exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 41 RSS Feed

Files

Alt-N WebAdmin USER Buffer Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

Alt-N WebAdmin is prone to a buffer overflow condition. This is due to insufficient bounds checking on the USER parameter. Successful exploitation could result in code execution with SYSTEM level privileges.

tags | exploit, overflow, code execution
advisories | CVE-2003-0471
SHA-256 | 07321bfe13486c72db95bf9c5992da051b5fe4111a96286914e261a01257e730

Related Files

Alt-N MDaemon Webmail 20.0.0 Cross Site Scripting
Posted Feb 8, 2021
Authored by Kailash Bohara

Alt-N MDaemon webmail version 20.0.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-18723, CVE-2020-18724
SHA-256 | 168842d9bfb9b9a9daec02d1c705c071a0802417160b8e798a9654b1a4eebb9a
Ubuntu Security Notice USN-2769-1
Posted Oct 15, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2769-1 - It was discovered that Apache Commons HttpClient did not properly verify the Common Name or subjectAltName fields of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS. Florian Weimer discovered the fix for CVE-2012-5783 was incomplete for Apache Commons HttpClient. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-5783, CVE-2012-6153, CVE-2014-3577, CVE-2015-5262
SHA-256 | af157aac0460aac84b53a3ba1669f3117b6a436e3293af422b911edc94f82c08
Red Hat Security Advisory 2015-1176-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1176-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. The following security fixes are addressed in this release: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also used client certificates. A man-in-the-middle attacker could use this flaw to spoof a valid certificate. It was found that async-http-client did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2013-7397, CVE-2013-7398, CVE-2014-0363, CVE-2014-0364, CVE-2014-3577, CVE-2014-4651, CVE-2014-5075, CVE-2014-8175, CVE-2015-0226, CVE-2015-0227, CVE-2015-1796
SHA-256 | 5b62a88300e3d3a984e66c33f540e2c9e0a241d1cb41eb116da6198f4b034f4c
Mandriva Linux Security Advisory 2015-127
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-127 - Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-3504
SHA-256 | c2afdf6df232dfa0f1e7f2d6a4b68eb64ea16f42e60c5be7a833ec29608114c8
Red Hat Security Advisory 2014-1123-01
Posted Sep 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1123-01 - Apache Axis is an implementation of SOAP. It can be used to build both web service clients and servers. Apache Axis did not verify that the server host name matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. All devtoolset-2-axis users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5784
SHA-256 | fc012b67d580e6a5d54fae42870f3b6522d860d01b90618b5a96102cc6098b22
Mandriva Linux Security Advisory 2014-166
Posted Sep 2, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-166 - Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-3504
SHA-256 | 12079b09a2f77f4dd2d0d59a4ecbb786e81a328e62175d579ca8fa9038067cf5
Ubuntu Security Notice USN-2315-1
Posted Aug 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2315-1 - Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-3504
SHA-256 | 4bdcba1f94fef85007b55290e9cc8ceb6ab7a331befa81d3031e5fabd3a1fc31
Red Hat Security Advisory 2014-0224-01
Posted Feb 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0224-01 - The Red Hat Support plug-in for Red Hat Enterprise Virtualization is a new feature which offers seamless integrated access to Red Hat Access services from the Red Hat Enterprise Virtualization Administration Portal. The plug-in provides automated functionality that enables quicker help, answers, and proactive services. It offers easy and instant access to Red Hat exclusive knowledge, resources, engagement, and diagnostic features. Detailed information about this plug-in can be found in the Red Hat Customer Portal at https://access.redhat.com/site/articles/425603 The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
SHA-256 | f8556682c66be6a9118eadc60de95e718fab72514a5be24053f9dd706410253d
Red Hat Security Advisory 2014-0037-01
Posted Jan 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0037-01 - The Red Hat Enterprise Virtualization reports package provides a suite of pre-configured reports and dashboards that enable you to monitor the system. The reports module is based on JasperReports and JasperServer, and can also be used to create ad-hoc reports. Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2012-5784, CVE-2013-2192
SHA-256 | 0efac53ce37dda2703115556d8acdb23c24e8653403827521c96bb2c8715f1ab
Mandriva Linux Security Advisory 2013-233
Posted Sep 13, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-233 - The string formatting of subjectAltName X509Extension instances in pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when encountering a null byte, possibly allowing man-in-the-middle attacks through certificate spoofing. The updated packages have been patched to correct this issue.

tags | advisory, spoof
systems | linux, mandriva
advisories | CVE-2013-4314
SHA-256 | a43120d106d63684cf3f88a50e2e526955d2903de89c95489a0ab2bb2069c224
Debian Security Advisory 2742-1
Posted Aug 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2742-1 - It was discovered that PHP, a general-purpose scripting language commonly used for web application development, did not properly process embedded NUL characters in the subjectAltName extension of X.509 certificates. Depending on the application and with insufficient CA-level checks, this could be abused for impersonating other users.

tags | advisory, web, php
systems | linux, debian
advisories | CVE-2013-4248
SHA-256 | 94d9e680a062358787e25ec659acc74944e9b260376d2f8e2978f25085b91e0e
Mandriva Linux Security Advisory 2013-214
Posted Aug 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-214 - Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.match_hostname() to match the hostname against the certificate's subjectAltName's dNSName general names.

tags | advisory, python
systems | linux, mandriva
advisories | CVE-2013-4328
SHA-256 | bef1309c97ca6142e08e1d6ed64b7117003913520e969b3da85863a63dcb4168
Red Hat Security Advisory 2013-1147-01
Posted Aug 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1147-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA Platform 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2012-5783, CVE-2013-0269, CVE-2013-1821
SHA-256 | 11be102b169787b03d6c2152f3add04d435de5e2cb57176df49df6ccdaf958a5
Red Hat Security Advisory 2013-0683-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0683-01 - Apache Axis is an implementation of SOAP. It can be used to build both web service clients and servers. Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. All users of axis are advised to upgrade to these updated packages, which correct this issue. Applications using Apache Axis must be restarted for this update to take effect.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5784
SHA-256 | 3628c67c09cb1d58f378fc54ee8bc4d98a205cf03c0b2e687a9e28c81488c349
Red Hat Security Advisory 2013-0682-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0682-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
SHA-256 | d95bccd1b9e62a77af7540f0ceeac91fe2a96dd55a2b42d972613b36e2125610
Red Hat Security Advisory 2013-0681-01
Posted Mar 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0681-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation .

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
SHA-256 | 32357ad3c21abbde9aeddcd05fca1be975960a8cba6312d5deb4800bbee711a2
Red Hat Security Advisory 2013-0680-01
Posted Mar 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0680-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation .

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
SHA-256 | 2dd2db97370c098a4f39f5dc56456545d352223c7fde8c6bcf1f9878474aab13
Red Hat Security Advisory 2013-0679-01
Posted Mar 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0679-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation .

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
SHA-256 | 9cd819992de5ae233e4a9109208d7923df8497bb312ffc625e5b504206be0ef7
Alt-N MDaemon WorldClient / WebAdmin Cross Site Request Forgery
Posted Feb 21, 2013
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

Alt-N MDaemon version 13.0.3 WorldClient and WebAdmin applications suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 7254dc66cd6fba6e9a6eb7e9d46b3ad55c8a16813b7770255f61f633561438bb
Alt-N MDaemon WorldClient Predictable Session ID
Posted Feb 21, 2013
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

The Alt-N MDaemon version 13.0.3 WorldClient application suffers from a predictable session identifier vulnerability.

tags | exploit
SHA-256 | 92424873721cd173dc332823577d395adb3e123a0b90d2cd1514c100d2e80883
Alt-N MDaemon Email Body Cross Site Scripting
Posted Feb 21, 2013
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

Alt-N MDaemon version 13.0.3 suffers from a cross site scripting vulnerability in the email body due to a lack of sanitization.

tags | exploit, xss
SHA-256 | 7325b220864d0b6ff380a077b29aa8c7293ee9eaa3cbb5bbf03f8dd6edefd13d
Alt-N MDaemon WorldClient Username Enumeration
Posted Feb 21, 2013
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

The Alt-N MDaemon version 13.0.3 WorldClient application suffers from a username enumeration vulnerability based on responses provided.

tags | exploit
SHA-256 | 88ffc39eb1145981a8577ef2cd3a701922e79b7e248031243a1d54728446a564
Alt-N MDaemon WebAdmin Remote Code Execution
Posted Feb 21, 2013
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

The Alt-N MDaemon version 13.0.3 WebAdmin application suffers from a remote code execution vulnerability via the user account import facility.

tags | exploit, remote, code execution
SHA-256 | b1e0f846c97665c28984ae715b8e4178e351676b7e1aef82d5ac59c0302500d2
Alt-N MDaemon WorldClient Credential Disclosure
Posted Feb 21, 2013
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

The Alt-N MDaemon version 13.0.3 WorldClient application suffers from a credential disclosure vulnerability. This is possible because the application replies to a request with a response that contains the credentials in an encoded (reversible) format.

tags | exploit, info disclosure
SHA-256 | 5e526cfd34acc8dc5cebe4e940c88c797073c12adce735bb8dc9adf90132aebf
Red Hat Security Advisory 2013-0270-01
Posted Feb 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0270-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. All users of jakarta-commons-httpclient are advised to upgrade to these updated packages, which correct this issue. Applications using the Jakarta Commons HttpClient component must be restarted for this update to take effect.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
SHA-256 | af53df44563319536fdb4f79b98fb9e261956bbde7062a8807de4b5a1079804c
Page 1 of 2
Back12Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close