exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

Files from Andreas Lindh

First Active2016-03-25
Last Active2016-03-31
Apache Jetspeed Arbitrary File Upload
Posted Mar 31, 2016
Authored by wvu, Andreas Lindh | Site metasploit.com

This Metasploit module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, versions 2.3.0 and unknown earlier versions, to upload and execute a shell. Note: this exploit will create, use, and then delete a new admin user. Warning: in testing, exploiting the file upload clobbered the web interface beyond repair. No workaround has been found yet. Use this module at your own risk. No check will be implemented.

tags | exploit, web, shell, file upload
advisories | CVE-2016-0709, CVE-2016-0710
SHA-256 | f98ee50658aec27fea6e1325e83c5d9c0afefcbe8bf5d2b5dab9fa93e03887b6
Apache OpenMeetings 3.1.0 Path Traversal
Posted Mar 30, 2016
Authored by Andreas Lindh

Apache OpenMeetings versions 1.9.x through 3.1.0 suffer from a path traversal vulnerability.

tags | exploit
advisories | CVE-2016-0784
SHA-256 | 06155ed4077ed8cf25d3a08079ba858161b87ca4e65b378d5564e026638cbca2
Apache OpenMeetings 3.0.7 Arbitary File Read
Posted Mar 25, 2016
Authored by Andreas Lindh

When attempting to upload a file via the API using the importFileByInternalUserId or importFile methods in the FileService, it is possible to read arbitrary files from the system. This is due to that Java's URL class is used without checking what protocol handler is specified in the API call. Apache OpenMeetings versions 1.9.x through 3.0.7 are affected.

tags | advisory, java, arbitrary, protocol
advisories | CVE-2016-2164
SHA-256 | c8dd487b97e1b03e9a3818c01b947705ae5bdeec150494b208e77bfa5c1dd41f
Apache OpenMeetings 3.0.7 Cross Site Scripting
Posted Mar 25, 2016
Authored by Andreas Lindh

When creating an event, it is possible to create clickable URL links in the event description. These links will be present inside the event details once a participant enters the room via the event. It is possible to create a link like "javascript:alert('xss')", which will execute once the link is clicked. As the link is placed within an <a> tag, the actual link is not visible to the end user which makes it hard to tell if the link is legit or not. Apache OpenMeetings versions 1.9.x through 3.0.7 are affected.

tags | advisory, javascript
advisories | CVE-2016-2163
SHA-256 | ae142c09b3506f6a2df2eff1b29727a0f7f4ac41ab39eacb5ce1d1505fe8e1a3
Apache OpenMeetings 3.1.0 MD5 Hashing
Posted Mar 25, 2016
Authored by Andreas Lindh

The hash generated by the external password reset function is generated by concatenating the user name and the current system time, and then hashing it using MD5. This is highly predictable and can be cracked in seconds by an attacker with knowledge of the user name of an OpenMeetings user. Apache OpenMeetings versions 1.9.x through 3.1.0 are affected.

tags | advisory
advisories | CVE-2016-0783
SHA-256 | e8013d35e67485ede2f2a96963a7acebaa5a2d152f1ac777a282f195dd67f09b
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close