Penetration Testing Wiki
Author: Jacobo Avariento GimenoRelease Date: May 8, 2009CVE/bugtraq id: Not assigned yetSeverity: Low/Medium Vendor’s Description of Software:“Vpopmail is a free GPL package developed by Inter7 to provide an easy way to manage virtual email domains and non /etc/passwd email accounts for qmail or postfix mail servers.” [1] “qmailAdmin is a free software package that provides…
Read more
Public Release Date of POC: 2008-12-22Author: Jacobo AvarientoCVE id: CVE-2008-5619Bugtraq id: 32799Severity: CriticalVulnerability reported by: RealMurphy Intro Roundcube Webmail is a browser-based IMAP client that uses “chuggnutt.com HTML to Plain Text Conversion” library to convert HTML text to plain text, this library uses the preg_replace PHP function in an insecure manner. Vulnerable versions RoundCube Webmail…
Read more
Some notes on how to find the right address in your specific environment to exploit Apache On my environment Debian Sarge with Apache 1.3.34 installed from apt-get, the address which I had to jump to execute the shellcode was 0x0834ae77. As this address it is not helpful at all in exactly the same conditions, here…
Read more
CVE-2006-3747 POC & exploit for Apache 1.3/2.0/2.2 mod_rewrite off-by-one, SecurityFocus https://www.securityfocus.com/archive/1/443870 Vulnerable Apache Versions 1.3 branch: >1.3.28 and <1.3.37 2.0 branch: >2.0.46 and <2.0.59 2.2 branch: >2.2.0 and <2.2.3 However, due to the nature of the off-by-one sensitive exploitation not all the vulnerables versions are exploitables ones. I did a successful attack on Apache 1.3.34…
Read more
In this post I will explain how the stack is structured in Linux and how to exploit successfully a buffer overflow with only 1 byte overflowed (off-by-one technique).