WoltLab Burning Board 4.0 Tapatalk Open Redirect

The Tapatalk Plugin com.tapatalk.wbb4 for WoltLab Burning Board 4.0 prior to version 1.1.2 allowed to redirect users to arbitrary URLs. This was possible by specifying the target URL in the URL parameter boardurl in URLs like the following:...

JBoss JMX Console DeploymentFileRepository WAR Upload and Deployment

This module uses the DeploymentFileRepository class in the JBoss Application Server to deploy a JSP file which then deploys an arbitrary WAR file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

IBM Endpoint Manager For Mobile Devices Code Execution Vulnerability

During a penetration test, RedTeam Pentesting discovered that several IBM Endpoint Manager Components are based on Ruby on Rails and use static secrettoken values. With these values, attackers can create valid session cookies containing marshalled objects of their choosing. This can be leveraged ...

TYPO3 Extension ke DomPDF - Remote Code Execution

Advisory: Remote Code Execution in TYPO3 Extension kedompdf During a penetration test RedTeam Pentesting discovered a remote code execution vulnerability in the TYPO3 extension kedompdf, which allows attackers to execute arbitrary PHP commands in the context of the webserver. Details =======...

[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components

Advisory: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components During a penetration test, RedTeam Pentesting discovered that several IBM Endpoint Manager Components are based on Ruby on Rails and use static secrettoken values. With these values,...

IBM Endpoint Manager For Mobile Devices Code Execution

Advisory: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components During a penetration test, RedTeam Pentesting discovered that several IBM Endpoint Manager Components are based on Ruby on Rails and use static secrettoken values. With these values,...

TYPO3 Extension ke_questionnaire 2.5.2 Information Disclosure

Advisory: Information Disclosure in TYPO3 Extension kequestionnaire The TYPO3 extension kequestionnaire stores answered questionnaires in a publicly reachable directory on the webserver with filenames that are easily guessable. Details ======= Product: kequestionnaire Affected Versions: 2.5.2...

TYPO3 Extension ke_dompdf 0.0.3 Remote Code Execution

Advisory: Remote Code Execution in TYPO3 Extension kedompdf During a penetration test RedTeam Pentesting discovered a remote code execution vulnerability in the TYPO3 extension kedompdf, which allows attackers to execute arbitrary PHP commands in the context of the webserver. Details =======...

[RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf

Advisory: Remote Code Execution in TYPO3 Extension kedompdf During a penetration test RedTeam Pentesting discovered a remote code execution vulnerability in the TYPO3 extension kedompdf, which allows attackers to execute arbitrary PHP commands in the context of the webserver. Details =======...

Parrot Security OS - Friendly OS designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography

Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network. Who can use it Parrot is designed for everyone, from the Pro...

Open-Xchange 7.6.0 XSS / SSRF / Traversal Vulnerabilities

Open-Xchange versions 7.6.0 and below suffer from absolute path traversal, server-side request forgery, XXE injection, and cross site scripting vulnerabilities. Product: OX App Suite Vendor: Open-Xchange GmbH Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.6.0 and earlier...

Open-Xchange Security Advisory 2014-09-15

Product: OX App Suite Vendor: Open-Xchange GmbH Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.6.0 and earlier Vulnerable component: frontend Fixed version: 7.4.2-rev33, 7.6.0-rev16 Report confidence: Confirmed Solution status: Fixed by Vendor Vendor notification: 2014-07-1...

[RT-SA-2013-003] Endeca Latitude Cross-Site Scripting

Advisory: Endeca Latitude Cross-Site Scripting RedTeam Pentesting discovered a Cross-Site Scripting XSS vulnerability in Endeca Latitude. By exploiting this vulnerability an attacker is able to execute arbitrary JavaScript code in the context of other Endeca Latitude users. Details ======= Produc...

Yahoo Quickly Fixes SQL Injection Vulnerability Escalated to Remote Code Execution

Yahoo! was recently impacted by a critical web application vulnerabilities which left website's database and server vulnerable to hackers. A cyber security expert and penetration tester, Ebrahim Hegazy a.k.a Zigoo from Egypt, has found a serious SQL injection vulnerability in Yahoo's website that...

Lynis 1.6.1 - Version which includes a non-privileged scan (--pentest)

Lynis is a security auditing tool for the Linux, Unix and Mac platform. Being open source and free to use, it is an accessible and great solution to perform security scans. Within just a matter of minutes, it displays the weaknesses in your defenses, and tips for improving them. While Lynis was...

Web-Fu - Chrome extension for pentesting web applications

Chrome extension for pentesting web applications. Web-fu Is a web hacking tool focused on discovering and exploiting web vulnerabilitites. Is a Browser embedded webhacking tool. Some tools, doesn't support certifiacte auhtentication or web vpn accesses. If the browser can authenticate on the...

JBoss JMX Console Beanshell Deployer WAR upload and deployment

No description provided by source. $Id: jbossbshdeployer.rb 11533 2011-01-10 14:34:24Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

vBulletin vBShout Mod - Stored XSS Vulnerability

No description provided by source. Exploit Title: vBShout vBulletin - Stored XSS Vulnerability Google Dork: intext:vBShout Date: 10.07.2013 Exploit Author: 0iZy5 Vendor Homepage: www.backtrack-linux.ro Software Link: http://www.dragonbyte-tech.com/vbecommerce.php?do=product&productid=2 Version:...

vBulletin Advanced User Tagging Mod - Stored XSS Vulnerability

No description provided by source. Exploit Title: Advanced User Tagging vBulletin - Stored XSS Vulnerability Google Dork: intext:usertagpro Date: 10.07.2013 Exploit Author: 0iZy5 Vendor Homepage: www.backtrack-linux.ro Software Link:...

TLS Renegotiation Vulnerability PoC

No description provided by source. !/usr/bin/env python RedTeam Pentesting GmbH [email protected] http://www.redteam-pentesting.de PoC exploit for the TLS renegotiation vulnerability CVE-2009-3555 License ------- CC-BY-SA http://creativecommons.org/licenses/by-sa/3.0/ Timeline -------...