208 matches found
Command injection
The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a 1 sent or 2 draft folder via a PREAUTH response that prevents later use of the STARTTLS comman...
CVE-2014-2567
The vulnerability CVE-2014-2567 affects Trojita prior to 0.4.1. The issue is in OpenConnectionTask::handleStateHelper in Trojita’s IMAP code, where a PREAUTH response can be exploited by a man-in-the-middle to force saving a message into the sent or draft folder over plaintext, bypassing STARTTLS...
Dolibarr ERP/CMS 3.4.0 SQL Injection
Exploit Title: Dolibarr 3.4.0 SQLi Date: 10/7/2013 Exploit author: drone @dronesec More information: http://forelsec.blogspot.com/2013/10/dolibarr-340-multiple-vulnerabilities.html Vendor homepage: http://www.dolibarr.org/ Software link: Version: 3.4.0 Fixed in: 3.4.1 Tested on: Ubuntu 12.04...
Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection
Exploit Title: Dolibarr 3.4.0 SQLi Date: 10/7/2013 Exploit author: drone @dronesec More information: http://forelsec.blogspot.com/2013/10/dolibarr-340-multiple-vulnerabilities.html Vendor homepage: http://www.dolibarr.org/ Software link: Version: 3.4.0 Fixed in: 3.4.1 Tested on: Ubuntu 12.04...
aMSN 0.98.9 Web App - Multiple Vulnerabilities
Exploit for php platform in category web applications from argparse import ArgumentParser import urllib2 import string import random """ Preauth LFI and SQLi in the web app packaged with aMSN 0.98.9 """ def lfioptions: """ exploit the LFI """ addr =...
Mikrotik RouterOS 5.* and 6.* sshd remote preauth heap corruption
Hello lists, here you find the analysis of a vulnerability I recently discovered. Mikrotik RouterOS 5. and 6. sshd remote preauth heap corruption http://kingcope.wordpress.com/2013/09/02/mikrotik-routeros-5-and-6-sshd-remote-preauth-heap-corruption/ Additionally it includes a way to drop into a...
UBUNTU-CVE-2012-1016
The pkinitserverreturnpadata function in plugins/preauth/pkinit/pkinitsrv.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a...
DefenseCode Security Advisory: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability
DefenseCode Security Advisory http://www.defensecode.com/ Broadcom UPnP Remote Preauth Root Code Execution Vulnerability Advisory ID: DC-2013-01-003 Advisory Title: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability Advisory URL: http://www.defensecode.com/subcategory/advisories-28...
DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit
DefenseCode Security Advisory UPCOMING: Cisco Linksys Remote Preauth 0day Root Exploit Story behind the vulnerability... Months ago, we've contacted Cisco about a remote preauth root access vulnerability in default installation of their Linksys routers that we've discovered. We gave them detailed...
Multiple MySQL database Zero-day vulnerabilities published
Researcher discovered Multiple Zero-day vulnerabilities in MySQL database software including Stack based buffer overrun, Heap Based Overrun, Privilege Elevation, Denial of Service and Remote Preauth User Enumeration. Common Vulnerabilities and Exposures CVE assigned as : CVE-2012-5611 — MySQL Lin...
Oracle Secure Backup Administration preauth variable command injection
Added: 12/06/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are...
Samba Remote Directory Traversal
Samba Remote Directory Traversal logic fuckup discovered & exploited by Kingcope in 2010 It seems there was a quite similar bug found back in 2004: http://marc.info/?l=bugtraq&m=109658688505723&w=2 A remote attacker can read, list and retrieve nearly all files on the System remotely. Required is ...
Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS
Some days ago i have discovered a DoS in Windows Vista. Here is the advisory with a detailed description about the vulnerability that will help to Microsoft they have been already notified about the bug to correct it as soon as possible, and it will help you if you need to add any rule for your...
BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day)
No description provided by source. !/usr/bin/python BigAnt Server Ver 2.2 PreAuth Remote SEH Overflow 0day Matteo Memelli aka ryujin www.be4mind.com - www.gray-world.net 04/13/2008 Tested on Windows 2000 Sp4 English Vulnerable process is AntServer.exe Offset for SEH overwrite is 954 Bytes...
BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day)
PR: n/a I: 10,500 L: 0 LD: 246,240 I: 70400 Rank: 18167 Age: Feb 17, 2004 I: 0 whois source Density Links: 0|0 !/usr/bin/python BigAnt Server Ver 2.2 PreAuth Remote SEH Overflow 0day Matteo Memelli aka ryujin http://www.r57shell.in - http://adult.wikipediatr.com - http://www.wikipediatr.com...
BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day)
Exploit for unknown platform in category remote exploits ============================================================ BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit 0day ============================================================ !/usr/bin/python BigAnt Server Ver 2.2 PreAuth Remote SEH...
[EXPL] Airsensor M520 HTTPD Preauth DoS and Buffer Overflow (Exploit)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Airsensor M520 HTTPD Remote Preauth DoS / BOF PoC
No description provided by source. !/usr/bin/perl -w Airsensor M520 HTTPD Remote Preauth Denial Of Service and Buffer Overflow PoC The vulnerability is caused due to an unspecified error in the cgis files filter used for configure propierties. This can be exploited by sending a specially crafted...
Airsensor M520 HTTPD Remote Preauth DoS / BOF PoC
Exploit for hardware platform in category dos / poc ================================================= Airsensor M520 HTTPD Remote Preauth DoS / BOF PoC ================================================= !/usr/bin/perl -w Airsensor M520 HTTPD Remote Preauth Denial Of Service and Buffer Overflow PoC...
Kerio MailServer 6.2.2 preauth Remote Denial of Service PoC
No description provided by source. !/usr/bin/env python kms1.py - Kerio MailServer 6.2.2 preauth remote DoS fixed in Kerio MailServer 6.3.1 Copyright c 2006 Evgeny Legerov Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided...