Attachmate Reflection Secure FTP Client rftpcom.dll SaveSettings Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Attachmate Reflection Secure FTP Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Attachmate Reflection Secure FTP Client rftpcom.dll Multiple Memory Corruption Remote Code Execution Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Attachmate Reflection Secure FTP Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Attachmate Reflection Pro FTP rftpcom15.dll GetSiteProperties3 Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Attachmate Reflection Pro FTP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

SNMP 'GETBULK' Reflection DDoS

The remote SNMP daemon is responding with a large amount of data to a 'GETBULK' request with a larger than normal value for 'max-repetitions'. A remote attacker can use this SNMP server to conduct a reflected distributed denial of service attack on an arbitrary remote host. TRUSTED...

PHPDug 2.0.0 - Cross Site Scripting Vulnerability

PHPDug 2.0.0 跨站脚本漏洞 存在漏洞文件： upcoming.php ----省略部分代码 $GET'id'和$GET'i'是一样的 ifisset$GET'id' $GET'i' = $GET'id'; elseifisset$GET'i' $GET'id' = $GET'i'; ----省略部分代码 $page = new HtmlTemplate "templates/" . $config'tplname' . "/catnoresults.html"; ----省略部分代码 $page-SetLoop 'PAGES',...

Attachmate Reflection FTP Client Heap Overflow

No description provided by source. Application: Attachmate Reflection FTP Client Heap Overflow Platforms: Windows Exploitation: Remote code execution CVE Number: PRL: 2011-09 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1...

Android Browser and WebView addJavascriptInterface - Code Execution

通过JavaScript，可以访问当前设备的SD卡上面的任何东西，甚至是联系人信息，短信等。 1，WebView添加了JavaScript对象，并且当前应用具有读写SDCard的权限，也就是：android.permission.WRITEEXTERNALSTORAGE 2，JS中可以遍历window对象，找到存在“getClass”方法的对象的对象，然后再通过反射的机制，得到Runtime对象，然后调用静态方法来执行一些命令，比如访问文件的命令. 3，再从执行命令后返回的输入流中得到字符串，就可以得到文件名的信息了。然后想干什么就干什么，好危险。核心JS代码如下： function...

Attachmate Reflection Standard Suite 2008 activex buffer overflow

No description provided by source. Exploit Title: Attachmate Reflection Standard Suite 2008 activex buffer overflow Date: Mar 11, 2010 found Author: Rad L. Sneak JB Software Link: http://www.attachmate.com/Evals/ruo2/eval-form.htm Version: 13.0 & 14.0 Tested on: WinXP SP3 & Win7 64bit CVE : None...

NTP ntpd monlist Query Reflection - Denial of Service

No description provided by source...

Attachmate Reflection Heartbeat Information Disclosure (Heartbleed)

The Attachmate Reflection install on the remote host is affected by an out-of-bounds read error known as the 'Heartbleed Bug' in the included OpenSSL version. This error is related to handling TLS heartbeat extensions that could allow an attacker to obtain sensitive information such as primary ke...

Attachmate Reflection X Heartbeat Information Disclosure (Heartbleed)

The Attachmate Reflection X install on the remote host is affected by an out-of-bounds read error, known as the 'Heartbleed Bug' in the included OpenSSL version. This error is related to handling TLS heartbeat extensions that could allow an attacker to obtain sensitive information such as primary...

PointDNS Recovers from Massive DDoS Attack

PointDNS says most of its DNS servers are online again after a massive DDoS attack late last week took down the service provider. A post on the company’s Twitter account on Friday said the provider was adding nameservers and working with network providers to restore service to its customers. Many...

Attachmate Reflection Secure IT Windows Client Information Disclosure (Heartbleed)

The Attachmate Reflection Secure IT Windows Client install on the remote host contains a component, Reflection FTP Client, which is affected by an out-of-bounds read error, known as the 'Heartbleed Bug' in the included OpenSSL version. This error is related to handling TLS heartbeat extensions th...

UltraDNS Dealing with DDoS Attack

UPDATE – UltraDNS said it has mitigated a distributed denial of service DDoS attack for most of its customers after the service was held down for most of the day. “Currently, only customers utilizing a segment of UltraDNS Name Server addresses are experiencing resolution latency due to intermitte...

NTP ntpd monlist Query Reflection - Denial of Service

Exploit for linux platform in category dos / poc / Exploit Title: CVE-2013-5211 PoC - NTP DDoS amplification Date: 28/04/2014 Code Author: Danilo PC - CVE : CVE-2013-5211 / / I coded this program to help other to understand how an DDoS attack amplified by NTP servers works CVE-2013-5211 I took of...

Alienvault 4.3.1 - SQL Injection / Cross-Site Scripting

AlienVault 4.3.1 Unauthenticated SQL Injection Vulnerability Type: SQL Injection Reporter: Sasha Zivojinovic Company: Gotham Digital Science Affected Software: AlienVault 4.3.1 Severity: Critical =========================================================== Summary...

Attachmate Reflection OpenSSL TLS心跳信息泄漏漏洞

CVE ID:CVE-2014-0160 Attachmate Reflection是一款优秀的Unix终端仿真软件。 Attachmate Reflection所绑定的OpenSSL存在安全漏洞，OpenSSL处理TLS”心跳“扩展存在一个边界错误，允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥，用户名密码等。 0 Attachmate Reflection 14.x 目前没有详细解决方案： http://www.attachmate.com/...

Millions of Vulnerable Routers aiding Massive DNS Amplification DDoS Attacks

The Distributed Denial of Service DDoS attack is becoming more sophisticated and complex with the increase in the skills of attackers and so, has become one of favorite weapon for the cyber criminals to temporarily suspend or crash the services of a host connected to the Internet and till now...

Researchers Divulge 30 Oracle Java Cloud Service Bugs

Upset with the vulnerability handling process at Oracle, researchers yesterday disclosed more than two dozen outstanding issues with the company’s Java Cloud Service platform. Researchers at Security Explorations published two reports, complete with proof of concept codes, explaining 30 different...

Design/Logic Flaw

The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application...