| Email address | private |
|---|---|
| Website | hyp3rlinx.altervista.org |
| First Active | 2015-04-28 |
| Last Active | 2018-11-09 |
D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices will load a trojan horse "quserex.dll" and will create a new thread running with SYSTEM integrity.
7d5b487d0bc7a54d4746370b3f054425Using a web browser or script server-side request forgery (SSRF) can be initiated against internal/external systems to conduct port scans by leveraging D-LINK's MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using Web Browser.
d9afd3cea418548b6c3b72153c1261feThe FTP Server component of the D-LINK Central WifiManager can be used as a man-in-the-middle machine allowing PORT Command bounce scan attacks. This vulnerability allows remote attackers to abuse your network and discreetly conduct network port scanning. Victims will then think these scans are originating from the D-LINK network running the afflicted FTP Server and not you. Version 1.03 r0098 is affected.
83571811be19f02f54e3bf44fda47807A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. Cisco Immunet versions prior to 6.2.0 and Cisco AMP For Endpoints version 6.2.0 are affected.
7a4ff17f412569211f6751de8fc14501ServersCheck Monitoring Software versions up through 14.3.3 suffer from a remote SQL injection vulnerability.
5f20210cc21e2f7f7eeba3f2bed4a0d4ServersCheck Monitoring Software versions up through 14.3.3 suffer from a cross site scripting vulnerability.
2073e0a7bf80bbfb06368b74de78f83fServersCheck Monitoring Software versions up through suffer from arbitrary file write and denial of service vulnerabilities.
7302d602d37c84719c9794dafd55fb00NoMachine versions 5.3.26 and below suffer from a remote code execution vulnerability when opening a malicious .nxs file.
98f0f6fe4dc505a95f06d738805d3c7aMicrosoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from an xmla filetype XML external entity injection vulnerability.
f8fb22312550cc368dc913351a5406a8Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from a xel filetype XML external entity injection vulnerability.
0fb594060e86354cefaa3a12ba2181d5Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from a REGSRVR filehandling XML external entity injection vulnerability.
bc7e26312d98457aeac3779548aee6d7Microsoft Baseline Security Analyzer version 2.3 suffers from an XML external entity injection vulnerability.
7224f7e70a591fdfca03428610d0453cThis whitepaper analyzes a privilege escalation vulnerability in the Microsoft .NET framework as noted in MS15-118.
4a014224fc35bfb528ae5d4ebe710d2dFsPro Labs Event Log Explorer version 4.6.1.2115 suffers from an XML external entity injection vulnerability.
fad943a0c32935b55f0eee3696caaca4Argus Surveillance DVR version 4.0.0.0 suffers from a SYSTEM privilege escalation vulnerability.
568a5ca14ccf6b72d34900efe6809bceArgus Surveillance DVR version 4.0.0.0 suffers from file disclosure and traversal vulnerabilities.
236a5ef23b5453a2a50a23ab72a165afThe Microsoft DirectX SDK "Xact3.exe" cross-platform tool allows for arbitrary code execution via a trojan horse file "xbdm.dll" in the current working directory, upon opening a ".xap" project file from the same location.
d7f1056ce3aa140ad0e115c7bf50b3c0Microsoft's dnslint.exe tool does not verify domain names when parsing DNS text-files using the "/ql" switch making it prone to forced drive-by downloads, providing an end user is tricked into using a server text-file containing a script/binary reference instead of a normally expected domain name.
eb14060a0091ba68f6b96c6e9ef2fb25Microsoft Windows Enterprise Mode Site List Manager versions 1 and 2 suffer from an XML external entity injection vulnerability.
adb95485a2175dc841aa24d2a530ed72Library description files are XML files that define libraries. Libraries aggregate items from local and remote storage locations into a single view in Windows Explorer. Library description files follow the Library Description schema and are saved as *.library-ms files. The .library-ms filetype triggers forced authentication when a user/client accesses a remote share that houses an attacker supplied ".library-ms" file, disclosing credential hashes and other identifiable computer informations.
3efbbbe3394fffedf1bbcf55f304effbEnhanced Mitigation Experience Toolkit (EMET) suffers from an XML external entity injection vulnerability.
da2c5fe7a5b5d3b441f02c18e2d7ca7aPolaris Office 2017 version 8.1 allows attackers to execute arbitrary code via a trojan horse "puiframeworkproresenu.dll" file in the current working directory, due to a search order flaw vulnerability.
cb627d3986c07f094a3e4282ca8924deOfficeScan XG version 11.0 suffers from an unauthorized change prevention bypass vulnerability.
e3ce9faee8d067f82b6d929d3dff7cdaMicrosoft FxCop versions 10 through 12 are vulnerable to XML injection attacks allowing local file ex-filtration and or NTLM hash theft. Tested in Windows 7 and Windows 10 download SDK it works in both.
e4970e9fdb7dbc2ea52471b6d0a8c531Easy Hosting Control Panel version 0.37.12.b suffers from an unverified password change vulnerability.
791e45e8fcd14b89a834a308b18cccde
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed