exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Okta Access Gateway 2020.5.5 Authenticated Remote Root
Posted Jul 7, 2021
Authored by Jeremy Brown

Okta Access Gateway version 2020.5.5 suffers from multiple authenticated remote root command injection vulnerabilities.

tags | exploit, remote, root, vulnerability
advisories | CVE-2021-28113
SHA-256 | fde1ff592fc34fc94cc529909b2816a1c21c20b0fb847dc8e826cd07707aeffa

Related Files

IBM WebSphere MQ File Transfer Edition Web Gateway CSRF
Posted Aug 13, 2012
Authored by Nir Valtman

IBM WebSphere MQ File Transfer Edition Web Gateway suffers from a cross site request forgery vulnerability.

tags | exploit, web, csrf
advisories | CVE-2012-3294
SHA-256 | 06b2bda21b62241e495908f7f89cca912345a066fc02b98fb7be62e23b3b7da5
Secunia Security Advisory 50140
Posted Aug 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Citrix Access Gateway, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and conduct spoofing attacks.

tags | advisory, spoof, vulnerability
SHA-256 | 518fd01196641e9b64d8d87ee29b8736e5906153637e24b20906dadba00b056b
Citrix Access Gateway Plug-in For Windows nsepacom Buffer Overflow
Posted Aug 1, 2012
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method. This can be exploited to cause a heap-based buffer overflow via an overly long "CSEC" HTTP response header. Successful exploitation allows execution of arbitrary code. Citrix Access Gateway Plug-in for Windows version 9.3.49.5 is affected.

tags | advisory, web, overflow, arbitrary, activex
systems | windows
advisories | CVE-2011-2592
SHA-256 | 88190841a21f5703514230e00d059f52693aa6867752ab05cf5658926bb7ec55
Citrix Access Gateway Plug-in For Windows nsepacom Integer Overflow
Posted Aug 1, 2012
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Content-Length" HTTP response header. Successful exploitation may allow execution of arbitrary code. Citrix Access Gateway Plug-in for Windows version 9.3.49.5 is affected.

tags | advisory, web, overflow, arbitrary, activex
systems | windows
advisories | CVE-2011-2593
SHA-256 | e3fca65bdb01a3b7b24ef54cae23d5e08cd0034667d410d5364cab845d4fe8a7
Secunia Security Advisory 45299
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | windows
SHA-256 | 07d58c8854e7f3255cc40544ea9e0bbfc67f592ba11f516d1ed5f2d4697aa452
Symantec Web Gateway 5.0.3.18 Blind SQL Injection
Posted Jul 31, 2012
Authored by @_Kc57

Symantec Web Gateway version 5.0.3.18 suffers from a remote blind SQL injection vulnerability in deptUploads_data.php.

tags | exploit, remote, web, php, sql injection
SHA-256 | 3979d02fd58b3d8d425160bc812c8985dd4e717d3e8b65cbe4b4ce9d8c41fd1b
Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection
Posted Jul 27, 2012
Authored by muts, sinn3r | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service. While handling the filename parameter, the Spywall API does not do any filtering before passing it to an exec() call in proxy_file(), thus results in remote code execution under the context of the web server. Please note authentication is NOT needed to gain access.

tags | exploit, remote, web, code execution
advisories | CVE-2012-2953
SHA-256 | 0cd8a8da3d231693715d4e8b287a75415523666ac53647e469041b791662ac0b
Symantec Web Gateway 5.0.3.18 LFI / Command Execution
Posted Jul 24, 2012
Authored by muts

Symantec Web Gateway version 5.0.3.18 local file inclusion remote root command execution exploit.

tags | exploit, remote, web, local, root, file inclusion
advisories | CVE-2012-2957
SHA-256 | 88327d0f7cbaac39c6aad31a8ef7f4b43b8d525c4c4b964adfb91854c7a37766
Symantec Web Gateway 5.0.2 Blind SQL Injection
Posted Jul 23, 2012
Authored by muts

Symantec Web Gateway version 5.0.2 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, web, sql injection
advisories | CVE-2012-2574
SHA-256 | 6aec98e00f8daa7f3e784b9b085136fd783f41fed252a1521762a3217af9e407
Symantec Web Gateway 5.0.3.18 Blind SQL Injection
Posted Jul 23, 2012
Authored by muts

Symantec Web Gateway version 5.0.3.18 suffers from a remote blind SQL injection backdoor via MySQL triggers.

tags | exploit, remote, web, sql injection
advisories | CVE-2012-2961
SHA-256 | 33d2c7451eea8c45146663fa6330e2747966d6816d1ce83431c543d2238e56fd
Secunia Security Advisory 50031
Posted Jul 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Symantec Web Gateway, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions, conduct SQL injection attacks, and compromise a vulnerable system.

tags | advisory, web, local, vulnerability, sql injection
SHA-256 | ad4b2b38a203476edf447fb598dcc1d49742f68cb3cf9b9e7545b8b10b779d76
TP Link Gateway 3.12.4 Cross Site Scripting
Posted Jul 12, 2012
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

TP Link Gateway version 3.12.4 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 8d010600a209f81ff165a65eb5eab362645aef8c6dee7839866b6c791ee2109e
Symantec Web Gateway 5.0.28 LFI / Code Execution
Posted Jun 27, 2012
Authored by S2 Crew

Symantec Web Gateway version 5.0.2.8 suffers from local file inclusion, remote command execution, and arbitrary file deletion vulnerabilities.

tags | exploit, remote, web, arbitrary, local, vulnerability, file inclusion
advisories | CVE-2012-0297, CVE-2012-0298
SHA-256 | a0fccf32d3c50c44bbaec6e8b29d6a94e5b750a7a3630cb98f887b64cf02a1a9
Astaro Security Gateway Cross Site Scripting
Posted Jun 12, 2012
Authored by Julien Ahrens

Astaro Security Gateway suffers from a backup related cross site scripting vulnerability. Version 8.304 is affected.

tags | advisory, xss
advisories | CVE-2012-3238
SHA-256 | 30eadf9f0efee1d3942c913ec214043f8d8064e76bff3708ef9b6013b88ed5e6
Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload Vulnerability
Posted Jun 11, 2012
Authored by Tenable Network Security, juan vazquez | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Symantec Web Gateway's HTTP service. Due to the incorrect use of file extensions in the upload_file() function, this allows us to abuse the spywall/blocked_file.php file in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution.

tags | exploit, web, arbitrary, php, code execution, file upload
advisories | CVE-2012-0299, OSVDB-82025
SHA-256 | cf93b4b95c23f5407ba012edff8b93021d9cf2a529de505d5f968bbc6cf64f26
Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection
Posted Jun 11, 2012
Authored by Tenable Network Security, juan vazquez | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service due to the insecure usage of the exec() function. This Metasploit module abuses the spywall/ipchange.php file to execute arbitrary OS commands without authentication.

tags | exploit, web, arbitrary, php
advisories | CVE-2012-0297
SHA-256 | b0b67649c40ca029b22826b4a8885851ba50ca7ed212e036f2e5e4e0db93816f
Zero Day Initiative Advisory 12-091
Posted Jun 9, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-091 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists because Symantec Web Gateway allows unauthenticated users to upload a file while preserving the file extension. This allows users to upload additional script files that can be used to execute remote code from user supplied commands under the context of the webserver.

tags | advisory, remote, web, arbitrary
advisories | CVE-2012-0299
SHA-256 | e6455c20b1364db65ee13fb4709268297326339c75eaaeafc7611ed4f8084cdd
Zero Day Initiative Advisory 12-090
Posted Jun 9, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-090 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to insufficiently filtered user-supplied data used in a call to exec() in multiple script pages. The affected scripts are located in '/spywall/ipchange.php' and 'network.php'. There is also a flaw in '/spywall/download_file.php' that allows unauthenticated users to download and delete any file on the server.

tags | advisory, remote, web, arbitrary, php
advisories | CVE-2012-0297
SHA-256 | 27dcc990753c286009309447bb9c72ba6733589421579106d30bc8c69f3a95ef
Symantec Web Gateway 5.0.2.8 Command Execution
Posted May 28, 2012
Authored by unknown, muts, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Symantec Web Gateway's HTTP service. By injecting PHP code in the access log, it is possible to load it with a directory traversal flaw, which allows remote code execution under the context of 'apache'. Please note that it may take up to several minutes to retrieve access_log, which is about the amount of time required to see a shell back.

tags | exploit, remote, web, shell, php, code execution
advisories | CVE-2012-0297
SHA-256 | 65a7306dea41b299aa10904fe0da0ef4f8feaaf8b06f2b42c12431d74226ce63
Symantec Web Gateway 5.0.2 Local File Inclusion
Posted May 26, 2012
Authored by muts

Symantec Web Gateway version 5.0.2 remote local file inclusion root exploit.

tags | exploit, remote, web, local, root, file inclusion
advisories | CVE-2012-0297
SHA-256 | 1f988ae10011c9e9527aa54aee6542a4e4f221f26948b02c388b89c3b9e6db66
Secunia Security Advisory 49216
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Symantec Web Gateway, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, manipulate certain data, and compromise a vulnerable system.

tags | advisory, web, vulnerability, xss
SHA-256 | 5f47e0534616828361e6ecfbca9a7f93b5ec31218988867a9945b874c2d0ead2
Secunia Security Advisory 49064
Posted May 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Symantec Web Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, web, xss
SHA-256 | 6552805b175da258feff2164c2dc08bf2138f9bb86901753d358a5788c75b1ab
Symantec Web Gateway Cross Site Scripting
Posted May 6, 2012
Authored by B00y@

Symantec Web Gateway suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | 4a4b3d7ca93ab14cafeac515271b34feae8de6d556145357262cda8aa7e4bce1
McAfee Web Gateway And Squid Proxy 3.1.19 Bypass
Posted Apr 13, 2012
Authored by Gabriel Menezes Nunes

McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included. Squid is only vulnerable to the attacks if the filtered site is using SSL.

tags | exploit, web, proof of concept, bypass
systems | unix
advisories | CVE-2012-2212, CVE-2012-2213
SHA-256 | fd5a23a84846044a1ea5a10e1231aba1d4783081f27119ecd5de07b7485b6ad5
Telco SMTP To SMS/MMS Crypto
Posted Apr 13, 2012
Authored by Champ Clark III

Many people use telecommunications provided SMTP to SMS/MMS gateways to send out sensitive data. This paper looks into encryption (or lack of) covered by these types of public access SMTP to SMS/MMS gateways and services.

tags | paper
SHA-256 | 4a7ee04849235d3e90c1270eb15f6e24884ab471f7c7606cf34bb4f9587f746b
Page 1 of 4
Back1234Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close