28 matches found
Authentication: Lessons Learned from Microsoft Exchange and F5 BIG-IP Hacks
The past month has been a very dynamic time in the world of security for hackers and threat researchers, but it has been an extended nightmare for CSOs responsible for securing their enterprise networks. For starters, on-premise Microsoft Exchange servers were attacked in droves after a set of...
GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting
Exploit Title: GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting Author: Cakes Discovery Date: 2019-09-19 Vendor Homepage: https://goautodial.org/ Software Link: https://downloads2.goautodial.org/centos/7/isos/x8664/GOautodial-4-x8664-Pre-Release-20180929-0618.iso Tested Version: 4.0...
eTouch Samepage 4.4.0.0.239 SQL Injection / File Read Vulnerabilities
Exploit for php platform in category web applications Couldn’t find anyone to contact regarding this, so dropping it. eTouch SamePage v4.4.0.0.239 multiple vulnerabilities http://www.etouch.net/products/samepage/index.html Enterprise trial was installed in an Ubuntu virtual machine with MySQL. By...
Blue Coat Reporter 7.0/7.1 - Remote Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13723/info Blue Coat Reporter is prone to a remote privilege escalation vulnerability. This issue is due to a failure in the application to properly authenticate a user prior to permitting access to administrator function...
Symantec Altiris DS SQL Injection Vulnerability
Usage Info This module exploits a SQL injection flaw in Symantec Altiris Deployment Solution 6.8 to 6.9.164. The vulnerability exists on axengine.exe which fails to adequately sanitize numeric input fields in "UpdateComputer" notification Requests. In order to spawn a shell, several SQL injection...
Symantec Altiris DS SQL Injection
This module exploits a SQL injection flaw in Symantec Altiris Deployment Solution 6.8 to 6.9.164. The vulnerability exists on axengine.exe which fails to adequately sanitize numeric input fields in "UpdateComputer" notification Requests. In order to spawn a shell, several SQL injections are...
CVE-2008-2347
MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php...
windows.weak.passwds.txt
Secure Storage of Secrets in Windows Aleph One [email protected] Mon, 17 May 1999 14:57:31 -0700 Not long ago we discussed why you still see messages that describe yet another application that stores passwords in an insecure manner, in particular under Windows. The bottom line was that there...