Showing 1 - 6 of 6

Files Date: 2015-10-08 to 2015-10-09

PayPal Beacon Insecure Transport / Information Disclosure: Posted Oct 8, 2015; Authored by Shaftek Security Research; PayPal Beacon firmware fails to check signatures, has a static root password, and uses insecure transport over HTTP.; tags | advisory, web, root; SHA-256 | 74769ae9b794d352a824424018db32f720241a068c8be6481346846e1022a73c; Download | Favorite | View

Drupal 8.0.0 Beta 14 Cross Site Scripting: Posted Oct 8, 2015; Authored by Sandeep Kamble; Drupal version 8.0.0 Beta 14 suffers from a cross site scripting vulnerability. Drupal's sad fix was to simply throw an .htaccess file in place to block access to the file.; tags | exploit, xss; SHA-256 | 5bd347c6e00b7474b1898520fa6e4c484efeb9fdb98a576944cad1bd5ccda41a; Download | Favorite | View

Watermark Master Buffer Overflow (SEH): Posted Oct 8, 2015; Authored by metacom, Andrew Smith aka jakx | Site metasploit.com; This Metasploit module exploits a stack based buffer overflow in Watermark Master 2.2.23 when processing a specially crafted .WCF file. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing a user of Watermark Master to open a malicious .WCF file.; tags | exploit, remote, overflow, arbitrary; advisories | CVE-2013-6935, OSVDB-99226; SHA-256 | 2851660cb4d62d8f9a40addd3ae13ca6e19d4f8f869bc1c54774ff4435357d12; Download | Favorite | View

ManageEngine ServiceDesk Plus Arbitrary File Upload: Posted Oct 8, 2015; Authored by Pedro Ribeiro | Site metasploit.com; This Metasploit module exploits a file upload vulnerability in ManageEngine ServiceDesk Plus. The vulnerability exists in the FileUploader servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on versions v9 b9000 - b9102 in Windows and Linux. The MSP versions do not expose the vulnerable servlet.; tags | exploit, file upload; systems | linux, windows; SHA-256 | 420d521b451538bcdb3d95efb3417571e395f8709b295655dad279c97881d455; Download | Favorite | View

Kallithea 0.2.9 HTTP Response Splitting: Posted Oct 8, 2015; Authored by LiquidWorm | Site zeroscience.mk; Kallithea suffers from a HTTP header injection (response splitting) vulnerability because it fails to properly sanitize user input before using it as an HTTP header value via the GET 'came_from' parameter in the login instance. This type of attack not only allows a malicious user to control the remaining headers and body of the response the application intends to send, but also allow them to create additional responses entirely under their control. Versions 0.2.9 and 0.2.2 are affected.; tags | exploit, web; advisories | CVE-2015-5285; SHA-256 | fe1b22a96957eec7a6d95ffebbcddb6a074d5a63287534cf402102b1561b064a; Download | Favorite | View

Microsoft Office 2007 And 2010 RTF Frmtxtbrl EIP Corruption: Posted Oct 8, 2015; Authored by Google Security Research, scvitti; This proof of concept shows a crash that was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified was enabled for testing and reproduction. This sample also reproduced in Office 2010 running on Windows 7 x86. It did not reproduce in Microsoft Office 2013 running under Windows 8.1 x86.; tags | exploit, x86, proof of concept; systems | linux, windows; SHA-256 | e861290e0691798f889619d754216a214754a16bdf818fc088da1d1365039880; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days