exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 4 of 4

Files from sxkeebler

HP JetDirect Device Page Directory Traversal

Posted Jan 9, 2012

Authored by Digital Defense, r@b13$, sxkeebler | Site digitaldefense.net

The HP-ChaiSOE/1.0 embedded web server on certain HP JetDirect printers allows a potential attacker to gain read only access to directories and files outside of the web root, different from CVE-2008-4419. An attacker can leverage this flaw to read arbitrary system configuration files, cached documents, etc. Information obtained from an affected host may facilitate further attacks against the host. Exploitation of this flaw is trivial using common web server directory traversal techniques.

tags | advisory, web, arbitrary, root

advisories | CVE-2011-4785

SHA-256 | bbf0ce50d3dd4baeccc1f6cadb25ebbc0f6568943c21f1edc2430eb89eeed216

Download | Favorite | View

KnowledgeTree login.php Blind SQL Injection

Posted Dec 8, 2011

Authored by Digital Defense, r@b13$, sxkeebler | Site digitaldefense.net

The KnowledgeTree login.php login page is vulnerable to a blind SQL injection vulnerability within the username field. An attacker can leverage this flaw to execute arbitrary SQL commands and extract sensitive information from the backend database using standard blind SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host OS.

tags | advisory, arbitrary, php, sql injection

SHA-256 | d3f77e8bceace3fc7ce207fa65ce9c2f16782589248552275d3f46df8cd67399

Download | Favorite | View

IBM WebSphere Directory Traversal

Posted Nov 1, 2011

Authored by Digital Defense, r@b13$, sxkeebler, Javier Castro | Site digitaldefense.net

The default installation of the IBM WebSphere Application Server is deployed with a 'help' servlet which is designed to serve supporting documentation for the WebSphere system. When the 'help' servlet processes a URL that contains a reference to a Java plug-in Bundle that is registered with the Eclipse Platform Runtime Environment of the WebSphere Application Server, the 'help' servlet fails to ensure that the submitted URL refers to a file that is both located within the web root of the servlet and is of a type that is allowed to be served. An unauthenticated remote attacker can use this weakness in the 'help' servlet to retrieve arbitrary system files from the host that is running the 'help' servlet. This can be accomplished by submitting a URL which refers to a registered Java plug-in Bundle followed by a relative path to the desired file.

tags | advisory, java, remote, web, arbitrary, root

advisories | CVE-2011-1359

SHA-256 | 4adf33603b356ff3b73d86dd885c7fef8b16304d70e5775f89788b5d0609f5d3

Download | Favorite | View

Axway SecureTransport /icons/ Directory Traversal

Posted Aug 29, 2011

Authored by Digital Defense, r@b13$, sxkeebler | Site digitaldefense.net

The Axway SecureTransport device contains a directory traversal in the '/icons/' directory. An unauthenticated remote attacker can use this vulnerability to obtain arbitrary files from the root file system of the vulnerable host.

tags | advisory, remote, arbitrary, root

SHA-256 | 1b3c5c1df5ff2ebfb4d989500a0c88455f9836ec0f3075c8f7d42816d3df5526

Download | Favorite | View