3489 matches found
Apple iOS Sensitive Information Disclosure Vulnerability (CNVD-2015-06171)
Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security vulnerability exists in Apple iOS that allows a malicious remote FTP server to obtain sensitive information on other host systems...
AirDrop vulnerability: millions of Apple devices can be silently installed malicious application-vulnerability warning-the black bar safety net
AirDrop file transfer feature on a vulnerability exists, a malicious application may be silently installed on millions of Apple device, and replace the legitimate app. AirDrop is Apple developed for inter-device direct technology to transfer files, but security researchers Mark Dowd was in iOS an...
The vulnerability of the microprogramming software of the Cisco TelePresence Video Communication Server allows a intruder to circumvent existing restrictions on access to configuration files.
The vulnerability of the Microprogramming Software of the Cisco TelePresence Video Communication Server lies in the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, who operates remotely and has completed the authentication process, to circumvent existi...
Powershell Netcat: PowerCat
powercat is a powershell function. First you need to load the function before you can execute it. You can put one of the below commands into your powershell profile so powercat is automatically loaded when powershell starts. What’s netcat anyway ? netcat often abbreviated to nc is a computer...
wget Target IP Address Information Acquisition Vulnerability
wget is a free tool to automatically download files from the network, supporting downloads via the three most common TCP/IP protocols: HTTP, HTTPS, and FTP. A security vulnerability exists in wget, where a remote FTP server can reject a user's FTP PASV command, causing the target user's wget...
Ricoh DL FTP Server Buffer Overflow Vulnerability
Ricoh DL FTP Server is an FTP server from Ricoh Japan. A buffer overflow vulnerability exists in Ricoh DL FTP Server 1.1.0.6 and earlier versions. The vulnerability can be exploited by a remote attacker to execute arbitrary code via a long USER command...
Samsung SyncThruWeb SMB Hash Disclosure
Exploit Title: Samsung SyncThruWeb SMB Hash Disclosure Date: 8/28/15 Exploit Author: Shad Malloy Contact: http://twitter.com/SecureNM Website: https://securenetworkmanagement.com Vendor Homepage: http://www.samsung.com Software Link:...
Samsung SyncThruWeb 2.01.00.26 - SMB Hash Disclosure Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Samsung SyncThruWeb SMB Hash Disclosure Date: 8/28/15 Exploit Author: Shad Malloy Contact: http://twitter.com/SecureNM Website: https://securenetworkmanagement.com Vendor Homepage: http://www.samsung.com Software Link:...
Samsung SyncThruWeb 2.01.00.26 - SMB Hash Disclosure
Samsung SyncThruWeb 2.01.00.26 - SMB Hash Disclosure Exploit Title: Samsung SyncThruWeb SMB Hash Disclosure Date: 8/28/15 Exploit Author: Shad Malloy Contact: http://twitter.com/SecureNM Website: https://securenetworkmanagement.com Vendor Homepage: http://www.samsung.com Software Link:...
Samsung SyncThruWeb 2.01.00.26 - SMB Hash Disclosure
Exploit Title: Samsung SyncThruWeb SMB Hash Disclosure Date: 8/28/15 Exploit Author: Shad Malloy Contact: http://twitter.com/SecureNM Website: https://securenetworkmanagement.com Vendor Homepage: http://www.samsung.com Software Link:...
Cisco TelePresence Video Communication Server Expresswa Access Restriction Bypass Vulnerability
Cisco TelePresence Video Communication Server Expressway is a telepresence video communication server that integrates with unified communications and voice communications environments to provide the best possible experience for end users using a variety of communications tools. A security...
Accellion File Transfer Appliance (FTA) Detection (HTTP)
HTTP based detection of a Accellion File Transfer Appliance FTA SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Accellion Secure File Transfer Appliance Detection
Binary data accellionfiletransferappliancedetect.nbin...
Accellion Secure File Transfer Appliance 'statecode' Cookie Remote File Disclosure
The remote Accellion Secure File Transfer Appliance is affected by an arbitrary file disclosure vulnerability due to improper sanitization of user-supplied input to the 'statecode' cookie used by the template function in function.inc. A remote, unauthenticated attacker can exploit this...
Accellion Secure File Transfer Appliance 'oauth_token' Parameter Remote Command Execution
The remote Accellion Secure File Transfer Appliance is affected by a remote command execution vulnerability due to improper sanitization of user-supplied in put to the 'oauthtoken' parameter in the getoauthcustomername and verifyoauthtoken functions. The parameter is passed to a system command...
Accellion FTA getStatus command injection
Added: 07/16/2015 CVE: CVE-2015-2857 Background The Accellion File Transfer Appliance is a solution for secure file sharing. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands contained in the oauthtoken parameter to the getStatus action. Resolution...
Accellion FTA getStatus command injection
Added: 07/16/2015 CVE: CVE-2015-2857 Background The Accellion File Transfer Appliance is a solution for secure file sharing. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands contained in the oauthtoken parameter to the getStatus action. Resolution...
Accellion FTA getStatus command injection
Added: 07/16/2015 CVE: CVE-2015-2857 Background The Accellion File Transfer Appliance is a solution for secure file sharing. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands contained in the oauthtoken parameter to the getStatus action. Resolution...
Accellion FTA getStatus command injection
Added: 07/16/2015 CVE: CVE-2015-2857 Background The Accellion File Transfer Appliance is a solution for secure file sharing. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands contained in the oauthtoken parameter to the getStatus action. Resolution...
Accellion File Transfer appliance getStatus verify_oauth_token Command Execution Exploit
This Metasploit module exploits a metacharacter shell injection vulnerability in the Accellion File Transfer appliance. This vulnerability is triggered when a user-provided 'oauthtoken' is passed into a system call within a modperl handler. This Metasploit module exploits the '/tws/getStatus'...