exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 53 RSS Feed

Files

ShoreTel Conferencing 19.46.1802.0 Cross Site Scripting
Posted Nov 10, 2020
Authored by Joe Helle

ShoreTel Conferencing version 19.46.1802.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-28351
SHA-256 | df622ff6658508f23c86cc7c02cc486c8f440ad740ecd4af686fba474a2981ea

Related Files

Are You Really Muted? A Privacy Analysis Of Mute Buttons In Video Conferencing Apps
Posted Apr 15, 2022
Authored by George K. Thiruvathukal, Yucheng Yang, Kassem Fawaz, Jack West, Neil Klingensmith | Site wiscprivacy.com

Whitepaper called Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps.

tags | paper
SHA-256 | 050dc6588d019c0fec02dfa4d049708c93c8ad0e15fb67374316108e1ab679a3
BigBlueButton 2.2.25 File Disclosure / Server-Side Request Forgery
Posted Oct 21, 2020
Site redteam-pentesting.de

RedTeam Pentesting discovered a vulnerability in the BigBlueButton web conferencing system version 2.2.25 that allows participants of a conference with permissions to upload presentations to read arbitrary files from the file system and perform server-side requests. This leads to administrative access to the BigBlueButton instance.

tags | exploit, web, arbitrary
advisories | CVE-2020-25820
SHA-256 | 41eaaa438c053a1afcdc56d2cd1717b2db4bf402566f20e2d848123cbaf0cbf1
Cisco Security Advisory 20150722-mp
Posted Jul 22, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The password change functionality in the Cisco Unified MeetingPlace Web Conferencing application could allow an unauthenticated remote, attacker to change the passwords of arbitrary users. The vulnerability is due to the following: Users are not required to enter the previous password during a password change request. HTTP session functionality does not validate the session ID in the HTTP request for the password change request. An attacker could exploit this vulnerability via a crafted HTTP request and change arbitrary user passwords to gain access to the application. A successful exploit could allow the attacker to use the reset credentials to gain full control of the application. Cisco has released software updates that address this vulnerability. There is no workaround that mitigates this vulnerability.

tags | advisory, remote, web, arbitrary
systems | cisco
SHA-256 | 7cbd83c8b6d07ea171e6c9a9d09ae2d0b179745988e82ee08f8883d41da6a3f2
SILC (Secure Internet Live Conferencing) Client 1.1.11
Posted Jul 23, 2014
Authored by priikone | Site silcnet.org

SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to normal text messages. This includes multimedia messages like images, video, and audio stream. All messages in the SILC network are encrypted and authenticated, and messages can also be digitally signed. SILC protocol supports AES, SHA-1, PKCS#1, PKCS#3, X.509, OpenPGP, and is being developed in the IETF. This tarball holds all client related files.

Changes: This version adds plugin changes, performs better public key verification, and addresses various issues.
tags | tool, protocol
systems | unix
SHA-256 | 8cedf2f3c15322296afe094de60504bc27e349f1942713a2f322c7ef6ad5089e
Secure Internet Live Conferencing 1.1.12
Posted May 13, 2014
Authored by priikone | Site silcnet.org

SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to normal text messages. This includes multimedia messages like images, video, and audio stream. All messages in the SILC network are encrypted and authenticated, and messages can also be digitally signed. SILC protocol supports AES, SHA-1, PKCS#1, PKCS#3, X.509, OpenPGP, and is being developed in the IETF. This tarball holds all developer related files.

Changes: This version upgrades the Irssi base of SILC Client to the latest version available, improves the information shown when verifying public keys, and fixes some minor bugs.
tags | tool, protocol
systems | unix
SHA-256 | 7e0c3f73471b54ba55f5ac42979ed0d642afd8ae18a973c16b2a667c6c72db56
Secure Internet Live Conferencing Toolkit 1.1.11
Posted May 9, 2014
Authored by priikone | Site silcnet.org

SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to normal text messages. This includes multimedia messages like images, video, and audio stream. All messages in the SILC network are encrypted and authenticated, and messages can also be digitally signed. SILC protocol supports AES, SHA-1, PKCS#1, PKCS#3, X.509, OpenPGP, and is being developed in the IETF. This tarball holds all developer related files.

Changes: This version adds a new default private message protection method by executing SILC Key Exchange protocol over the SILC network, client-to-client, to provide end-to-end protection for private messages. This version adds also other API improvements in SILC Client Library, SILC Core Library, and SILC Key Exchange Library. It fixes numerous bugs found using static analysis tools.
tags | tool, protocol
systems | unix
SHA-256 | 34a6f1b786f5c4d4138ffc5b2596e6709531e8ce8dc1cd1764362a8329ec53dc
Cisco Security Advisory 20130410-mp
Posted Apr 11, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified MeetingPlace Application Server contains an authentication bypass vulnerability and Cisco Unified MeetingPlace Web Conferencing Server contains an arbitrary login vulnerability. For both vulnerabilities, successful exploitation could allow an unauthenticated, remote attacker to impersonate a legitimate user and send arbitrary commands to the affected system with the privileges of that user. Cisco has released free software updates that address these vulnerabilities. A workaround is available for the Cisco Unified MeetingPlace Web Conferencing Server Arbitrary Login Vulnerability.

tags | advisory, remote, web, arbitrary, vulnerability, bypass
systems | cisco
SHA-256 | ac07829fb7b4753ccebbf00ed0c285629430bffc56279f0d3c6718c7b22d630a
Cisco Security Advisory 20121031-mp
Posted Oct 31, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified MeetingPlace Web Conferencing is affected by remote SQL injection and buffer overrun vulnerabilities. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.

tags | advisory, remote, web, overflow, vulnerability, sql injection
systems | cisco
SHA-256 | c8372cfbc399ee23d63927afafe27e610a6548cdd057c146f8b92cfb306c4d46
Secunia Security Advisory 44571
Posted May 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Mitel Audio and Web Conferencing, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, web, vulnerability, xss
SHA-256 | 61d64f0b87837d95a7e19e9e96a1a521bed49aef2a901b77b9321262644f6c85
Mitel Audio And Web Conferencing 4.4.30 Cross Site Scripting
Posted May 17, 2011
Authored by ProCheckUp, Richard Brain | Site procheckup.com

Mitel Audio and Web Conferencing version 4.4.30 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | 89f24d51c3ff886d0bd19239c449f15af0c50c1c88a3ec85cd52c0e52a1fd8a2
Mitel Audio and Web Conferencing Command Injection
Posted Dec 23, 2010
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a command injection flaw within the Mitel Audio and Web Conferencing web interface.

tags | exploit, web
advisories | OSVDB-69934
SHA-256 | 97b5a763297d6d3f56801bb39882beb8c4ab7dea6f1f7ca50cbcc4df2cfd6580
Secunia Security Advisory 42697
Posted Dec 23, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Jan Fry has reported a vulnerability in Mitel Audio and Web Conferencing (AWC), which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, web
SHA-256 | 2af0f6c196786e64e89e86673510338d9c61c07fb96f1a9644828be3a2d1c9d5
Mitel's AWC Command Execution
Posted Dec 21, 2010
Authored by ProCheckUp, Jan Fry | Site procheckup.com

Mitel's AWC (Mitel Audio and Web Conferencing) suffers from an unauthenticated remote command execution vulnerability.

tags | exploit, remote, web
SHA-256 | d8ebd53382f1971b52183a49644b0acc8ffacacf752faf70fcaba699b9613c61
Secunia Security Advisory 42248
Posted Nov 18, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple weaknesses and vulnerabilities have been reported in Cisco Unified Videoconferencing, which can be exploited by malicious, local users to disclose sensitive information and gain escalated privileges, by malicious users to compromise a vulnerable system, and by malicious people to hijack another user's session, disclose sensitive information, and potentially compromise a vulnerable system.

tags | advisory, local, vulnerability
systems | cisco
SHA-256 | 0407fd631017dee082b049787c114887b0c7c92fdefc87054d1d34ebad53fa8f
Cisco Unified Videoconferencing Command Injection / Various Issues
Posted Nov 18, 2010
Authored by Florent Daigniere | Site trustmatta.com

Cisco Unified Videoconferencing system versions 3515,3522,3527,5230,3545,5110 and 5115 suffer from hard-coded credential, service misconfiguration, weak session ID, cookie storing of credentials, command injection and weak obfuscation vulnerabilities.

tags | advisory, vulnerability
systems | cisco
advisories | CVE-2010-3037, CVE-2010-3038
SHA-256 | 34574a022d1b743eb1e6b83e30eab653ab9cf93cb2d80db1668e365bd9c2323f
Cisco Security Response 20101117-cuvc
Posted Nov 17, 2010
Authored by Cisco Systems | Site cisco.com

This is the Cisco Product Security Incident Response Team (PSIRT) response to a posting entitled "Cisco Unified Videoconferencing multiple vulnerabilities" by Florent Daigniere of Matta Consulting regarding vulnerabilities in the Cisco Unified Videoconferencing (Cisco UVC) 5100 series products. Several of the vulnerabilities also impact Cisco Unified Videoconferencing 5200 and 3500 Series Products.

tags | advisory, vulnerability
systems | cisco
advisories | CVE-2010-3037, CVE-2010-3038
SHA-256 | 69ff03ff2b451e16c8342723ca698a082590a674746e6fb250333321452c49ba
Mandriva Linux Security Advisory 2009-234
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-234 - Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions. The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string. The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted Content-Length header, related to incorrect use of a %lu format string. Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users. This update provides a solution to these vulnerabilities. Packages for MES5 was not provided previously, this update addresses this problem. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2009-3051, CVE-2008-7159, CVE-2008-7160, CVE-2009-3163
SHA-256 | ae55c02dbd7ddd57b43075845ae46ba5e33dc5158dd2ff5097cba115e8693937
SILC Server 1.1.18
Posted Sep 29, 2009
Authored by priikone | Site silcnet.org

SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to normal text messages. This includes multimedia messages like images, video, and audio stream. All messages in the SILC network are encrypted and authenticated, and messages can also be digitally signed. SILC protocol supports AES, SHA-1, PKCS#1, PKCS#3, X.509, OpenPGP, and is being developed in the IETF. This tarball holds all server related files.

Changes: This version adds heartbeat support and fixes some minor bugs.
tags | protocol
SHA-256 | fcb278f22cea61ba6e3d6e49af9de50111f5c8565408054d828af262fc0fe293
Mandriva Linux Security Advisory 2009-235
Posted Sep 16, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-235 - Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions. Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in a channel name, related to (1) silc_client_command_topic, (2) silc_client_command_kick, (3) silc_client_command_leave, and (4) silc_client_command_users. This update provides a solution to these vulnerabilities.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2009-3051, CVE-2009-3163
SHA-256 | cf29ab20dfb02d1acfb394baa328e5ca9ba75bc356f74d70e641c7d0d2e54046
Debian Linux Security Advisory 1879-1
Posted Sep 4, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1879-1 - Several vulnerabilities have been discovered in the software suite for the SILC protocol, a network protocol designed to provide end-to-end security for conferencing services.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2008-7159, CVE-2008-7160, CVE-2009-3051
SHA-256 | a579706ca3462dbced3ea936bf4e6108a3458c47e92f30831ef87990788d6e50
SILC (Secure Internet Live Conferencing) Server Update
Posted Aug 5, 2009
Authored by priikone | Site silcnet.org

SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to normal text messages. This includes multimedia messages like images, video, and audio stream. All messages in the SILC network are encrypted and authenticated, and messages can also be digitally signed. SILC protocol supports AES, SHA-1, PKCS#1, PKCS#3, X.509, OpenPGP, and is being developed in the IETF. This tarball holds all server related files.

Changes: This version fixes an empty channel problem and a number of crashes.
tags | protocol
SHA-256 | 4f53535374f08f797d2eadd5928a681f54a430e40ded0dbc5e9fbc2a60e87a78
SILC (Secure Internet Live Conferencing) Client Update
Posted Aug 5, 2009
Authored by priikone | Site silcnet.org

SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to normal text messages. This includes multimedia messages like images, video, and audio stream. All messages in the SILC network are encrypted and authenticated, and messages can also be digitally signed. SILC protocol supports AES, SHA-1, PKCS#1, PKCS#3, X.509, OpenPGP, and is being developed in the IETF. This tarball holds all client related files.

Changes: This version fixes a serious string format vulnerability.
tags | protocol
SHA-256 | aac435e4fbe37ef1aabafcbc4ab224e29b76d23439ca75f4c4945d8164ed71d2
Lotus Sametime User Enumeration
Posted Jul 9, 2009
Authored by Karan Khosla | Site senseofsecurity.com.au

Lotus Sametime suffers from a user enumeration vulnerability. This is based on the time it takes to respond when authenticating credentials. IBM Lotus Instant Messaging and Web Conferencing (Sametime) version 6.5.1 is affected.

tags | advisory, web
SHA-256 | cdcae2dc33b38a562b1583b7879b5cbe70a7200ad54c82ce179f4a9c3891f31c
Secure Internet Live Conferencing
Posted Mar 19, 2009
Authored by priikone | Site silcnet.org

SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to normal text messages. This includes multimedia messages like images, video, and audio stream. All messages in the SILC network are encrypted and authenticated, and messages can also be digitally signed. SILC protocol supports AES, SHA-1, PKCS#1, PKCS#3, X.509, OpenPGP, and is being developed in the IETF. This tarball holds all developer related files.

Changes: This version fixes lots of bugs and many security bugs such as crashes. In fact this release fixes as many as 8 major crashes and many other bugs.
tags | protocol
SHA-256 | cae36cb446c7568e8b01c626484c073751502c1d81eef6c75bd2ac28b227490c
Cisco Unified MeetingPlace Cross Site Scripting
Posted Feb 26, 2009
Authored by National Australia Bank Security Assurance

The Cisco Unified MeetingPlace Web Conferencing system is vulnerable to a stored cross site scripting vulnerability.

tags | exploit, web, xss
systems | cisco
SHA-256 | df9ddfe51280f84ea7084cd93067cf5dc3c71d635cb29a58a61b63a95d344716
Page 1 of 3
Back123Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close