##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
##
xploit Title: PCMan's FTP Server 2.0 Remote Buffer Overflow Exploit
# Date: 2013/6/26
# Exploit Author: Chako
# Vendor Homepage: http://pcman.openfoundry.org/
# Software Download Link: https://files.secureserver.net/1sMltFOsytirTG
# Version: 2.0
# Tested on: Windows 7 SP1 English
#
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
##
#
# Title************************PCMan FTP Server v2.0.7 Remote Root Shell Exploit - USER Command
# Discovered and Reported******June 2013
# Discovered/Exploited By******Jacob Holcomb/Gimppy, Security Analyst @ Independent Security Evaluators
# Exploit/Advisory*************http://infosec42.blogspot.com/
# Software*********************PCMan FTP Server v2.0.7 (Listens on TCP/21)
# Tested Commands*************USER (Other commands were not tested and may be vulnerable)
# CVE**************************PCMan FTP Server v2.0.7 Buffer Overflow: Pending
#
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
##
# Title: AudioCoder 0.8.22 - Direct Retn Buffer OverFlow
# version: 0.8.22 build 5506 (built on May 27 2013, 00:22:49)
# Platform: Windows XP sp3
# Date: June 21th, 2013
# Author: onying (@onyiing)
# Thanks to: Information Security Shinobi Camp | http://www.is2c-dojo.com
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
##
Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities
Vendor: Barracuda Networks, Inc.
Product web page: https://www.barracuda.com
Affected version: 2.3.3.193, Model: V680
Summary: The Barracuda SSL VPN is a powerful plug-and-play appliance
purpose-built to provide remote users with secure access to internal
network resources.
Desc: Barracuda SSL VPN suffers from multiple stored XSS vulnerabilities
when parsing user input to several parameters via POST method. Attackers
can exploit these weaknesses to execute arbitrary HTML and script code in
a user's browser session.
Tested on: Linux 2.4.x, Jetty Web Server
GLPI is prone to a remote PHP code-execution vulnerability.
An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
GLPI 0.83.9 is vulnerable; other versions may also be affected.
An attacker can exploit this issue using a web browser.
The following example URI is available: