14 matches found
EUVD-2012-6579
Malware in sbrugna...
CVE-2012-10034
ClanSphere 2011.3 is vulnerable to a local file inclusion LFI flaw due to improper handling of the cslang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further...
ClanSphere 2011.3 Local File Inclusion
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ClanSphere 2011.3 Local File Inclusion Vulnerability', 'Description' = %q This module exploits a directory traversal flaw found in Clansphere...
Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules
Openstack Compute Nova Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service CPU and hard drive consumption via a network request that triggers a large number of iptables rules...
ClanSphere 2011.3 (cs_lang cookie parameter) Local File Inclusion
No description provided by source. Exploit Title: ClanSphere 2011.3 cslang cookie parameter Local File Include Vulnerability Google Dork: Copyright 2012 Seitentitel. All rights reserved. || inurl:index.php?mod=clansphere Date: 10/22/2012 Author: Marco Tulio blkhtc0rp Vendor Homepage:...
ClanSphere 2011.3 Local File Inclusion Vulnerability
This module exploits a directory traversal flaw found in Clansphere 2011.3. The application fails to handle the cslang parameter properly, which can be used to read any file outside the virtual directory. This module requires Metasploit: https://metasploit.com/download Current source:...
ClanSphere 2011.3 Local File Inclusion / Remote Code Execution
Exploit Title: ClanSphere 2011.3 cslang cookie parameter Local File Inclusion Vulnerability Google Dork: "Copyright 2012 Seitentitel. All rights reserved." || inurl:index.php?mod=clansphere Date: 10/24/2012 Author: Marco Tulio blkhtc0rp Vendor Homepage: http://www.csphere.eu Version: 2011.3 Teste...
ClanSphere 2011.3 Local File Inclusion / Remote Code Execution Vulnerabilities
ClanSphere version 2011.3 suffers from a local file inclusion vulnerability in the cslang cookie parameter. This advisory has two exploits included and one of them uses /proc/self/environ to launch a connect-back shell. Exploit Title: ClanSphere 2011.3 cslang cookie parameter Local File Inclusion...
ClanSphere 2011.3 - 'cs_lang' Cookie Local File Inclusion
Exploit Title: ClanSphere 2011.3 cslang cookie parameter Local File Include Vulnerability Google Dork: "Copyright 2012 Seitentitel. All rights reserved." || inurl:index.php?mod=clansphere Date: 10/22/2012 Author: Marco Tulio blkhtc0rp Vendor Homepage: http://www.csphere.eu Version: 2011.3 Tested...
ClanSphere 2011.3 - cs_lang Cookie Local File Inclusion
ClanSphere 2011.3 - cslang Cookie Local File Inclusion Exploit Title: ClanSphere 2011.3 cslang cookie parameter Local File Include Vulnerability Google Dork: "Copyright 2012 Seitentitel. All rights reserved." || inurl:index.php?mod=clansphere Date: 10/22/2012 Author: Marco Tulio blkhtc0rp Vendor...
CVE-2012-2101
OpenStack Compute (Nova) in Folsom, 2012.1, and 2011.3, is vulnerable because it does not cap the number of security group rules. This allows remote authenticated users with certain permissions to trigger a denial of service by issuing a network request that creates a large number of iptables rul...
DEBIAN-CVE-2012-0030
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified projectid URI parameter...
Authentication flaw
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified projectid URI parameter...
CVE-2012-0030
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified projectid URI parameter...