Metasploit Weekly Wrap-Up

Fetch Based Payloads: Making the Path from Command Injection to Metasploit Session Shorter This week we’re releasing Metasploit fetch payloads. Fetch payloads are command-based payloads that leverage network-enabled applications on remote hosts and different protocol servers to serve, download, a...

Redis 安全漏洞

Redis Labs Redis is Redis Labs, Inc. is a set of open source written in ANSI C, network-enabled, memory-based can also be persistent log-type, key-value Key-Value storage database, and provides a variety of languages API. A security vulnerability exists in Redis. An attacker could exploit this...

Canon Medical Vitrea View Cross-Site Scripting Vulnerability

Canon Medical Vitrea View is a DICOM network-enabled enterprise viewing solution from Canon, Japan. A cross-site scripting vulnerability exists in Canon Medical Vitrea View, which is used to visually display DICOM and multimedia images. An attacker could use this vulnerability to execute arbitrar...

CVE-2022-27291

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. This vulnerability allows attackers to cause a Denial of Service DoS via the config.savenetworkenabled parameter...

D-Link DIR-619 缓冲区错误漏洞

D-Link DIR-619 is a series of routers from D-Link, a Chinese company. D-Link DIR-619 Ax v1.00 has a security vulnerability that can be exploited by attackers to cause a denial of service DoS via the config.savenetworkenabled parameter...

Protecting Unmanaged & IoT Devices: Why Traditional Security Tools Fail

We are currently experiencing the single largest explosion of network-enabled devices that we’ve ever witnessed. Many of these devices are running on the same networks as critical business solutions and may even be connecting directly to critical assets or delivering a critical capability...

Protecting Unmanaged & IoT Devices: Why Traditional Security Tools Fail

We are currently experiencing the single largest explosion of network-enabled devices that we’ve ever witnessed. Many of these devices are running on the same networks as critical business solutions and may even be connecting directly to critical assets or delivering a critical capability...

Command injection

The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and...

[SECURITY] Fedora 22 Update: jakarta-commons-httpclient-3.1-23.fc22

The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...

HP JetDirect PJL Interface Universal Path Traversal

No description provided by source. Exploit Title: HP JetDirect PJL Interface Universal Path Traversal Date: Aug 7, 2011 Author: Myo Soe YGN Ethical Hacker Group - http://yehg.net/ Software Link: http://www.hp.com Version: All Tested on: HP LaserJet Pxxxx Series $Id: $ This file is part of the...

Printer Job Language Abuse Tool

!/usr/bin/python2 """ printit.py - sends postscript files to printers. Never pay extortionate prices for printing again! Author: Darren "infodox" Martyn Twitter: @infodox Licence: WTFPL - wtfpl.net Bitcoins: 1PapWy5tKx7xPpX2Zg8Rbmevbk5K4ke1ku Version: 20140109.1 Changes: Added ReadyMessage...

Fedora Update for jakarta-commons-httpclient FEDORA-2013-1289

Check for the Version of jakarta-commons-httpclient OpenVAS Vulnerability Test Fedora Update for jakarta-commons-httpclient FEDORA-2013-1289 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

[SECURITY] Fedora 18 Update: jakarta-commons-httpclient-3.1-12.fc18

The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...

Cisco VoIP Phone Hacked, Turned into Listening Device

Network-enabled devices such as routers and printers are notoriously insecure and fully exploitable gateways leading attackers toward network resources. A researcher and PhD student at Columbia University recently added VoIP phones to the list of pressing concerns. Ang Cui demonstrated an attack...

Hacker going to demonstrate open source tool to crack Hashes with speed of 154 Billion/sec

Bitweasil lead developer going to Demonstrate an open source Tool called "Cryptohaze" at DEF CON 20. The Cryptohaze Multiforcer supports CUDA, OpenCL, and CPU code SSE, AVX, etc. All of this is aimed at either the pentester who can't spray hashes to the internet, or the hacker who would rather no...

HP JetDirect PJL Interface Universal Path Traversal

Exploit Title: HP JetDirect PJL Interface Universal Path Traversal Date: Aug 7, 2011 Author: Myo Soe Software Link: http://www.hp.com Version: All Tested on: HP LaserJet Pxxxx Series $Id: $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial...

HP JetDirect PJL - Interface Universal Directory Traversal (Metasploit)

Exploit Title: HP JetDirect PJL Interface Universal Path Traversal Date: Aug 7, 2011 Author: Myo Soe Software Link: http://www.hp.com Version: All Tested on: HP LaserJet Pxxxx Series $Id: $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial...

beagle insecure command line construction

CESA-2006-002 - rev 1 See all my vulnerabilities at http://scary.beasts.org/security beagle insecure command line construction Programs affected: beagle-0.2.4 and older. Severity: Command line argument injection to helper applications. Fixed: beagle-0.2.5 CVE identifiers: CVE-2006-1865 beagle is ...