what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files Date: 2019-08-11

osTicket 1.12 Cross Site Scripting
Posted Aug 11, 2019
Authored by Aishwarya Iyer

An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.

tags | exploit, php, xss
advisories | CVE-2019-14750
SHA-256 | dc220c23a64f7b236d2f7baa4ca8dc155587a9cce117ae9421edbe0cba0f0abf
osTicket 1.12 Formula Injection
Posted Aug 11, 2019
Authored by Aishwarya Iyer

An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected.

tags | exploit
advisories | CVE-2019-14749
SHA-256 | f150397a7968594c609552a20ed91f7b52515c65949278adcf1bdbf3c538e6de
osTicket 1.12 File Upload Cross Site Scripting
Posted Aug 11, 2019
Authored by Aishwarya Iyer

An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions.

tags | exploit, xss, file upload
advisories | CVE-2019-14748
SHA-256 | 4aa6bca41dc1a9b95104a9962adaf6cfeb18342762584bfa43d2b396f68308c2
Mitel 6869i Voip Deskphone 4.2.2032 Command Injection
Posted Aug 11, 2019
Authored by Axel Rengstorf

Mitel 6869i Voip Deskphone version 4.2.2032 suffer from an unauthenticated command injection vulnerability.

tags | exploit
SHA-256 | 52545bf31655cd787340bcc9b13324d5285bfb415c7c71ecb1a9beba2445e1aa
Master Data Online 2.0 Cross Site Scripting
Posted Aug 11, 2019
Authored by Prithwish Pal

Master Data Online version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-17790
SHA-256 | 7ceca775281a392d30f77e155910569f1855a10c8fcfbc776f7f833f2a350d17
Nmap Port Scanner 7.80
Posted Aug 11, 2019
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: This is the Defcon release for 2019. Added 11 NSE scripts. Many bug fixes and code improvements.
tags | tool, remote, udp, tcp, protocol, nmap
systems | unix
SHA-256 | 780cbf4a0ddb9e9cd49d8fbdfa5c7f368cc7ae857ddfc39102dd2b83a905d7a7
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close