exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse
Posted Oct 7, 2020
Authored by LiquidWorm | Site zeroscience.mk

A security vulnerability affecting GoAhead versions 2 to 5 has been identified when using Digest authentication over HTTP. The HTTP Digest Authentication in the GoAhead web server does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel. Digest authentication uses a "nonce" value to mitigate replay attacks. GoAhead versions 3 to 5 validated the nonce with a fixed duration of 5 minutes which permitted short-period replays. This duration is too long for most implementations.

tags | exploit, remote, web
advisories | CVE-2020-15688
MD5 | b8446c244573df9229e023dd4a04307d

Related Files

ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password
Posted Aug 27, 2020
Authored by T. Weber | Site sec-consult.com

ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV1.00.01 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver.

tags | exploit, vulnerability
advisories | CVE-2019-3422
MD5 | 5fee15e2fe67f4a312641b206b87d209
GoAhead 2.5.0 Host Header Injection
Posted Sep 30, 2019
Authored by Ramikan

GoAhead version 2.5.0 suffers from a host header injection vulnerability.

tags | exploit
advisories | CVE-2019-16645
MD5 | 4ad1a934021181a8eedfc0445b89e9fc
GoAhead Web Server LD_PRELOAD Arbitrary Module Load
Posted Jan 24, 2018
Authored by H D Moore, h00die, Daniel Hodson | Site metasploit.com

This Metasploit module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled.

tags | exploit, web, arbitrary, cgi
advisories | CVE-2017-17562
MD5 | b52da760a508f605f6ac4e9e7f6f0ffe
GoAhead LD_PRELOAD Remote Code Execution
Posted Dec 18, 2017
Authored by Daniel Hodson | Site github.com

GoAhead http versions 2.5 through 3.6.5 LD_PRELOAD remote code execution exploit.

tags | exploit, remote, web, code execution
advisories | CVE-2017-17562
MD5 | f9e2734b50e21720d76a8c8736df6a20
GoAhead 3.4.1 Heap Overflow / Traversal
Posted Mar 28, 2015
Authored by Matthew Daley

GoAhead web server versions 3.0.0 through 3.4.1 suffers from heap overflow and directory traversal vulnerabilities.

tags | exploit, web, overflow, vulnerability, file inclusion
advisories | CVE-2014-9707
MD5 | 0e112907cdfd966046f30d6d0fea063c
GoAhead Web Server 3.1.x Denial Of Service
Posted Feb 26, 2014
Authored by Alaeddine MESBAHI

GoAhead Web Server versions prior to 3.1.3 suffer from a denial of service vulnerability.

tags | exploit, web, denial of service
MD5 | b391a5e6a8e7c0597697560f475d00c9
Embedthis Goahead 3.1.3-0 Denial Of Service
Posted Feb 22, 2014
Authored by 0in

Embedthis Goahead webserver version 3.1.3-0 suffers from multiple denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
MD5 | a680a6ff2c01083ae263bd2e5c7f6ac1
GoAhead Webserver 2.5 Cross Site Scripting
Posted Dec 2, 2011
Authored by Prabhu S Angadi | Site secpod.com

GoAhead Webserver version 2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4923f3c0b0d95898abb3ce43d962f502
Secunia Security Advisory 46894
Posted Nov 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in GoAhead WebServer, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
MD5 | 0c3d3f656e256cd92d26815cb1737671
Secunia Security Advisory 46896
Posted Nov 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in GoAhead Webserver, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | c542b77539fc3aa69079d9970cac970d
ATutor 2.0.2 Cross Site Scripting / SQL Injection
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor version 2.0.2 suffers from cross site scripting, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | ab2df9c6d8a9277cbfbf7362c5db1e1e
ATutor AChecker 1.2 Cross Site Scripting / Path Disclosure
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor AChecker version 1.2 suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 1dfcb0308b1fc9f621d64e75cb0ec0b3
ATutor AChecker 1.2 SQL Injection
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor AChecker version 1.2 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 475954b621b8571b3fe1b0e3220801dd
ATutor AContent 1.1 Script Insertion
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor AContent version 1.1 suffers from a script insertion vulnerability.

tags | exploit
MD5 | 2478dac5eb13b92fa34347528cf29390
ATutor AContent 1.1 / 1.3 Cross Site Scripting
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor AContent version 1.1 suffers from multiple cross site scripting vulnerabilities. This also affects version 1.3 as of 2014/01/05.

tags | exploit, vulnerability, xss
MD5 | ccfe3c05bd73e4627c487bfb8dfe62ed
ATutor AContent 1.1 SQL Injection
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor AContent version 1.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 3385f97fa7a85cf1d63e00960be6b12e
Digital Scribe 1.5 Cross Site Scripting
Posted Jul 31, 2011
Authored by LiquidWorm | Site zeroscience.mk

Digital Scribe version 1.5 suffers from multiple post cross site scripting vulnerabilities. Input thru the POST parameters 'title', 'last' and 'email' in register.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site.

tags | exploit, php, vulnerability, xss
MD5 | 06f72ee6189d18849ce8c40b4cd30f27
Online Grades Project Team 3.2.5 Cross Site Scripting
Posted Jul 25, 2011
Authored by LiquidWorm | Site zeroscience.mk

Online Grades version 3.2.5 suffers from multiple cross site scripting vulnerabilities. The issue is triggered when input passed via multiple parameters to the 'admin/admin.php' script is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | exploit, arbitrary, php, vulnerability, xss
MD5 | 2be35035441910f1c060359145fe410e
PG eLMS Pro DEC_2007_01 Blind SQL Injection
Posted Jul 14, 2011
Authored by LiquidWorm | Site zeroscience.mk

PG eLMS Pro version DEC_2007_01 suffers from multiple remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 050941cecf133637b2d98098d02706d6
PG eLMS Pro DEC_2007_01 Cross Site Scripting
Posted Jul 14, 2011
Authored by LiquidWorm | Site zeroscience.mk

PG eLMS Pro version DEC_2007_01 suffers from multiple POST cross site scripting vulnerabilities in contact_us.php.

tags | exploit, php, vulnerability, xss
MD5 | cc1aaba2dfcfee9612d61da71cece021
TCExam 11.2.011 SQL Injection
Posted Jul 14, 2011
Authored by LiquidWorm | Site zeroscience.mk

TCExam versions 11.2.011 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 67987221f17763e8d44b39a182099589
TCExam 11.2.011 Cross Site Scripting
Posted Jul 14, 2011
Authored by LiquidWorm | Site zeroscience.mk

TCExam versions 11.2.011 and below suffer from multiple pre and post auth cross site scripting vulnerabilities when parsing user input to multiple parameters via GET and POST method in multiple scripts. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.

tags | exploit, arbitrary, vulnerability, xss
MD5 | 41e45de921c4ec0633dd086e3c4c1612
Tugux CMS 1.2 Remote Arbitrary File Deletion
Posted Jul 11, 2011
Authored by LiquidWorm | Site zeroscience.mk

Tugux CMS version 1.2 remote arbitrary file deletion vulnerability.

tags | exploit, remote, arbitrary
MD5 | 9b1e456792e8405d4f5cba511d4704ed
ESTsoft ALPlayer 2.0 ASX Playlist File Handling Buffer Overflow
Posted Jul 7, 2011
Authored by LiquidWorm | Site zeroscience.mk

ESTsoft ALPlayer version 2.0 suffers from a buffer overflow vulnerability. It is caused due to a boundary error in the processing of a playlist file, which can be exploited to cause a stack-based buffer overflow when a user opens e.g. a specially crafted .asx file. Successful exploitation may allow execution of arbitrary code.

tags | exploit, overflow, arbitrary
systems | linux
MD5 | d4de01988901ed58ed438a72b179821a
Valve Steam Client Application v1559/1559 Local Privilege Escalation
Posted Jun 29, 2011
Authored by LiquidWorm | Site zeroscience.mk

Valve Steam Client Application version 1.0.968.628 is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice.

tags | exploit
MD5 | a520359ea1a44ddeefdb6d50fcde3fdb
Page 1 of 4
Back1234Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close