78 matches found
D-Link DIR-Series Routers - '/model/__show_info.php' Local File Disclosure
source: https://www.securityfocus.com/bid/64043/info Multiple D-Link DIR series routers are prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information...
Linux Gather PPTP VPN chap-secrets Credentials
This module collects PPTP VPN information such as client, server, password, and IP from your target server's chap-secrets file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux Gather PPTP...
MySQL Squid Access Report 2.1.4 - HTML Injection
MySQL Squid Access Report 2.1.4 - HTML Injection Exploit Title: MySQL Squid Access Report 2.1.4 / HTML Injection Date: 23/07/2012 Author: Daniel Godoy Author Mail:DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software web: http://sourceforge.net/projects/mysar/ Test...
MySQL Squid Access Report 2.1.4 HTML Injection
Exploit Title: MySQL Squid Access Report 2.1.4 / HTML Injection Date: 23/07/2012 Author: Daniel Godoy Author Mail:DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software web: http://sourceforge.net/projects/mysar/ Tested on: Linux Dork: MySQL Squid Access Report 2.1....
MySQL Squid Access Report 2.1.4 - HTML Injection
Exploit Title: MySQL Squid Access Report 2.1.4 / HTML Injection Date: 23/07/2012 Author: Daniel Godoy Author Mail:DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software web: http://sourceforge.net/projects/mysar/ Tested on: Linux Dork: MySQL Squid Access Report 2.1....
Webify Link Directory / SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Webify Link Directory / SQL Injection Date: 04/07/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Sofware web: http://webify.ws/index.php?page=getapp&id=10 Test...
Webify Link Directory - SQL Injection
Webify Link Directory - SQL Injection Exploit Title: Webify Link Directory / SQL Injection Date: 04/07/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Sofware web: http://webify.ws/index.php?page=getapp&id=10 Tested on: Linux Dor...
Webify Link Directory SQL Injection
Exploit Title: Webify Link Directory / SQL Injection Date: 04/07/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Sofware web: http://webify.ws/index.php?page=getapp&id=10 Tested on: Linux Dork: allinurl: index.php?page=browse&id=...
Sava’s Simple Upload Script / Delete Arbitrary File
Exploit for php platform in category web applications Exploit Title: Sava’s Simple Upload Script / Delete Arbitrary File Date: 03/07/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Sofware web:...
CLscript Classified Script 3.0 SQL Injection
Exploit Title: CLscript - Classified Script 3.0 / SQL Injection Date: 03/07/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Sofware web: http://www.phpkode.com/scripts/item/clscript-classified-script/ Tested on: Linux Dork:...
Cisco CHAP Authentication Vulnerabilities - Cisco Systems
A serious security vulnerability bug ID CSCdi91594 exists in PPP CHAP authentication in all "classic" Cisco IOS software versions the software used on Cisco non-switch products with product numbers greater than or equal to 1000, on the AGS/AGS+/CGS/MGS, and on the CS-500, but not on Catalyst...
Authentication flaw
The 1 CHAP and 2 MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator PPPAC function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack...
Microsoft Windows IAS服务MS-CHAP请求绕过认证漏洞(MS09-071)
BUGTRAQ ID: 37198 CVE ID: CVE-2009-3677 Microsoft Windows是微软发布的非常流行的操作系统。 Windows的Internet认证服务中存在权限提升漏洞,发送了恶意MS-CHAP v2认证请求的攻击者可以以特定授权用户的权限获得对网络资源的访问。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP1 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft...
Authentication flaw
The Internet Authentication Service IAS in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol PEAP authentication request, which allows remote...
Memory corruption
The Internet Authentication Service IAS in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol PEAP authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed...
CVE-2009-2505
The Internet Authentication Service IAS in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol PEAP authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed...
CVE-2009-3677
CVE-2009-3677 describes an elevation-of-privilege bypass in the Internet Authentication Service (IAS) used by Microsoft Windows products. The issue arises because MS-CHAP v2 authentication requests sent over PEAP are not properly validated, allowing remote attackers to gain access to network reso...
CVE-2009-2505
CVE-2009-2505 is a remote code execution flaw in Internet Authentication Service (IAS) on Windows Vista SP2 and Windows Server 2008 SP2, caused by improper validation during MS-CHAP v2 over PEAP. The vulnerability stems from incorrect memory handling when processing PEAP authentication requests, ...
CVE-2009-2505
The Internet Authentication Service IAS in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol PEAP authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed...
CVE-2009-3677
The Internet Authentication Service IAS in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol PEAP authentication request, which allows remote...