PT-2014-6182 · Bmc · Bmc Track-It!

Name of the Vulnerable Software and Affected Versions: BMC Track-It! version 11.3.0.355 Description: The issue allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information without requiring authentication on TCP port 9010...

BMC Track-It! - Multiple Vulnerabilities

BMC Track-it! suffers from code execution, arbitrary file download, and remote SQL injection vulnerabilities. Multiple critical vulnerabilities in BMC Track-It! Discovered by Pedro Ribeiro email protected, Agile Information Security...

BMC Track-It! - Multiple Vulnerabilities

Multiple critical vulnerabilities in BMC Track-It! Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= The application exposes several .NET remoting services on port 9010. .NET remoting is a RMI...

BMC Track-it! Remote Code Execution / SQL Injection

Hi, tl;dr - I am releasing two 0 day exploits for BMC Track-It!. One is a RCE and the other gets you the domain admin and SQL database creds. Other minor vulns are also disclosed. Details below. CERT handled the disclosure for these vulnerabilities see CERT VU121036 and according to them BMC didn...

BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure

This module exploits an unauthenticated configuration retrieval .NET remoting service in Numara / BMC Track-It! v9 to v11.X, which can be abused to retrieve the Domain Administrator and the SQL server user credentials. This module has been tested successfully on versions 11.3.0.355, 10.0.51.135,...

Numara / BMC Track-It! FileStorageService Arbitrary File Upload

This module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It! v8 to v11.X. The application exposes the FileStorageService .NET remoting service on port 9010 9004 for version 8 which accepts unauthenticated uploads. This can be abused by a malicious user to upload a ASP or...

CVE-2014-3518

jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform JEAP 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to...

Design/Logic Flaw

jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform JEAP 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to...

CVE-2014-3518

The CVE-2014-3518 vulnerability affects jmx-remoting.sar in JBoss Remoting, used by Red Hat JBoss EAP 5.2.x and related Red Hat platforms (JEAP 5.2.0, BRMS 5.3.1, Portal Platform 5.2.2, SOA Platform 5.3.1). The root cause is incomplete implementation of the JSR 160 JMX remoting specification, all...

CVE-2014-3518

jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform JEAP 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to...

Microsoft .NET Framework TypeFilterLevel Code Execution (MS14-026; CVE-2014-1806)

A code execution vulnerability exists in Microsoft .NET Framework. The vulnerability is due to the way the .NET framework handles TypeFilterLevel checks for some malformed objects. A remote attacker could exploit this vulnerability by sending specially crafted data to the target server that uses...

Important: Red Hat Security Advisory: JBoss Remoting security update

This advisory contains instructions on how to resolve one security issue found in the JBoss Remoting component, which is included in Red Hat JBoss Enterprise Application Platform 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1. The Red Ha...

5: Remote code execution via unauthenticated JMX/RMI connector

JBoss Application Server 5 and supported Red Hat JBoss 5.x products contain JBoss Remoting, which includes a partial implementation of the JMX remoting specification JSR 160. This implementation is provided in jmx-remoting.sar, which is deployed by default in unsupported community releases of JBo...

Antak WebShell - A webshell which utilizes PowerShell

Antak is a webshell written in C.Net which utilizes powershell. Antak is a part of Nishang and updates could be found here: https://github.com/samratashok/nishang Use this shell as a normal powershell console. Each command is executed in a new process, keep this in mind while using commands like...

Design/Logic Flaw

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."...

CVE-2014-1806

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."...

CVE-2014-1806

CVE-2014-1806 affects the .NET Framework’s TypeFilterLevel handling in .NET Remoting, enabling remote execution of arbitrary code via malformed objects. Affected are .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1. Public exploits exist (e.g., ExploitRemotingService and EDB-35280) ...

MS14-026: Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732)

The remote Windows host has a version of the Microsoft .NET Framework that is affected by a privilege escalation vulnerability due to the way that .NET Framework handles TypeFilterLevel checks for some malformed objects. Note that this vulnerability only affects applications that use .NET Remotin...

MS14-026: Vulnerability in the .NET Framework could allow elevation of privilege: May 13, 2014

Resolves a vulnerability in the Microsoft .NET Framework that could allow elevation of privilege if an unauthenticated attacker sends specially crafted data to an affected workstation or server that has the .NET Framework Remoting feature enabled.View products that this article applies...

Seam: XSS flaw in remoting

Multiple cross-site scripting XSS vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a 1 parameter or 2 id name...