This archive details security vulnerabilities discovered as a result of Security Explorations digital satellite TV research project. Included are two talks given at Hack In The Box on May 24, 2012 and three cumulative vulnerability reports.
1fd3ff584b7823f4460f137f56dc5958c34980e524ddf116c7852e7a9bc279c6
sshscan is a horizontal SSH scanner that scans large swaths of IPv4 space for a single SSH user and pass. It uses iplist.txt as the input of IP addresses in the form of X.X.X.X, X.X.X.X/XX, X.X.X.X-X.X.X.X, or X.X.X.X-X with X-X in any octet.
a4091d1867acb30417cfb6d1f117763ad5ee9ac54bf8dec47433e19b57fc8de8
Spiga is a configurable web resource scanner. spiga.conf provides the functions, actions, and resources for spiga.py.
d9ff5592ebdf970884de4bb8d74471d5d09b3d7b310612794b04c551c3091ebf
Gleamtech FileVista / FileUltimate version 4.6 suffers from a directory traversal vulnerability.
109f5ca5f5be84fd82191d8a0fbff91cbb160e954b6e4083b398af37397fc8ba
FCKEditor version 2.6.8 ASP version suffers from a file upload protection bypass.
139ccad597b02f049b3b2b0129bd2dd23c86df34ebff98c04ada72b76409a1d8
Samsung Printer firmware contains a backdoor administrator account.
f7f2d59ca4943906df08dd5487c459a0d4ead1d125ddcbe33a995bada9d9accb
The PayPal Reports (Berichte) export module suffers from an open redirection vulnerability.
1e0589ba363292861a8ae341f3eba3df5f0b916505178bc7016353a2df8c5a77
It was discovered that Piwik version 1.9.2 has a backdoor embedded inside of it.
8a2ec60b46186d11c72baf6ef646f7c1928fbad34b08022d4182a6653660cbba
Whitepaper called Penetration Testing: Analisis Web - Evaluacion de Vulnerabilidades - Explotacion. Written in Spanish.
0c983e667bad54fcb8aae4646fb64ce025be715423e2eb9a83b06dfa8e1fdf4e
Apple WGT Dictionnaire version 1.3 suffers from a script code injection vulnerability.
14f69e37dbf1a5053dc0a2a1784b6ba05faf09fe11232fd01808e0a8247de914
WordPress Myflash third party plugin suffers from a local file inclusion vulnerability. Note that this finding houses site-specific data.
ab16c3fa650c2cf470a470a4b075adc1495a27dfd78384bbc2a311a8a164a3f3
Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system.
290a43d6c1a6c6b419697175de4aa7a6f5df8280f471bc8a67da7e70d6a9981f
Secunia Security Advisory - SUSE has issued an update for xen. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and gain escalated privileges and by malicious users to disclose sensitive information.
8d5c82b2135b8fee3bc6c539e56c239f2e99876f5b131a7eea9204d56397626c
Secunia Security Advisory - A vulnerability with an unknown impact has been reported in the sh404SEF component for Joomla!.
efaaee26dcc2f4e6db7f1c289a609dbc2f5d02e3fdca69f8d33055f9b31c53fe
Secunia Security Advisory - A vulnerability has been reported in Symfony, which can be exploited by malicious people to disclose certain sensitive information.
dbf551ac5317040f86908332989c6210c6a2d8517338e2fd3e55e8d9a4f6a74d
Secunia Security Advisory - A vulnerability has been reported in EMC Smarts Network Configuration Manager, which can be exploited by malicious people to bypass certain security restrictions.
8a856554ff219076a9c45ac3cd90e64369483dc4e212fa59d94eadcae656c2fd
Secunia Security Advisory - High-Tech Bridge has discovered some vulnerabilities in Smartphone Pentest Framework, which can be exploited by malicious people to conduct cross-site request forgery attacks and compromise a vulnerable system.
0723934d07f4adbc2afeef00c8e8f8dbde56c4ad7f4f6a3167269c254333a952
Secunia Security Advisory - A vulnerability has been discovered in the WooCommerce Predictive Search plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
fa19214f530dcf844be4116a8517ea81747c3d800bfad9c41d267f0a58b997d2
Secunia Security Advisory - A vulnerability has been reported in RSA Adaptive Authentication, which can be exploited by malicious people to conduct cross-site scripting attacks.
2dc199560db0124428b0dc38c10e64765b10ec394d6e4d05e4e8d027d45f9ac2
Secunia Security Advisory - Some vulnerabilities have been discovered in Smartphone Pentest Framework, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
bb6e261b7edb002da1fae0a45d795144d170044f3c548e0594685bd884397941
Secunia Security Advisory - Ubuntu has issued an update for libssh. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library.
b59c6ac49c3e5060eb26707d25398330808fa7262a4252a81ff263de92b73d03
Secunia Security Advisory - A vulnerability has been discovered in the WP e-Commerce Predicitive Search plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
f7a702b355e6f0387f328602d8e1e163b0a9b80eea6cf33dad4246248d81f266
Secunia Security Advisory - A vulnerability has been reported in ClassifiedScript, which can be exploited by malicious people to compromise a vulnerable system.
a98686e063b7e05c60996a187c2918877a899b79d2a07ae1672fa699a9973fda
Secunia Security Advisory - Metropolis has reported a vulnerability in Beat Websites, which can be exploited by malicious people to conduct SQL injection attacks.
02fa5cec62cd0eb13439a5a1b57da1006c2c0189c374279721ea96a5598ab869
Secunia Security Advisory - A security issue has been reported in Piwik, which can be exploited by malicious people to compromise a vulnerable system.
71ac4f9f36ca79b38dd76b746e235c8c77f97348fe95bcc2cc3a5b1d042132e7