what you don't know can hurt you

Register | Login

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 1 of 1

Files

Web Service Hijacking In VMWare WebAccess: Posted Apr 1, 2010; Authored by Trustwave | Site trustwave.com; The Struts-based web application uses the server-side session sattribute "context_vmdirect" to store various settings, including the URL to the XML web service backend. By default, the URL is http://localhost/sdk, but the web service URL can be manually set from a client browser in several locations. If wsUrl is changed to point at an external server, all SOAP calls for that session are sent to the specified server. This includes plaintext authentication credentials. An attacker could exploit this by tricking a user into following a link to /ui/vmDirect.do, with an attacker-controlled server passed in the "view" parameter.; tags | advisory, web; advisories | CVE-2009-2277; SHA-256 | fd01d4172df55b8994b34803311ab871ff8630ad51141bd4511fe4f4065759a2; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

Recent News

Authorities Investigate LabHost Users After Phishing Service Shutdown: Posted Apr 23, 2024; tags | headline, cybercrime, fraud, phish; Favorite | View

Windows Vulnerability Reported By The NSA Exploited To Install Russian Malware: Posted Apr 23, 2024; tags | headline, government, microsoft, usa, russia, flaw, cyberwar, spyware, nsa; Favorite | View

Russia's Sandworm APT Linked To Attack On Texas Water Plant: Posted Apr 18, 2024; tags | headline, malware, usa, russia, cyberwar, scada; Favorite | View

EU Tells Meta It Can't Paywall Privacy: Posted Apr 18, 2024; tags | headline, government, privacy, facebook, social; Favorite | View

Kremlin-Backed Actors Spread Disinformation Ahead Of US Elections: Posted Apr 18, 2024; tags | headline, government, usa, russia, fraud, cyberwar; Favorite | View

Lawmakers Are Kicking Warrantless Wiretapping Into Overdrive: Posted Apr 18, 2024; tags | headline, government, privacy, usa, phone, spyware; Favorite | View

Five Eyes Agencies Release New AI Security Guidance: Posted Apr 18, 2024; tags | headline, government; Favorite | View

Phishing Platform LabHost Shut Down By Law Enforcement: Posted Apr 18, 2024; tags | headline, government, fraud, phish; Favorite | View

Scammers Offer Cash To Phone Carrier Staff To Swap SIM Cards: Posted Apr 17, 2024; tags | headline, phone, cybercrime, fraud, password; Favorite | View

Ivanti Patches 27 Vulns In Avalanche MDM Product: Posted Apr 17, 2024; tags | headline, flaw, patch; Favorite | View

View More News →

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links: News by Month; News Tags; Files by Month; File Tags; File Directory

About Us: History & Purpose; Contact Information; Terms of Service; Privacy Statement; Copyright Information

Services: Security Services
Hosting By: Rokasec