168 matches found
Ladon Framework for Python 0.9.40 - XML External Entity Expansion
Ladon Framework for Python 0.9.40 - XML External Entity Expansion Advisory: XML External Entity Expansion in Ladon Webservice Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and re...
WebClientPrint Processor 2.0.15.109 Updates Remote Code Execution Vulnerability
RedTeam Pentesting discovered that rogue updates trigger a remote code execution vulnerability in WebClientPrint Processor WCPP. These updates may be distributed through specially crafted websites and are processed without any user interaction as soon as the website is accessed. However, the...
WebClientPrint Processor 2.0.15.109 TLS Validation Vulnerability
RedTeam Pentesting discovered that WebClientPrint Processor WCPP does not validate TLS certificates when initiating HTTPS connections. Thus, a man-in-the-middle attacker may intercept and/or modify HTTPS traffic in transit. This may result in a disclosure of sensitive information and the integrit...
WebClientPrint Processor 2.0.15.109 Updates Remote Code Execution
Advisory: WebClientPrint Processor 2.0: Remote Code Execution via Updates RedTeam Pentesting discovered that rogue updates trigger a remote code execution vulnerability in WebClientPrint Processor WCPP. These updates may be distributed through specially crafted websites and are processed without...
WebClientPrint Processor 2.0.15.109 Unauthorized Proxy Modification
Advisory: WebClientPrint Processor 2.0: Unauthorised Proxy Modification RedTeam Pentesting discovered that attackers can configure a proxy host and port to be used when fetching print jobs with WebClientPrint Processor WCPP. This proxy setting may be distributed via specially crafted websites and...
WebClientPrint Processor 2.0.15.190 Print Jobs Remote Code Execution
Advisory: WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs RedTeam Pentesting discovered that malicious print jobs can be used to trigger a remote code execution vulnerability in WebClientPrint Processor WCPP. These print jobs may be distributed via specially crafted websites an...
WebClientPrint Processor 2.0.15.190 Print Jobs Remote Code Execution Vulnerability
WebClientPrint Processor version 2.0.15.109 suffers from a remote code execution vulnerability via print jobs. Advisory: WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs RedTeam Pentesting discovered that malicious print jobs can be used to trigger a remote code execution...
REDDOXX Appliance Session Identifier Extraction
Advisory: Unauthenticated Extraction of Session-IDs in REDDOXX Appliance RedTeam Pentesting discovered an information disclosure vulnerabilty in the REDDOXX appliance software, which allows unauthenticated attackers to extract valid session IDs. Details ======= Product: REDDOXX Appliance Affected...
Apache mod_session_crypt 2.5 Padding Oracle
Advisory: Padding Oracle in Apache modsessioncrypto During a penetration test, RedTeam Pentesting discovered a Padding Oracle vulnerability in modsessioncrypto of the Apache web server. This vulnerability can be exploited to decrypt the session data and even encrypt attacker-specified data. Detai...
Apache mod_session_crypto - Padding Oracle
Apache modsessioncrypto - Padding Oracle ''' Advisory: Padding Oracle in Apache modsessioncrypto During a penetration test, RedTeam Pentesting discovered a Padding Oracle vulnerability in modsessioncrypto of the Apache web server. This vulnerability can be exploited to decrypt the session data an...
Websockify (C Implementation) 0.8.0 - Buffer Overflow (PoC)
Advisory: Websockify: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered a buffer overflow vulnerability in the C implementation of Websockify, which allows attackers to execute arbitrary code. Details ======= Product: Websockify C implementation Affected Versions: all versio...
Websockify (C Implementation) 0.8.0 - Buffer Overflow (PoC)
Websockify C Implementation 0.8.0 - Buffer Overflow PoC Advisory: Websockify: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered a buffer overflow vulnerability in the C implementation of Websockify, which allows attackers to execute arbitrary code. Details ======= Product:...
Paessler PRTG Network Monitor 14.4.12.3282 XXE Injection
Advisory: XML External Entity Expansion in Paessler PRTG Network Monitor Authenticated users who can create new HTTP XML/REST Value sensors in PRTG Network Monitor can read local files on the PRTG host system via XML external entity expansion. Details ======= Product: Paessler PRTG Network Monito...
Securimage 3.6.2 Cross Site Scripting
Advisory: Cross-site Scripting in Securimage 3.6.2 RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the Securimage CAPTCHA software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Details ======= Product: Securimage Affected Versions: = 3.2R...
Symfony PHP Framework Session Fixation
Advisory: Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality A session fixation vulnerability within the Symfony web application framework's "Remember Me" login functionality allows an attacker to impersonate the victim towards the web application if the session ID value...
CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature
Affected Versions Symfony 2.3.0 to 2.3.34, 2.6.0 - 2.6.11, 2.7.0 - 2.7.6 versions of the Security component are affected by this security issue. This issue has been fixed in Symfony 2.3.35, 2.6.12, and 2.7.7. Note that no fixes are provided for Symfony 2.4 and 2.5 as they are not maintained...
ZyXEL ZyWALL USG client side authorization config disclosure
Details ======= Product: ZyXEL USG Unified Security Gateway appliances ZyWALL USG-20 ZyWALL USG-20W ZyWALL USG-50 ZyWALL USG-100 ZyWALL USG-200 ZyWALL USG-300 ZyWALL USG-1000 ZyWALL USG-1050 ZyWALL USG-2000 Possibly other ZLD-based products Affected Versions: Firmware Releases before April 25, 20...
TYPO3 Extension Akronymmanager 0.5.0 - SQL Injection
TYPO3 Extension Akronymmanager 0.5.0 - SQL Injection Advisory: SQL Injection in TYPO3 Extension Akronymmanager An SQL injection vulnerability in the TYPO3 extension "Akronymmanager" allows authenticated attackers to inject SQL statements and thereby read data from the TYPO3 database. Details...
Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery
Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web...
Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate...