Lucene search
K

60 matches found

Hacker One
Hacker One
added 2020/07/08 6:38 p.m.28 views

Basecamp: HTTP request smuggling on Basecamp 2 allows web cache poisoning

It is found that an authenticated Basecamp 2 user can desync front and backend servers and poison the socket with harmful response for the next visitor. During redirect probe, It also appears that front-end infrastructure performs caching of content. Using HTTP request smuggling attack, It is...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2020/04/14 11:22 p.m.61 views

Basecamp: CSRF on launchpad.37signals.com OAuth2 authorization endpoint

Hi, I found a CSRF in the OAuth2 authorization endpoint on launchpad.37signals.com. That allows a malicious 3rd party application to gain full API access to victim's account in 37signals products that uses OAuth2 authorization. I found that when making a post request to authorization endpoint it...

1AI score
Exploits0
Hacker One
Hacker One
added 2018/08/31 6:58 p.m.21 views

Basecamp: Attachments may be hijacked via AppCache+CookieBombing trick (bc3_production_blobs bucket)

Basecamp attachments are stored in the bc3productionblobs bucket in the root directory and can be served with text/html content-type...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2018/06/13 7:27 a.m.48 views

Basecamp: Remote code execution on Basecamp.com

A critical flaw in Basecamp's profile image upload function leads to remote command execution. Images are converted on the server side, but not only image files but also PostScript/EPS files are accepted if renamed to .gif. This is probably due to ImageMagick / GraphicsMagick being used for image...

6.8CVSS2.2AI score0.96968EPSS
Exploits7
ThreatPost
ThreatPost
added 2015/07/31 11:26 a.m.10 views

FBI Warns of Increase in DDoS Extortion Scams

Online scammers constantly are looking for new ways to reach into the pockets of potential victims, and the FBI says it is seeing an increase in the number of companies being targeted by scammers threatening to launch DDoS attacks if they don’t pay a ransom. The scam is a variation on a theme, th...

0.7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/09/17 12:0 a.m.10 views

BASECAMP Cloud Service Detection

Binary data 8429.prm...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Collabtive 0.65 - Multiple Vulnerabilities

No description provided by source. ANATOLIA SECURITY ADVISORY ------------------------------------ ADVISORY INFO + Title: Collabtive Multiple Vulnerabilities + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt + Advisory ID: 2010-003 + Version: 0.65 + Date: 12/10/2010 + Impact...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2014/03/25 2:52 p.m.5 views

Basecamp Back Online After DDoS, Extortion

The project management console Basecamp is back online and its developers are in the process of restoring customers’ network access Tuesday after the service was taken down by a distributed denial-of-service DDoS attack Monday. The attack started at 8:46 a.m. CST yesterday and flooded the site wi...

0.1AI score
Exploits0References3
Metasploit
Metasploit
added 2012/04/05 5:35 p.m.42 views

Schneider Modicon Ladder Logic Upload/Download

The Schneider Modicon with Unity series of PLCs use Modbus function code 90 0x5a to send and receive ladder logic. The protocol is unauthenticated, and allows a rogue host to retrieve the existing logic and to upload new logic. Two modes are supported: "SEND" and "RECV," which behave as one might...

7.2AI score
Exploits0
Metasploit
Metasploit
added 2012/04/05 5:35 p.m.139 views

Koyo DirectLogic PLC Password Brute Force Utility

This module attempts to authenticate to a locked Koyo DirectLogic PLC. The PLC uses a restrictive passcode, which can be A0000000 through A9999999. The "A" prefix can also be changed by the administrator to any other character, which can be set through the PREFIX option of this module. This modul...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2012/04/05 5:30 p.m.8 views

Project Basecamp Adds Stuxnet-type Attack Module to Metasploit

UPDATE: Project Basecamp, a volunteer effort to expose security holes in industrial control system software, unveiled new modules on Thursday to exploit holes in common programmable logic controllers PLCs. The new exploits, which are being submitted to the Metasploit open platform, include one th...

0.2AI score
Exploits0References7
ThreatPost
ThreatPost
added 2012/02/14 7:49 p.m.12 views

Bloody Valentine For Critical Infrastructure: EtherNet/IP Exploit Could Crash Devices

Security researchers made good on a promise to release new exploits for programmable logic controllers PLCs. The exploits include one targeting a flaw in the implementation of the EtherNet/IP Industrial Protocol used in many IP-enabled PLCs. The security hole, if left unaddressed, could enable a...

7.9AI score
Exploits0References7
ThreatPost
ThreatPost
added 2012/01/20 5:20 p.m.14 views

More from Basecamp

The Project Basecamp presentation received a rousing response from the audience, many of whom are industrial control security experts who have long warned, quietly, about the woeful state of software security in the industry. But not everyone was enthused. Kevin Hemsley of ICS-CERT questioned...

1.7AI score
Exploits0
ThreatPost
ThreatPost
added 2012/01/20 5:19 p.m.15 views

Ladder logic

The devices tested by the Basecamp Project included the D20 PLC by GE, The Modicon Quantum by Schneider Electric, Rockwell and Koyo Electronics. Each device was tested using a number of additional attack vectors. Researchers attempted to upload custom firmware or so-called “ladder logic” for the...

1.2AI score
Exploits0
ThreatPost
ThreatPost
added 2012/01/20 5:19 p.m.8 views

(Not) making the grade

The researchers working on Project Basecamp found significant security issues with programmable logic controller PLC they tested. Some PLCs were too brittle and insecure to even tolerate security scans and probing. The D20 ME PLC by General Electric – a widely deployed industrial system – fared t...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2012/01/20 5:19 p.m.12 views

Security audits

A presentation on Project Basecamp was a highlight of the conference. The talk presented the findings of a volunteer-led security audit of leading programmable logic controllers PLCs. The audit found that decrepit hardware, buggy software and pitiful or nonexistent security features make thousand...

0.4AI score
Exploits0References1
ThreatPost
ThreatPost
added 2012/01/20 2:37 p.m.10 views

UPDATE: Looking For a 'FireSheep' Moment, Researchers Lay Bare Woeful SCADA Security

Miami, Florida – A no-holds barred presentation at the S4 Conference laid bare the woeful state of security for many industrial control systems that power the world’s critical infrastructure. Organizers have also cooperated with security scanning firms Rapid7 and Tenable to release modules for th...

8.7AI score
Exploits0References5
0day.today
0day.today
added 2010/11/02 12:0 a.m.19 views

Collabtive SQL Injection Vulnerability

Exploit for php platform in category web applications ====================================== Collabtive SQL Injection Vulnerability ====================================== ADVISORY INFO + Title: Collabtive SQL Injection Vulnerability + Advisory URL:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/11/01 12:0 a.m.38 views

Collabtive 0.65 - SQL Injection

ANATOLIA SECURITY ADVISORY --------------------------- ADVISORY INFO + Title: Collabtive SQL Injection Vulnerability + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-004.txt + Advisory ID: 2010-004 + Version: 0.65 + Date: 12/10/2010 + Impact: Improper Neutralization of Special...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2010/11/01 12:0 a.m.22 views

Collabtive 0.65 - SQL Injection

Collabtive 0.65 - SQL Injection ANATOLIA SECURITY ADVISORY --------------------------- ADVISORY INFO + Title: Collabtive SQL Injection Vulnerability + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-004.txt + Advisory ID: 2010-004 + Version: 0.65 + Date: 12/10/2010 + Impact: Imprope...

0.1AI score
Exploits0
Rows per page
Query Builder