control over the contents of second HTTP response. Exploitation of the vulnerability can lead to cross-site scripting (XSS), cache poisoning and phishing attacks.
6d0529a5d76e9b40136f39019976a540The Linux orinoco driver included in kernel versions less than 2.6.13.4 pads Ethernet frames with uninitialized data, thus allowing remote attackers to obtain parts of memory which may contain sensitive information.
c84258a815ae4479a0ea7cfa744dfb05STIFWare Evolution - Meder and Fyodor have been working on their concept of common framework to unify offensive part of heterogeneous security data and security tools into a single unit - security tools framework. The presentation deals with the evolution of STIF framework into what they call now STIF-ware - a set of STIF relevant modules that would allow the computer security hobbists to build, control and monitor the distributed network of automated hacking agents, guided by set of goals and targets, assigned to the system.
93c0368ab202f180e215595c59b87ec4Xprobe2 is a remote active OS fingerprinting tool which uses advanced techniques such as fuzzy logic.
3ebb89ed9380038d368327816e34ec54Xprobe2 0.2.2 is a remote active OS fingerprinting tool which uses advanced techniques such as fuzzy logic.
8eea1406d035827bb8bfeb0536622e1fXprobe2 is a remote active operating system fingerprinting tool. Xprobe2 uses advanced techniques, such as the usage of fuzzy logic to match fingerprinting results with the tool's signature database and unique fingerprinting methods to provide accurate results.
aaddb4bf793ef573b7fb43ee91bb2224
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed