the original cloud security
Showing 1 - 20 of 20 RSS Feed

Files from otr

First Active2011-12-10
Last Active2015-06-30
CollabNet Subversion Edge Management CSRF
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend fails to implement any cross site request forgery protection. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory, csrf
MD5 | e640532a8d83b358bb72ef463752a6fd
CollabNet Subversion Edge Management Tail LFI
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the tail action. Fixed in version 5.0. Version 4.0.11 is affected.

tags | exploit, arbitrary, local, file inclusion
MD5 | de79560bb10501b5f5f80a0fc253ef0d
CollabNet Subversion Edge Management Missing Password Check
Posted Jun 30, 2015
Authored by otr

The management frontend does not require the old password for changing the password to a new one. An authenticated attacker may perform password setting attacks via XSRF without knowing the current password. An attacker that stole a Session ID (cookie) is able to gain persistent access by changing the password. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
MD5 | 5c5e945bd6fbe7ee2639d7b62c44fe62
CollabNet Subversion Edge Management Unsalted Hashes
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management stores passwords as unsalted MD5 hashes. Unsalted MD5 hashes can easily be cracked by brute forcing the password. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
MD5 | 9a5e0db63c6beb06a1d43e2b2f544a7d
CollabNet Subversion Edge Management Multiple Logins
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management web application does not restrict users to be logged in only once and does not provide a configuration option to configure this feature for admins and/or user accounts. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory, web
MD5 | ffbdfb8c5b73603f5cbf7e21cddc1c3e
CollabNet Subversion Edge Management Brute Forcing
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend does not protect against brute forcing accounts. An attacker has infinite tries to guess a valid user password. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory, cracker
MD5 | 6d046d663fd351c4799bc1ce6833b6d1
CollabNet Subversion Edge Management listViewItem LFI
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "listViewItem" parameter of the "index" action. Fixed in version 5.0. Version 4.0.11 is affected.

tags | exploit, arbitrary, local, file inclusion
MD5 | 7f47e2188d22636149146d1903b8f7d6
CollabNet Subversion Edge Management Show LFI
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the show action. Fixed in version 5.0. Version 4.0.11 is affected.

tags | exploit, arbitrary, local, file inclusion
MD5 | 19904a841b177e1362881c901a406b4b
CollabNet Subversion Edge Management Clickjacking
Posted Jun 30, 2015
Authored by otr

CollabNet Subversion Edge Management Frontend does not implement clickjacking protection. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
MD5 | 5fe4e2ca44b7b6f105f4a8570deae178
CollabNet Subversion Edge Management Weak Password Policy
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management does not implement a strong passwordpolicy. Passwords like "aaaaa" are allowed as the only requirement is that the password is at least 5 characters long. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
MD5 | c06b2e95c34cfb2a3db30a9d9a407d18
CollabNet Subversion Edge Management Autocomplete Enabled
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge management frontend login page password field has autocomplete enabled. This may allow an attacker to retrieve a stored password from the browsers key store. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
MD5 | 0d01d245276d4b4f33ee4051e9fc8c59
CollabNet Subversion Edge Management downloadHook LFI
Posted Jun 29, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the "downloadHook" action. Fixed in version 5.0.

tags | exploit, arbitrary, local, file inclusion
MD5 | d5ce5862a5fb534d071ac3f51a8f83b5
CollabNet Subversion Edge Management Credential Leak
Posted Jun 29, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend leaks the unsalted MD5 hash of password of the currently logged in user via a "POST /csvn/user/index" request. An attacker that exploits an XSS or has gained a valid session via other means is able to retrieve the unsalted MD5 hash of the corresponding user and easily crack the hash in order to know the users password. Fixed in version 5.0.

tags | exploit, info disclosure
MD5 | da6edffc6850b8f6549b321fba26329f
CollabNet Subversion Edge Management Frontend Privilege Escalation
Posted Jun 29, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated administrators to escalate their privileges by creating and executing hook scripts. As a result they are able to execute arbitrary commands as the user the Management Frontend is running under without authenticating with valid credentials. Fixed in version 5.0.

tags | exploit, arbitrary
MD5 | 4eda3184e2653b0f46d537fb0c3ec862
Skype Click To Call 6.2.0.106 Privilege Escalation
Posted Mar 15, 2013
Authored by otr

The default installation of Skype is vulnerable to a local privilege escalation attack that allows an unprivileged attacker to execute arbitrary code with NT AUTHORITY/SYSTEM privileges. Versions 6.2.0.106 and below are affected.

tags | exploit, arbitrary, local
MD5 | 055c60e073d61d0482f6809170314451
Empirum Password Obfuscation
Posted Feb 15, 2013
Authored by otr

Empirum version 14.0 from Matrix42 is prone to a trivial password recovery attack that allows users to obtain passwords encrypted with the EmpCrypt.exe.

tags | advisory
MD5 | 1dfe29bf2fba2af86a6a998faa32efc6
PcwRunAs 0.4 Password Obfuscation Design Flaw
Posted Mar 26, 2012
Authored by otr

The PcwRunAs software available from the PC-Welt website is prone to a trivial password recovery attack that allows local users to obtain passwords encrypted with the pcwRunAsGui.exe. pcwRunAs versions 0.4 and below are affected.

tags | exploit, local
advisories | CVE-2012-1793
MD5 | cccadcae9e833c363605398616a5e1ac
Torrent-Stats Denial Of Service
Posted Feb 3, 2012
Authored by otr

Torrent-Stats suffers from a denial of service vulnerability in httpd.c.

tags | exploit, denial of service
MD5 | 93cb8010ef7a0d4b878fb544b07e1f0f
NX Web Companion Spoofing Arbitrary Code Execution
Posted Jan 25, 2012
Authored by otr

NX Web Companion suffers from a spoofing vulnerability that may allow for arbitrary code execution.

tags | advisory, web, arbitrary, spoof, code execution
MD5 | 217d5cb4dac721dbdb33b56bf020535d
Acpid Privilege Boundary Crossing
Posted Dec 10, 2011
Authored by otr

Local proof of concept exploit that demonstrates a privilege boundary crossing vulnerability in acpid. Written to work on Ubuntu 11.10 and 11.04.

tags | exploit, local, proof of concept
systems | linux, ubuntu
advisories | CVE-2011-2777
MD5 | 205d4ba29c892acdd7cdca5bba40eabe
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close