what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 5 of 5

Files from Andreas Lindh

Apache Jetspeed Arbitrary File Upload

Posted Mar 31, 2016

Authored by wvu, Andreas Lindh | Site metasploit.com

This Metasploit module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, versions 2.3.0 and unknown earlier versions, to upload and execute a shell. Note: this exploit will create, use, and then delete a new admin user. Warning: in testing, exploiting the file upload clobbered the web interface beyond repair. No workaround has been found yet. Use this module at your own risk. No check will be implemented.

tags | exploit, web, shell, file upload

advisories | CVE-2016-0709, CVE-2016-0710

SHA-256 | f98ee50658aec27fea6e1325e83c5d9c0afefcbe8bf5d2b5dab9fa93e03887b6

Download | Favorite | View

Apache OpenMeetings 3.1.0 Path Traversal

Posted Mar 30, 2016

Authored by Andreas Lindh

Apache OpenMeetings versions 1.9.x through 3.1.0 suffer from a path traversal vulnerability.

tags | exploit

advisories | CVE-2016-0784

SHA-256 | 06155ed4077ed8cf25d3a08079ba858161b87ca4e65b378d5564e026638cbca2

Download | Favorite | View

Apache OpenMeetings 3.0.7 Arbitary File Read

Posted Mar 25, 2016

Authored by Andreas Lindh

When attempting to upload a file via the API using the importFileByInternalUserId or importFile methods in the FileService, it is possible to read arbitrary files from the system. This is due to that Java's URL class is used without checking what protocol handler is specified in the API call. Apache OpenMeetings versions 1.9.x through 3.0.7 are affected.

tags | advisory, java, arbitrary, protocol

advisories | CVE-2016-2164

SHA-256 | c8dd487b97e1b03e9a3818c01b947705ae5bdeec150494b208e77bfa5c1dd41f

Download | Favorite | View

Apache OpenMeetings 3.0.7 Cross Site Scripting

Posted Mar 25, 2016

Authored by Andreas Lindh

When creating an event, it is possible to create clickable URL links in the event description. These links will be present inside the event details once a participant enters the room via the event. It is possible to create a link like "javascript:alert('xss')", which will execute once the link is clicked. As the link is placed within an <a> tag, the actual link is not visible to the end user which makes it hard to tell if the link is legit or not. Apache OpenMeetings versions 1.9.x through 3.0.7 are affected.

tags | advisory, javascript

advisories | CVE-2016-2163

SHA-256 | ae142c09b3506f6a2df2eff1b29727a0f7f4ac41ab39eacb5ce1d1505fe8e1a3

Download | Favorite | View

Apache OpenMeetings 3.1.0 MD5 Hashing

Posted Mar 25, 2016

Authored by Andreas Lindh

The hash generated by the external password reset function is generated by concatenating the user name and the current system time, and then hashing it using MD5. This is highly predictable and can be cracked in seconds by an attacker with knowledge of the user name of an OpenMeetings user. Apache OpenMeetings versions 1.9.x through 3.1.0 are affected.

tags | advisory

advisories | CVE-2016-0783

SHA-256 | e8013d35e67485ede2f2a96963a7acebaa5a2d152f1ac777a282f195dd67f09b

Download | Favorite | View