et

11 exploits Active since Aug 2002
CVE-2015-4000 METASPLOIT LOW ruby SCANNER
OpenSSL 1.0.1-1.0.1l - Man-in-the-Middle Cipher Downgrade via DHE_EXPORT
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
CVSS 3.7
CVE-2013-2566 METASPLOIT MEDIUM ruby SCANNER
Oracle Communications Application Session Controller 3.0.0-3.9.1 - Inadequate Encryption Strength via RC4 Algorithm
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
CVSS 5.9
CVE-2011-3389 METASPLOIT ruby SCANNER
SSL - Info Disclosure
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
CVE-2016-0800 METASPLOIT MEDIUM ruby SCANNER
OpenSSL <1.0.1s, 1.0.2 before 1.0.2g - RCE
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
CVSS 5.9
CVE-2022-3358 METASPLOIT HIGH ruby SCANNER
OpenSSL 3.0.0-3.0.5 - NULL Pointer Dereference via Legacy Custom Cipher Handling
OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).
CVSS 7.5
CVE-2009-1122 METASPLOIT ruby WORKING POC
Microsoft Internet Information Services 5.0 - Authentication Bypass via WebDAV URL Decoding
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
CVE-2014-3566 METASPLOIT LOW ruby SCANNER
SSL/TLS Version Detection
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVSS 3.4
CVE-2009-1535 METASPLOIT ruby WORKING POC
Internet Information Services 5.1 and 6.0 - Authentication Bypass via Unicode %c0%af URI Obfuscation
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
CVE-2002-0422 METASPLOIT ruby SCANNER
Internet Information Services 5.0-5.1 - Internal IP Address Exposure via WebDAV Methods
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.
CVE-2004-1135 METASPLOIT ruby WORKING POC
WS_FTP Server 5.03 2004.10.14 - Denial of Service via Long SITE, XMKD, MKD, or RNFR Commands
Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.
CVE-2004-1135 EXPLOITDB ruby WORKING POC
WS_FTP Server 5.03 2004.10.14 - Denial of Service via Long SITE, XMKD, MKD, or RNFR Commands
Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.