exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files from Trustwave

First Active2009-06-25
Last Active2011-07-26
iOS SSL Implementation Certificate Validation Fail
Posted Jul 26, 2011
Authored by Trustwave | Site trustwave.com

iOS's SSL certificate parsing contains a flaw where it fails to check the basicConstraints parameter of certificates in the chain. By signing a new certificate using a legitimate end entity certificate, an attacker can obtain a "valid" certificate for any domain.

tags | advisory
systems | cisco
advisories | CVE-2011-0228
SHA-256 | 434dce4a3760a9007c3d719b3ef5ed6a9779f57077aab4e7c303f1688be36903
IBM Web Application Firewall Bypass
Posted Jun 21, 2011
Authored by Trustwave | Site trustwave.com

The IBM Web Application Firewall can be evaded, allowing an attacker to exploit web vulnerabilities that the product intends to protect. The issue occurs when an attacker submits repeated occurrences of the same parameter.

tags | exploit, web, vulnerability
SHA-256 | dd1e9c94795aba4ffecf00c4d23acf69a25e54a0a279d3b90a3b780c202eb617
Comcast DOCSIS 3.0 Business Gateways XSRF / Session Management
Posted Feb 5, 2011
Authored by Trustwave | Site trustwave.com

Comcast DOCSIS 3.0 Business Gateways suffer from static credential, multiple cross site request forgery, and weak session management vulnerabilities. Versions prior to 1.4.0.49.2 are affected.

tags | exploit, vulnerability, csrf
advisories | CVE-2011-0885, CVE-2011-0886, CVE-2011-0887
SHA-256 | bfdcb29692e23009cac35584f81732340459c02965c99dd869039d3e1eb6ba5e
Clear iSpot / Clearspot 2.0.0.0 Cross Site Request Forgery
Posted Dec 11, 2010
Authored by Matthew Jakubowski, Trustwave | Site trustwave.com

Clear iSpot / Clearspot version 2.0.0.0 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2010-4507
SHA-256 | 557f592e7d9902546a91c2ef1117b4bcd128072e4039a2a740e535462ca0814d
Camtron CMNC-200 IP Camera Traversal / Overflow / Bypass / Denial Of Service
Posted Nov 12, 2010
Authored by Trustwave | Site trustwave.com

The Camtron CMNC-200 IP Camera suffers from buffer overflow, administrative bypass, default account and directory traversal vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2010-4230, CVE-2010-4231, CVE-2010-4232, CVE-2010-4233, CVE-2010-4244
SHA-256 | f4179a3a7b9ccf1244b48c4730ed3dbeb4940f45a22b1e54806f6011ae691979
FreePBX 2.8.0 Code Execution
Posted Sep 24, 2010
Authored by Trustwave | Site trustwave.com

FreePBX versions 2.8.0 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2010-3490
SHA-256 | d839195f9db7fa9e1b80afddfe9fb68b622f5255ab3e52b81e30ba662b8c23e6
EMC Celerra NAS root NFS Export Access
Posted Aug 3, 2010
Authored by Trustwave | Site trustwave.com

The EMC Celerra Network Attached Storage (NAS) appliance allows for unauthorized access to a root NFS export.

tags | advisory, root
advisories | CVE-2010-2860
SHA-256 | 7f8a55ea48522f9e3ff51e1ce2c01aa22c50783f5a13c5e6ad77041f33f1523f
Web Service Hijacking In VMWare WebAccess
Posted Apr 1, 2010
Authored by Trustwave | Site trustwave.com

The Struts-based web application uses the server-side session sattribute "context_vmdirect" to store various settings, including the URL to the XML web service backend. By default, the URL is http://localhost/sdk, but the web service URL can be manually set from a client browser in several locations. If wsUrl is changed to point at an external server, all SOAP calls for that session are sent to the specified server. This includes plaintext authentication credentials. An attacker could exploit this by tricking a user into following a link to /ui/vmDirect.do, with an attacker-controlled server passed in the "view" parameter.

tags | advisory, web
advisories | CVE-2009-2277
SHA-256 | fd01d4172df55b8994b34803311ab871ff8630ad51141bd4511fe4f4065759a2
Multiplatform View State Tampering
Posted Feb 10, 2010
Authored by Trustwave | Site trustwave.com

SpiderLabs has documented view state tampering vulnerabilities in three products from separate vendors. Microsoft ASP.Net version 3.5, Apache MyFaces versions 1.2.8 and 1.2.7, and Sun Microsystems Mojarra versions 1.2_14 and 2.0.2 are all vulnerable.

tags | exploit, vulnerability, asp
SHA-256 | 274d820d5053b91c5b4019151e6accd446cb31435dfa6ae866e1d89dceee5e44
Cisco ASA Web VPN Vulnerabilities
Posted Jun 25, 2009
Authored by Trustwave | Site trustwave.com

The Cisco ASA Web VPN versions 8.0(4), 8.1.2, and 8.2.1 suffer from cross site scripting, credential theft, and html rewriting bypass vulnerabilities.

tags | exploit, web, vulnerability, xss
systems | cisco
advisories | CVE-2009-1201, CVE-2009-1202, CVE-2009-1203
SHA-256 | 826573c559cecc29255977b0d05ddb68c96b1d5ee4bffbb810ce7796d4a3c7b5
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close