19 matches found
Xerver 4.31, 4.32 HTTP Response Splitting
No description provided by source. Xerver 4.31, 4.32 HTTP Response Splitting Discovered: 04-10-08 By: SecureState R&D Team - sasquatch Vendor Notified: 04-11-08 Vendor Response: 04-13-08 New version also vulnerable: 10-07-09 Tested Win32 v4.32 Vendor Notified: 10-07-09 Vendor Response: NONE...
X-Cart Pro 4.0.13 - SQL Injection Proof of Concept
No description provided by source. X-Cart Pro v4.0.13 SQL Injection Proof of Concept Discovered By: s4squatch of SecureState R&D Team www.securestate.com Discovered: Mon, 08 Sep 2008 20:29:07 GMT Version: 4.0.13 obtained from www.website.com/README Can't find reference to this old vuln elsewhere...
LifeSize Room Vulnerabilities
Discovered: 07-13-11 By: Spencer McIntyre zeroSteiner SecureState R&D Team www.securestate.com Background: ----------- Multiple vulnerabilities within the LifeSize Room appliance. Vulnerability Summaries: ------------------------ Login page can be bypassed, granting administrative access to the w...
LifeSize Room Command Injection
Exploit for php platform in category web applications require 'msf/core' class Metasploit3 'LifeSize Room Command Injection', 'Description' = %q This module exploits a vulnerable resource in LifeSize Room versions 3.5.3 and 4.7.18 to inject OS commmands. LifeSize Room is an appliance and thus the...
MagnetoSoft NetworkResources Active-X NetFileClose SEH Overwrite
'Magneto Software Net Resource ActiveX NetFileClose SEH Overwrite POC 'Discovered by: s4squatch of SecureState R&D Team 'Site: www.securestate.com 'Date Discovered: 02/11/10 'www: http://www.magnetosoft.com/products/sknetresource/sknetresourcefeatures.htm 'Download:...
MagnetoSoft NetworkResources ActiveX NetFileClose SEH Overwrite POC
Exploit for windows platform in category dos / poc =================================================================== MagnetoSoft NetworkResources ActiveX NetFileClose SEH Overwrite POC =================================================================== 'Magneto Software Net Resource ActiveX...
MagnetoSoft NetworkResources 4.0.0.5 - ActiveX NetFileClose Overwrite (SEH) (PoC)
MagnetoSoft NetworkResources 4.0.0.5 - ActiveX NetFileClose Overwrite SEH PoC 'Magneto Software Net Resource ActiveX NetFileClose SEH Overwrite POC 'Discovered by: s4squatch of SecureState R&D Team 'Site: www.securestate.com 'Date Discovered: 02/11/10 'www:...
X-Cart Pro v4.0.13 SQL Injection Proof of Concept
Exploit for unknown platform in category web applications ================================================= X-Cart Pro v4.0.13 SQL Injection Proof of Concept ================================================= X-Cart Pro v4.0.13 SQL Injection Proof of Concept Discovered By: s4squatch of SecureState...
RSA SecurID XSS Vulnerability
Exploit for unknown platform in category web applications ============================= RSA SecurID XSS Vulnerability ============================= Discovered 12-11-2008 Discovered By: s4squatch of SecureState R&D Team www.securestate.com Vendor Notified: 10-07-2009 Vendor Response: 10-08-2009...
RSA - SecurID Cross-Site Scripting
RSA - SecurID Cross-Site Scripting Discovered 12-11-2008 Discovered By: s4squatch of SecureState R&D Team www.securestate.com Vendor Notified: 10-07-2009 Vendor Response: 10-08-2009 Version: Unknown -- DLL does not contain version, therefore vendor says it is outdated and not supported. POC:...
Cisco Collaboration Server 5 - Cross-Site Scripting / Source Code Disclosure
Cisco Collaboration Server 5 XSS, Source Code Disclosure Discovered by: s4squatch of SecureState R&D Team www.securestate.com Discovered: 08/26/2008 Note: End of Engineering -- http://www.cisco.com/en/US/products/sw/custcosw/ps747/prodeolnotice09186a008032d4d0.html Replaced with:...
Xerver 4.31, 4.32 HTTP Response Splitting
Discovered: 04-10-08 By: SecureState R&D Team - sasquatch Vendor Notified: 04-11-08 Vendor Response: 04-13-08 Vendor Notified: 10-07-09 Vendor Response: NONE Published: 11-18-09 Proof of Concept:...
Xerver 4.314.32 - HTTP Response Splitting
Xerver 4.314.32 - HTTP Response Splitting Xerver 4.31, 4.32 HTTP Response Splitting Discovered: 04-10-08 By: SecureState R&D Team - sasquatch Vendor Notified: 04-11-08 Vendor Response: 04-13-08 New version also vulnerable: 10-07-09 Tested Win32 v4.32 Vendor Notified: 10-07-09 Vendor Response: NON...
Xerver 4.31, 4.32 HTTP Response Splitting
Exploit for unknown platform in category web applications ========================================= Xerver 4.31, 4.32 HTTP Response Splitting ========================================= Xerver 4.31, 4.32 HTTP Response Splitting Discovered: 04-10-08 By: SecureState R&D Team - sasquatch Vendor...
Xerver 4.31 4.32 HTTP Response Splitting
No description provided by source. Xerver 4.31, 4.32 HTTP Response Splitting Discovered: 04-10-08 By: SecureState R&D Team - sasquatch Vendor Notified: 04-11-08 Vendor Response: 04-13-08 New version also vulnerable: 10-07-09 Tested Win32 v4.32 Vendor Notified: 10-07-09 Vendor Response: NONE...
Xerver 4.31/4.32 - HTTP Response Splitting
Xerver 4.31, 4.32 HTTP Response Splitting Discovered: 04-10-08 By: SecureState R&D Team - sasquatch Vendor Notified: 04-11-08 Vendor Response: 04-13-08 New version also vulnerable: 10-07-09 Tested Win32 v4.32 Vendor Notified: 10-07-09 Vendor Response: NONE Published: 11-18-09 Proof of Concept:...
SpiceWorks 3.6 - 'Accept' Overflow Crash
!/usr/bin/python Spiceworks 3.6 Accept Parameter Overflow Remote Crash P.O.C. Written by: SecureState R&D Author: David Kennedy ReL1K Tested on Windows 2003 SP2 R2 Vendor Notified on: 05/11/2009 Vendor Fix: Fixed in version 4.0 esi 000334E0 ASCII "AAAAAAAAAAAAAAAAAA" edi 000334E0 ASCII...
Spiceworks 3.6 Accept Parameter Overflow Crash Exploit
Exploit for unknown platform in category dos / poc ====================================================== Spiceworks 3.6 Accept Parameter Overflow Crash Exploit ====================================================== !/usr/bin/python Spiceworks 3.6 Accept Parameter Overflow Remote Crash P.O.C...
MoinMoin Wiki Engine XSS Vulnerability
MoinMoin Wiki Engine Cross-Site Scripting Discovered by: SecureState R&D Team sasquatch Website: www.securestate.com Discovered: 01-08-09 Vendor Notified: 01-08-09 Vendor Fix Issued: 01-11-09 http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1 Vendor Fix: Upgrade to version 1.8.1 Public Posting: 01-19-...