PyAMF suffers from insufficient AMF input payload sanitization which results in the XML parser not preventing the processing of XML external entities (XXE). A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger denial of service (DoS) conditions or arbitrarily return the contents of files that are accessible with the running application privileges. Versions 0.7.2 and below are affected.
939e9f52f635c72d8bc7877b8213d3c23d28d84296a37c4314ff4368f14040f1IPy suffers from a blacklist bypass vulnerability.
52330e16a8c0db217b73de740ed229579f3d9b070a700c148046face2ef36557The Xalan-Java library is a popular XSLT processor from the Apache Software Foundation. The library implements the Java API for XML Processing (JAXP) which supports a secure processing feature for interpretive and XSLCT processors. The intent of this feature is to limit XSLT/XML processing behaviours to "make the XSLT processor behave in a secure fashion". It has been discovered that the secure processing features suffers from several limitations that undermine its purpose. Versions 2.7.0 and above are affected.
2661a94be4bbc4822c2a0c9ff839ec7aafe7ef60fc89113bfb792b62e32262d9Apache Solr recently patched multiple XXE injection vulnerabilities and a directory traversal vulnerability.
283241697730163df45a2dba0aa6828858f6868f3b33129bdabe8c4bbf74fba4These are the presentation slides given at Hack in Paris 2013 giving tips and tricks for using Burp Suite Pro.
6eb93e4f370bae913fe79dd342c4f800b20b1c02177cbc5a77b10acdf66ce7e3This Metasploit module exploits a vulnerability found in HP's StorageWorks P4000 VSA on versions prior to 9.5. By using a default account credential, it is possible to inject arbitrary commands as part of a ping request via port 13838.
1f354fd80321e3a8c75c32db994ccf7fbd51de54814d94d9641e5bfccae9d6f6This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms.
24c7b9f43ad4bc7ab845971e498435dbb71b35eb0f5542e9973eab4ad82fb513HP VSA remote command execution exploit.
e2634c82bf61b7660279ef87efb9959dc4f17ce4f09dbbb9b22dc962a374b58eSome SVG specifications, like SVG 1.1 and SVG tiny 1.2, allow Java code execution when the file is opened. Proof of concept code included.
d11b15fccafdf18190f23d0b7a7f20f25dfc6fada15ef8cba05227b1c2721da0This Metasploit module exploits a vulnerability in the XSL parser of the XSL Content Portlet. When Tomcat is present, arbitrary code can be executed via java calls in the data fed to the Xalan XSLT processor. If XSLPAGE is defined, the user must have rights to change the content of that page (to add a new XSL portlet), otherwise it can be left blank and a new one will be created. The second method however, requires administrative privileges.
7495092f0f3708dd15dbc023f72927b1df95d3321e5d2ee8abfac8bf7f05f086This is a python script that uses the Max-Forwards header in HTTP and SIP to perform a traceroute-like scanning functionality.
5e42c04c9cc710f988a0f3080b9bf3da5742497a0cc702712f9040b3b4444404This Metasploit module exploits a file creation vulnerability in the Webkit rendering engine. It is possible to redirect the output of a XSLT transformation to an arbitrary file. The content of the created file must be ASCII or UTF-8. The destination path can be relative or absolute. This Metasploit module has been tested on Safari and Maxthon. Code execution can be achieved by first uploading the payload to the remote machine in VBS format, and then upload a MOF file, which enables Windows Management Instrumentation service to execute the VBS.
c3cc069840b33d66dc0f5eb936fd86d7c0e81a9ca3077cb540669d0523d716ebSharePoint 2007 / 2010 and DotNetNuke versions prior to 6 suffer from a file disclosure vulnerability.
8374996d630a396dfa8c66032e2d7425570f3f5bcac4ab501cc5cc12f9a4a0fdSLP (Service Location Protocol) remote denial of service proof of concept exploit that can trigger the condition via unicast, broadcast, or multicast.
c9ad95fc494bae9d2eb2c0be708f1ac0e9a1c10697cc75ee4e041e68f87945b2SBLIM SFCB versions up to 1.3.7 suffer from pre-auth remote integer and heap overflow vulnerabilities.
42a0184386c97d12e4c2ad22e97d99cd9c594992d99abe06d01433004567fb5fThis Metasploit module exploits an arbitrary command execution vulnerability in the Barracuda Spam Firewall appliance. Versions prior to 3.1.18 are vulnerable.
98f68f02962b87f0c2a1221f7accf276203796571faa6c22c97dc9329849ad36phpMyAdmin versions prior to 2.6.1-rc1 suffer from command execution and file disclosure vulnerabilities.
8c02984588af24414345fa396fdc8e625f4669598c3f3c57ac6388d30d94e921Exaprobe Security Advisory - The w3who.dll in Windows 2000 is susceptible to multiple cross site scripting attacks and a buffer overflow.
8ece849689003d2f57457e84d45b0e4e644b9bb92da86652b968cbe2ed278a03
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed