Showing 1 - 3 of 3

Files from INTREST SEC

Dropbear SSHD xauth Command Injection / Bypass: Posted Mar 15, 2016; Authored by INTREST SEC; Dropbear sshd versions 2015.71 and below suffer from a command injection vulnerability via xauth. An authenticated user may inject arbitrary xauth commands by sending an x11 channel request that includes a newline character in the x11 cookie. The newline acts as a command separator to the xauth binary. This attack requires the server to have 'X11Forwarding yes' enabled. Disabling it, mitigates this vector.; tags | exploit, arbitrary, bypass; advisories | CVE-2016-3116; SHA-256 | 8129326c102e22e1da62a2fd903c2546c85eba1fd49af454ec0eeb8768c919e3; Download | Favorite | View

OpenSSH 7.2p1 xauth Command Injection / Bypass: Posted Mar 15, 2016; Authored by INTREST SEC; OpenSSH versions 7.2p1 and below suffer from a command injection and /bin/false bypass vulnerability via xauth.; tags | exploit, bypass; advisories | CVE-2016-3115; SHA-256 | 21d775c0fcb1c084c005d795ca4e1b1a4ba34f84303ab3202fc620f0852d90ee; Download | Favorite | View

Confluence Wiki 4.1.4 Cross Site Scripting: Posted Sep 15, 2012; Authored by INTREST SEC; Confluence Wiki versions 3.5.9, 4.0.3, and 4.1.4 suffer from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 9bcf399a2e8ea5531b3605b2128bf6b02fa2c55f7a7dea89f867a811b06a28d7; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days