55 matches found
Vulnerability found in Apple's iOS can hide malicious code inside apps
A Georgia Tech researcher has found a weakness in Apple's iOS mobile platform that could let hackers to hide malicious code inside apps and can be surreptitiously planted on the Apple App Store. Researchers team created a proof-of-concept attack that was published in the Apple App Store and used ...
Vulnerability found in Apple's iOS can hide malicious code inside apps
A Georgia Tech researcher has found a weakness in Apple’s iOS mobile platform that could let hackers to hide malicious code inside apps and can be surreptitiously planted on the Apple App Store. Researchers team created a proof-of-concept attack that was published in the Apple App Store and used ...
Telnet-Ftp Service Server 1.0 Directory Traversal
Exploit Title: Telnet-Ftp Service Server v1.0 Directory Traversal Vulnerability Date Published: 2013/6/18 Exploit Author: Chako Software Link: http://telnet-ftp-server.en.softonic.com/ Version: v1.0 Build 1.218 Tested on: Windows Xp SP3 English Description: ===================== A vulnerability h...
Android mobile internet tethering become undetectable by carriers
Android mobile internet tethering become undetectable by carriers When the idea that your smartphone's data connection would be able to be shared by your laptop with no additional charge, everyone seemed to be on board over the past year, carriers have started up extra costs for this and have...
Serv-U数据连接处理拒绝服务和会话令牌漏洞
BUGTRAQ ID: 50906 Serv-U是一种使用广泛的FTP服务器程序。 Serv-U在实现上存在安全漏洞,可被恶意用户利用造成拒绝服务并绕过某些安全限制。 1)在操作数据连接的监听套接字处理中存在错误,通过大量的FTP PASV命令,可耗尽可用的TCP端口,造成无法处理其他被动连接。 2)管理控制台会在管理员登录后生成较弱的会话令牌,这会允许枚举有效的令牌并通过FTP反弹攻击造成任意用户。成功利用此漏洞需要用户具有读写权限并让管理员打开控制台。 Serv-U 11.1.0.3 厂商补丁: RhinoSoft ---------...
Attachmate Reflection FTP Client Heap Overflow
Application: Attachmate Reflection FTP Client Heap Overflow Platforms: Windows Exploitation: Remote code execution CVE Number: PRL: 2011-09 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2 Timeline 3 Technical...
iOS myDBLite 1.1.10 - Directory Traversal
iOS myDBLite 1.1.10 - Directory Traversal Exploit Title : myDBLite v1.1.10 for iPhone / iPod touch, Directory Traversal Date: 02/24/2011 Author: R3d@l3rt, Sp@2K, Sp@2K, Sunlight, H@ckk3y Software Link: http://itunes.apple.com/kr/app/mydb-lite/id335521112?mt=8 Version: 1.1.10 Tested on: iPhone, iP...
AASync 2.2.1.0 (Windows x86) - Remote Stack Buffer Overflow 'LIST' (Metasploit)
$Id: aasynclistreply.rb 11039 2010-11-14 19:03:24Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
FTP Synchronizer Professional 4.0.73.274 - Remote Stack Buffer Overflow (Metasploit)
$Id: ftpsynchlistreply.rb 11039 2010-11-14 19:03:24Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
AASync v2.2.1.0 (Win32) Stack Buffer Overflow (LIST)
$Id: aasynclistreply.rb 10660 2010-10-12 18:39:21Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
JSCAPE Secure FTP Applet主机密钥验证绕过安全限制漏洞
BUGTRAQ ID: 29882 Secure FTP Applet是运行在WEB浏览器中的的FTP客户端组件。 Secure FTP Applet在处理数据连接时存在漏洞,在连接期间Applet没有正确地验证或显示主机密钥,这允许攻击者通过中间人攻击劫持会话,从而完全入侵FTP客户端。 JSCAPE Secure FTP Applet 4.8 JSCAPE ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.jscape.com/sftpapplet/index.html...
Network protocols security: View from client side
Security of Common Application Network Protocols: A Client's Perspective Having received an offer to write an article about the security of network protocols and their vulnerabilities, at first I wanted to refuse - it seems that everything that can be written on this topic has already been writte...
Security Best Practice: Protect Yourself from FTP Bounce Attacks
To conform with the FTP protocol, the PORT command has the originating machine specify an arbitrary destination machine and port for the data connection. However, this behavior also means that an attacker can open a connection to a specific port on a machine that may not be the originating client...
TYPSoft FTP Server DoS
Crash on FTP RETR command before data connection open...
File Transfer Protocol allows data connection hijacking via PASV mode race condition
Overview There is a vulnerability in the File Transfer Protocol FTP that allows an attacker to hijack FTP data connections when the client connects using passive mode PASV. Description In FTP PASV mode, the client makes a control connection to the FTP server typically port 21/tcp and requests a...