13 matches found
Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoveryadminsystimerce mrme$ ./poc.py 172.16.175.123 admin123 + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root gid=0ro...
Trend Micro Threat Discovery Appliance 2.6.1062r1 detected_potential_files.cgi Remote Code Execution
!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoverydetectedpotentialfilesrce mrme$ ./poc.py 172.16.175.123 admin + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root...
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dae.cgi Remote Code Execution
!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoverylogquerydaerce mrme$ ./poc.py 172.16.175.123 admin + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root gid=0root...
Trend Micro Threat Discovery Appliance 2.6.1062r1 upload.cgi Remote Code Execution
!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoveryuploadrce mrme$ ./poc.py 172.16.175.123 admin123 + logged in... + popping shell, type 'exit' to exit. $ id uid=0root gid=0root $ uname -a Linux localhost 2.6.24...
openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4070)
MozillaThunderbird was updated to version 3.1.8, fixing various security issues. Following security issues were fixed: MFSA 2011-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...
Multiple critical vulnerabilities in Maxthon and Avant browsers
Hi, Below you can find a short summary of discovered vulnerabilities in Maxthon and Avant browsers. Such vulnerabilities were demonstrated during HITBAMS2012 security conference and more recently at HackPra. Affected Products - Maxthon www.maxthon.com - Avant Browser www.avantbrowser.com Security...
Oracle GlassFish Server - REST Cross-Site Request Forgery
Details Vendor Site: Oracle www.oracle.com Date: April, 19th 2012 – CVE 2012-0550 Affected Software: Oracle GlassFish Server 3.1.1 build 12 Researcher: Roberto Suggi Liverani PDF version: http://www.security-assessment.com/files/documents/advisory/OracleGlassFishServerRESTCSRF.pdf Description...
Oracle GlassFish Server - REST Cross-Site Request Forgery
Oracle GlassFish Server - REST Cross-Site Request Forgery Details Vendor Site: Oracle www.oracle.com Date: April, 19th 2012 – CVE 2012-0550 Affected Software: Oracle GlassFish Server 3.1.1 build 12 Researcher: Roberto Suggi Liverani PDF version:...
Oracle GlassFish Server - REST CSRF Vulnerability
Exploit for windows platform in category web applications Details Vendor Site: Oracle www.oracle.com Date: April, 19th 2012 – CVE 2012-0550 Affected Software: Oracle GlassFish Server 3.1.1 build 12 Researcher: Roberto Suggi Liverani PDF version:...
Oracle GlassFish Server 3.1.1 (build 12) - Multiple Cross-Site Scripting Vulnerabilities
Oracle GlassFish Server 3.1.1 build 12 - Multiple Cross-Site Scripting Vulnerabilities Details Vendor Site: Oracle www.oracle.com Date: April, 19th 2012 – CVE 2012-0551 Affected Software: Oracle GlassFish Server 3.1.1 build 12 Researcher: Roberto Suggi Liverani PDF version:...
Opera 11.51 - Use-After-Free Crash (PoC)
Opera 11.51 - Use-After-Free Crash PoC Exploit Title: Opera Use After Free - Crash PoC Date: 20 October 2011 Author: Roberto Suggi Liverani Software Link: www.opera.com Version: 11.51 and previous versions Tested on: Windows XP and Windows 7 CVE : n/a Link:...
Oracle WebLogic - POST Session Fixation
Name Oracle WebLogic – Session Fixation Via HTTP POST Request Vendor Website http://www.oracle.com/ Date Released 11 March 2011 – CVE-2010-4437 Affected Software Oracle WebLogic Server 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, 10.3.3 Researcher Roberto Suggi Liverani Description Oracle WebLogic servlet...
Mozilla Foundation Security Advisory 2011-08
Mozilla Foundation Security Advisory 2011-08 Title: ParanoidFragmentSink allows javascript: URLs in chrome documents Impact: Moderate Announced: March 1, 2011 Reporter: Roberto Suggi Liverani Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.14 Firefox 3.5.17 Thunderbird 3.1.8...