| Real Name | Roberto Suggi Liverani |
|---|---|
| Email address | private |
| Website | blog.malerisch.net |
| First Active | 2008-04-29 |
| Last Active | 2017-04-20 |
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a session generation authentication bypass vulnerability.
f3d0c6f0cf0554ddc299fbc8d195e141b856a55387d41d3608fe3e2b833dc7a6Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi information disclosure vulnerability.
2b95ab05b45548336e8b0ff756872ed3b5e7c96533959277415f4b7a3ac66de3Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logoff.cgi directory traversal authentication bypass vulnerability.
2d89facad03b2aadfc7a64dbc4b3ae3e700fb5257315bc07a0d5dac0b54f2211Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an admin_sys_time.cgi remote code execution vulnerability.
831459424e49dfb11a51e3fc6d29ef5bb3f90982635cee4c7c276df9a15321c3Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a admin_sys_time.cgi remote code execution vulnerability.
02dd6778183ba369304416f10ca5430a4f57946435559276f6499b1f6ba9bc19Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a detected_potential_files.cgi remote code execution vulnerability.
af18e899701b6b216c1194a67c18ea309e695c0a68e877ab7bcce01d4ace48beTrend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.
31f371707b0de38f8698c711e7a95e5c8a9212e4a92c83d9717a9243315dde36Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a hotfix_upload.cgi remote code execution vulnerability.
edee6760c7f2c9ebf89f541fa00a52bf885df3f8a7630f79abf5b032785960a4Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dae.cgi remote code execution vulnerability.
a9196290400935ef3b6319c48e7689aa9a949b9efd2be8e9d8861ef419b6e001Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dlp.cgi remote code execution vulnerability.
bbbed1b3bf17f683837d3fecae8f6085dee8a26a7ae1148d404cc746cff6632bTrend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query.cgi remote code execution vulnerability.
5cb3107445be9dd17d7844b1475bdac38b6b7f828e25697fa092549f47228aa5Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_system.cgi remote code execution vulnerability.
e465300a0c016f04a03e4baea8fb3f12dea6565a5f3c380f365cb72843951a4eTrend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an upload.cgi remote code execution vulnerability.
ad7e67926b83c12120e3c277cb7491ca34beb0d29e83be6e3165d8265314ea5bThis Metasploit module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). The second is a cmd injection flaw using the timezone parameter in the admin_sys_time.cgi interface (CVE-2016-7547).
035399021ac947492b961a04ac25a5a12f67bebc47e9858ba91b9e72dfccdc17HP Thin Pro OS suffers from a local privilege escalation vulnerability.
0ee10977a6f7daadc40f2e6b00a75969714bf8ae7c6cb97b6a1034e28806b3dcMicrosoft released a security bulletin (MS15-101) describing a .NET MVC denial of service vulnerability. This post analyzes the vulnerability in detail, starting from the theory and then providing a PoC exploit against a MVC web application developed with Visual Studio 2013.
55d8209e7983e84bd1e4c26a7391e903dbc491657d32f7b08b0c81b8bfb845bdKemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities.
81a001a8c6f48e1e8af8a8319afbad8ca0dcf82113d9d1a5f0b09a6d0b520ed7Cross Context Scripting (XCS) is possible in the Maxthon about:history page. Injection in such privileged/trusted browser zone can be used to modify configuration settings and execute arbitrary commands. Please note this module only works against specific versions of XCS. Currently, we've only successfully tested on Maxthon 3.1.7 build 600 up to 3.2.2 build 1000.
edfb695d586066cbef9515fde0393bb119c669cea54c3475dc93bb3dcdbc8c10Maxthon and Avant browsers suffer from various flaws such as same origin policy bypass, cross context scripting, and various other vulnerabilities.
87028c638482f39ab332b895dec18a8784addddc5267fa402799450cab84cc65Security-Assessment.com has discovered that components of the Oracle GlassFish Server administrative web interface are vulnerable to both reflected and stored cross site scripting attacks. All pages where cross site scripting vulnerabilities were discovered require authentication. Oracle GlassFish Server version 3.1.1 build 12 is affected.
483308f8a564fa501d764b451f997bd57808a2fe9a67f2ce80beea114ee97f8cOracle GlassFish Server version 3.1.1 build 12 suffers from a cross site request forgery vulnerability.
1ab958cd22e7204426b09ede8bb2230718a9c906cf7ed05673dd8784c94bdb4aOpera use-after-free proof of concept denial of service exploit. A full analysis is provided as well.
8419c6bd6968801cd9b15a92576ef242081b83329fd21b4ab556bdc4d0c512c6Adobe RoboHelp version 9.0 suffers from a cross site scripting vulnerability. Versions 9.0.1.232 and below are affected.
030bd02ed87fa9db347042add775e5c107f9d301129ca2e5d309b31c2f06d4aaOracle WebLogic server versions 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 suffers from a session fixation vulnerability.
326aa57bf65123e286554a7d1b6fea93e196390c46e10fb0b13ffcb6e4a7a1efWhitepaper called Leveraging XSRF with Apache Web Server "Compatibility with older browser" feature and Java Applet.
6541c1bf7d0873dfe88bb40e9d6326ebbe5842f6cded8e94a2222c6165df8dc0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed