exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

Apache mod_session_crypt 2.5 Padding Oracle
Posted Dec 23, 2016
Site redteam-pentesting.de

Apache mod_session_crypto versions 2.3 through 2.5 suffer form a padding oracle vulnerability.

tags | exploit
advisories | CVE-2016-0736
MD5 | 0498842b115e690715efc7725c240fdb

Related Files

Ubuntu Security Notice USN-3279-1
Posted May 9, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3279-1 - It was discovered that the Apache mod_session_crypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker could possibly use this issue to perform padding oracle attacks. Maksim Malyutin discovered that the Apache mod_auth_digest module incorrectly handled malicious input. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-0736, CVE-2016-2161, CVE-2016-8743
MD5 | 0854571fde9b3fc09cdc549af7948e09
Red Hat Security Advisory 2017-0906-01
Posted Apr 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0906-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2016-0736, CVE-2016-2161, CVE-2016-8743
MD5 | 19f2323bc490094709c0b0dabaf46908
HPE Security Bulletin HPESBUX03725 1
Posted Mar 30, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBUX03725 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), Unauthorized Read Access to Data and other impacts including: * Padding Oracle attack in Apache mod_session_crypto * Apache HTTP Request Parsing Whitespace Defects. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2016-0736, CVE-2016-2161, CVE-2016-2183, CVE-2016-8740, CVE-2016-8743
MD5 | 62093eab7a4c2c4b060ec05c72eca532
Less.js Untrusted File Compilation / Code Execution
Posted Nov 25, 2016
Site redteam-pentesting.de

RedTeam Pentesting discovered behavior in the Less.js compiler, which allows execution of arbitrary code if an untrusted LESS file is compiled.

tags | exploit, arbitrary
MD5 | 762aeabd4912f808d5cff9bea542904c
Relay Ajax Directory Manager 1.5.3 File Upload / Command Execution
Posted May 31, 2016
Site redteam-pentesting.de

Relay Ajax Directory Manager versions relayb01-071706, 1.5.1, and 1.5.3 suffer from an unauthenticated file upload vulnerability that can result in a shell upload.

tags | exploit, shell, file upload
MD5 | 70c083691ddb4ee8164629e359687241
Websockify 0.8.0 Buffer Overflow / Remote Code Execution
Posted May 31, 2016
Site redteam-pentesting.de

Websockify versions 0.8.0 and below suffer a buffer overflow vulnerability that allows for remote code execution.

tags | exploit, remote, overflow, code execution
MD5 | e4766a4ef58a2fb66e4cd0abcdef749d
Paessler PRTG Network Monitor 14.4.12.3282 XXE Injection
Posted May 31, 2016
Site redteam-pentesting.de

PRTG Network Monitor version 14.4.12.3282 suffers from an XML eXternal Entity expansion vulnerability.

tags | exploit, xxe
advisories | CVE-2015-7743
MD5 | e5f6ec186a8de5447c115e78b64400c0
Securimage 3.6.2 Cross Site Scripting
Posted Mar 22, 2016
Site redteam-pentesting.de

Securimage version 3.6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a9cf246229fe151d0f8ed4ea27ee77cb
o2 DSL Auto Configuration Server Credential Disclosure
Posted Jan 8, 2016
Site redteam-pentesting.de

The o2 Auto Configuration Server (ACS) discloses VoIP/SIP credentials of arbitrary customers when receiving manipulated CWMP packets. These credentials can then be used by an attacker to register any VoIP number of the victim. This enables the attacker to place and receive calls on behalf of the attacked user.

tags | exploit, arbitrary
MD5 | ebefdb8d717aa3162020f5a905833e4c
AVM FRITZ!Box: Buffer Overflow
Posted Jan 7, 2016
Site redteam-pentesting.de

RedTeam Pentesting discovered that several models of the AVM FRITZ!Box are vulnerable to a stack-based buffer overflow, which allows attackers to execute arbitrary code on the device. Versions prior to 6.30 are affected.

tags | exploit, overflow, arbitrary
MD5 | 353488ab88471c7cf1348d2626a23a19
AVM FRITZ!Box: Arbitrary Code Execution Via Firmware Images
Posted Jan 7, 2016
Site redteam-pentesting.de

The firmware upgrade process of the FRITZ!Box 7490 is flawed. Specially crafted firmware images can overwrite critical files. Arbitrary code can get executed if an attempt is made to install such a manipulated firmware. Versions prior to 6.30 are affected.

tags | exploit, arbitrary
advisories | CVE-2014-8886
MD5 | 1a19bf8fd3ad744f6f2090372f002c3c
Symfony PHP Framework Session Fixation
Posted Dec 22, 2015
Site redteam-pentesting.de

Symfony PHP Framework versions 2.3.0 to 2.3.34, 2.6.0 to 2.6.11, and 2.7.0 to 2.7.6 suffers from a session fixation vulnerability.

tags | exploit, php
MD5 | 138f42db20a47c0774b33edb77b6c610
Buffalo LinkStation 1.34 / 1.69 / 1.70 Authentication Bypass
Posted Oct 9, 2015
Site redteam-pentesting.de

An authentication bypass vulnerability in the web interface of a Buffalo LinkStation Duo Network Attached Storage (NAS) device allows unauthenticated attackers to gain administrative privileges. This puts the confidentiality and integrity of the stored data as well as the integrity of the device configuration at high risk.

tags | exploit, web, bypass
MD5 | 46a00a823c1b663b73de732875a392ed
TYPO3 Extension Akronymmanager 0.5.0 SQL Injection
Posted Jun 15, 2015
Site redteam-pentesting.de

TYPO3 Extension Akronymmanager versions 0.5.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-2803
MD5 | 4fea753a528804f969dafa9578a60531
Alcatel-Lucent OmniSwitch Web Interface Cross Site Request Forgery
Posted Jun 10, 2015
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request forgery attacks. This allows specially crafted web pages to change the switch configuration and create users, if an administrator accesses the website while being authenticated in the management web interface.

tags | exploit, web, csrf
advisories | CVE-2015-2805
MD5 | 9cd7f306e313c76510fa3f709212510d
Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
Posted Jun 10, 2015
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate as a currently logged-in user and perform administrative tasks.

tags | exploit, web
advisories | CVE-2015-2804
MD5 | 68ca60148b0f9b65f29ff9107c2d34cd
Hybris Commerce Software Suite 5.x File Disclosure / Traversal
Posted Feb 18, 2015
Site redteam-pentesting.de

Various Hybris Commerce Software Suite 5.x releases suffer from a directory traversal vulnerability that allows for arbitrary file disclosure.

tags | exploit, arbitrary
advisories | CVE-2014-8871
MD5 | f3f0f1d5b0839f2d06e5452a0d4799bb
IBM Endpoint Manager 9.1.x / 9.2.x Cross Site Scripting
Posted Feb 10, 2015
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered that the IBM Endpoint Manager Relay Diagnostics page allows anybody to persistently store HTML and JavaScript code that is executed when the page is opened in a browser. Affected versions include 9.1.x versions earlier than 9.1.1229 and 9.2.x versions earlier than 9.2.1.48.

tags | exploit, javascript
advisories | CVE-2014-6137
MD5 | 49ef28f0c7683e14b4ba00871d87d4e5
AVM FRITZ!Box Firmware Signature Bypass
Posted Jan 21, 2015
Site redteam-pentesting.de

The signature check of FRITZ!Box firmware images is flawed. Malicious code can be injected into firmware images without breaking the RSA signature. The code will be executed either if a manipulated firmware image is uploaded by the victim or if the victim confirms an update on the webinterface during a MITM attack.

tags | exploit
advisories | CVE-2014-8872
MD5 | 9c78c8aae68fb41e3f584edb820c5a30
WoltLab Burning Board 4.0 Tapatalk Cross Site Scripting
Posted Jan 13, 2015
Site redteam-pentesting.de

WoltLab Burning Board version 4.0 Tapatalk plugin suffers from a cross site scripting vulnerability. Versions 1.0.0 and above but below 1.1.2 are affected.

tags | exploit, xss
advisories | CVE-2014-8869
MD5 | 628e33e11927337a1044c4a429bd6f68
IBM Endpoint Manager For Mobile Devices Code Execution
Posted Dec 2, 2014
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered that several IBM Endpoint Manager Components are based on Ruby on Rails and use static secret_token values. With these values, attackers can create valid session cookies containing marshalled objects of their choosing. This can be leveraged to execute arbitrary code when the Ruby on Rails application unmarshals the cookie. Versions prior to 9.0.60100 are affected.

tags | exploit, arbitrary, ruby
advisories | CVE-2014-6140
MD5 | d48ec913477bf214f8cb05c76624104c
EntryPass N5200 Credential Disclosure
Posted Dec 1, 2014
Site redteam-pentesting.de

EntryPass N5200 Active Network Control Panels allow the unauthenticated downloading of information that includes the current administrative username and password.

tags | exploit
advisories | CVE-2014-8868
MD5 | f0b45998078ed24b11d844ee15822d30
TYPO3 Extension ke_dompdf 0.0.3 Remote Code Execution
Posted Dec 1, 2014
Site redteam-pentesting.de

The TYPO3 extension ke_dompdf contains a version of the dompdf library including all files originally supplied with it. This includes an examples page, which contains different examples for HTML-entities rendered as a PDF. This page also allows users to enter their own HTML code into a text box to be rendered by the webserver using dompdf. dompdf also supports rendering of PHP files and the examples page also accepts PHP code tags, which are then executed and rendered into a PDF on the server. Since those files are not protected in the TYPO3 extension directory, anyone can access this URL and execute arbitrary PHP code on the system. This behavior was already fixed in the dompdf library, but the typo3 extension ke_dompdf supplies an old version of the library that still allows the execution of arbitrary PHP code. Versions 0.0.3 and below are affected.

tags | exploit, arbitrary, php
advisories | CVE-2014-6235
MD5 | 92fa8ac9a104d07d9dd68d6295bd5fff
TYPO3 Extension ke_questionnaire 2.5.2 Information Disclosure
Posted Dec 1, 2014
Site redteam-pentesting.de

The TYPO3 extension ke_questionnaire stores answered questionnaires in a publicly reachable directory on the webserver with filenames that are easily guessable. Version 2.5.2 is affected.

tags | exploit
advisories | CVE-2014-8874
MD5 | b9c81ac6ac5955639bca35ab43fcefa6
Python CGIHTTPServer File Disclosure / Code Execution
Posted Jun 27, 2014
Site redteam-pentesting.de

The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root.

tags | exploit, arbitrary, cgi, root, python
advisories | CVE-2014-4650
MD5 | 366ebd78e93b049c2077b7f457cd3446
Page 1 of 4
Back1234Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    11 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    17 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close