SmoothWall 3.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: SmoothWall 3.1 Multiple vulnerabilities Date: 21/12/2014 Author: Yann CAM @ Synetis Vendor or Software Link: www.smoothwall.org - www.smoothwall.org/download/ Version: 3.1 Category: CSRF password reset & XSS persistent Google dork: Tested on: Smoothwall Linux distribution Smoothwal...

IPFire 2.15 Bash Command Injection

!/usr/bin/env python Exploit Title : IPFire = 2.15 core 82 Authenticated cgi Remote Command Injection ShellShock Exploit Author : Claudio Viviani Vendor Homepage : http://www.ipfire.org Software Link: http://downloads.ipfire.org/releases/ipfire-2.x/2.15-core82/ipfire-2.15.i586-full-core82.iso Dat...

DotDefender <= 3.8-5 No Authentication Remote Code Execution Through XSS

No description provided by source. / DotDefender = 3.8-5 No Authentication Remote Code Execution Through XSS Tested on DotDefender 3.8-5 On Ubuntu Server 9.10 64-bit with Firefox 3.6.3 Paul Hand aka rAWjAW AT offsec.com Original Post-Authentication Remote Command Execution Vulnerability:...

SAP SOAP RFC SXPG_CALL_SYSTEM Remote Command Execution

This module abuses the SAP NetWeaver SXPGCALLSYSTEM function, on the SAP SOAP RFC Service, to execute remote commands. This module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64-bit and Linux 64-bit...

SAP SOAP RFC RZL_READ_DIR_LOCAL Directory Contents Listing

This module exploits the SAP NetWeaver RZLREADDIRLOCAL function, on the SAP SOAP RFC Service, to enumerate directory contents. It returns only the first 32 characters of the filename since they are truncated. The module can also be used to capture SMB hashes by using a fake SMB share as DIR. This...

Samba SWAT 3.0.2 - 3.0.4 HTTP Basic Auth base64 Buffer Overflow

According to its banner, the version of Samba running on the remote host is between 3.0.2 and 3.0.4, inclusive. An error exists in the base64 decoding functions, which can result in a buffer overflow. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

HTTP Brute Force Logins With Default Credentials

A number of known default credentials are tried for the login via HTTP Basic Auth. As this VT might run into a timeout the actual reporting of this vulnerability takes place in the VT SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, an...

Basic auth authentication does not allow files to be attached in 4.2

From the customer support case quote When using osauthType=basic to login to JIRA 4.2 a user is able to upload an attachment as a temporary file, but is unable to attach the temporary file to the issue. We noticed the exact same behavior ... had worked with JIRA 4.1.2. quote The Atlassian support...

Basic auth authentication does not allow files to be attached in 4.2

From the customer support case quote When using osauthType=basic to login to JIRA 4.2 a user is able to upload an attachment as a temporary file, but is unable to attach the temporary file to the issue. We noticed the exact same behavior ... had worked with JIRA 4.1.2. quote The Atlassian support...

dotDefender 3.8-5 - Remote Code Execution (via Cross-Site Scripting)

/ DotDefender = 3.8-5 No Authentication Remote Code Execution Through XSS Tested on DotDefender 3.8-5 On Ubuntu Server 9.10 64-bit with Firefox 3.6.3 Paul Hand aka rAWjAW AT offsec.com Original Post-Authentication Remote Command Execution Vulnerability: http://www.exploit-db.com/exploits/10261...

dotDefender 3.8-5 - Remote Code Execution (via Cross-Site Scripting)

dotDefender 3.8-5 - Remote Code Execution via Cross-Site Scripting / DotDefender = 3.8-5 No Authentication Remote Code Execution Through XSS Tested on DotDefender 3.8-5 On Ubuntu Server 9.10 64-bit with Firefox 3.6.3 Paul Hand aka rAWjAW AT offsec.com Original Post-Authentication Remote Command...

Google Chrome < 4.1.249.1036 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is prior to 4.1.249.1036. It is, therefore, affected by multiple vulnerabilities : - Multiple race conditions and pointer errors in the sandbox infrastructure. Issue 28804, 31880 - An error relating to persisted metadata such as Web...

Remote Command Execution in dotDefender Site Management

Problem Description =================== A remote command execution vulnerability exists in the dotDefender 3.8-5 Site Management. dotDefender 1 is a web appliaction firewall WAF which 'prevents hackers from attacking your website.' Technical Details ================= The Site Management applicati...

Cisco WLC 4200 Basic Auth Denial Of Service

require 'msf/core' class Metasploit3 'Cisco WLC 4200 Basic Auth Denial of Service', 'Description' = %q This module triggers a Denial of Service condition in the Cisco WLC 4200 HTTP server. By sending a GET request with long authentication data, the device becomes unresponsive and reboots. Firmwar...

Microsoft IIS 5.1 - Hit Highlighting Authentication Bypass

Microsoft IIS 5.1 - Hit Highlighting Authentication Bypass !/bin/sh NTLM && BASIC AUTH BYPASS : sha0atbadchecksum.net Based on my adv: https://www.securityfocus.com/bid/24105/info CVE-2007-2815 if $ != 2 then printf "USAGE:\t\t$0 \nExample:\t$0 http://www.microsoft.com /en/us/default.aspx\n\n";...

Microsoft IIS <= 5.1 Hit Highlighting Authentication Bypass Exploit

Exploit for unknown platform in category remote exploits =================================================================== Microsoft IIS \nExample:\t$0 http://www.microsoft.com /en/us/default.aspx\n\n"; exit 0 fi site=$1 protectedObject=$2...

Microsoft IIS 5.1 - Hit Highlighting Authentication Bypass

!/bin/sh NTLM && BASIC AUTH BYPASS : sha0atbadchecksum.net Based on my adv: https://www.securityfocus.com/bid/24105/info CVE-2007-2815 if $ != 2 then printf "USAGE:\t\t$0 \nExample:\t$0 http://www.microsoft.com /en/us/default.aspx\n\n"; exit 0 fi site=$1 protectedObject=$2...

Novell NetMail HTTP基本认证超长用户名远程缓冲区溢出漏洞

Novell NetMail是基于Internet标准消息和安全协议的邮件和日历系统。 Novell NetMail中默认绑定在TCP/89端口上的webadmin.exe进程处理用户认证请求存在栈溢出漏洞，远程攻击者可能利用此漏洞控制服务器s。 由于不安全的sprintf调用，如果在HTTP基本认证阶段发送了超过213字节的超长用户名，就会触发这个缓冲区溢出，导致执行任意指令。 Novell NetMail 3.52 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Samba SWAT HTTP Basic Auth base64 Overflow

The remote host is running SWAT - a web-based administration tool for Samba. There is a buffer overflow condition in the remote version of this software which might allow an attacker to execute arbitrary code on the remote host by sending a malformed authorization request or any malformed base64...

PT-2004-1606 · Apache · Apache Mod Ssl +1

Name of the Vulnerable Software and Affected Versions: Apache mod ssl affected versions not specified Description: The issue is related to a stack-based buffer overflow in the ssl util uuencode binary function. This occurs when mod ssl is configured to trust the issuing CA and a client certificat...