what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

Files from sxkeebler

First Active2011-08-29
Last Active2012-01-09
HP JetDirect Device Page Directory Traversal
Posted Jan 9, 2012
Authored by Digital Defense, r@b13$, sxkeebler | Site digitaldefense.net

The HP-ChaiSOE/1.0 embedded web server on certain HP JetDirect printers allows a potential attacker to gain read only access to directories and files outside of the web root, different from CVE-2008-4419. An attacker can leverage this flaw to read arbitrary system configuration files, cached documents, etc. Information obtained from an affected host may facilitate further attacks against the host. Exploitation of this flaw is trivial using common web server directory traversal techniques.

tags | advisory, web, arbitrary, root
advisories | CVE-2011-4785
SHA-256 | bbf0ce50d3dd4baeccc1f6cadb25ebbc0f6568943c21f1edc2430eb89eeed216
KnowledgeTree login.php Blind SQL Injection
Posted Dec 8, 2011
Authored by Digital Defense, r@b13$, sxkeebler | Site digitaldefense.net

The KnowledgeTree login.php login page is vulnerable to a blind SQL injection vulnerability within the username field. An attacker can leverage this flaw to execute arbitrary SQL commands and extract sensitive information from the backend database using standard blind SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host OS.

tags | advisory, arbitrary, php, sql injection
SHA-256 | d3f77e8bceace3fc7ce207fa65ce9c2f16782589248552275d3f46df8cd67399
IBM WebSphere Directory Traversal
Posted Nov 1, 2011
Authored by Digital Defense, r@b13$, sxkeebler, Javier Castro | Site digitaldefense.net

The default installation of the IBM WebSphere Application Server is deployed with a 'help' servlet which is designed to serve supporting documentation for the WebSphere system. When the 'help' servlet processes a URL that contains a reference to a Java plug-in Bundle that is registered with the Eclipse Platform Runtime Environment of the WebSphere Application Server, the 'help' servlet fails to ensure that the submitted URL refers to a file that is both located within the web root of the servlet and is of a type that is allowed to be served. An unauthenticated remote attacker can use this weakness in the 'help' servlet to retrieve arbitrary system files from the host that is running the 'help' servlet. This can be accomplished by submitting a URL which refers to a registered Java plug-in Bundle followed by a relative path to the desired file.

tags | advisory, java, remote, web, arbitrary, root
advisories | CVE-2011-1359
SHA-256 | 4adf33603b356ff3b73d86dd885c7fef8b16304d70e5775f89788b5d0609f5d3
Axway SecureTransport /icons/ Directory Traversal
Posted Aug 29, 2011
Authored by Digital Defense, r@b13$, sxkeebler | Site digitaldefense.net

The Axway SecureTransport device contains a directory traversal in the '/icons/' directory. An unauthenticated remote attacker can use this vulnerability to obtain arbitrary files from the root file system of the vulnerable host.

tags | advisory, remote, arbitrary, root
SHA-256 | 1b3c5c1df5ff2ebfb4d989500a0c88455f9836ec0f3075c8f7d42816d3df5526
Page 1 of 1
Back1Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close