Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.
755a65afc10d5474042e3617ff61f528This Metasploit module exploits a SQL injection found in Solarwinds Storage Manager login interface. It will send a malicious SQL query to create a JSP file under the web root directory, and then let it download and execute our malicious executable under the context of SYSTEM.
9675737ed83ba23e80c220423bc6b736The ACTi Web Configurator 3.0 for ACTi IP Surveillance Cameras contains a directory traversal vulnerability within the cgi-bin directory. An unauthenticated remote attacker can use this vulnerability to retrieve arbitrary files that are located outside the root of the web server.
532e6e641a0c8ade262cbaa881911f2bMultiple PacketVideo products contain a directory traversal vulnerability within the web server that is running on port 9000. These products are vulnerable to the attack regardless of having configured the "Secured Server Settings" which are available on the Advanced configuration page. Susceptible products include the Twonky 7.0 Special and the TwonkyManager 3.0.
656ba8c730b2b9e1125a946aadca0dacSolarWinds Storage Manager Server suffers from a remote SQL injection vulnerability that will allow for authentication bypass.
8c8cc2d0f83d574e1ff66fdb11d03fc8The HP-ChaiSOE/1.0 embedded web server on certain HP JetDirect printers allows a potential attacker to gain read only access to directories and files outside of the web root, different from CVE-2008-4419. An attacker can leverage this flaw to read arbitrary system configuration files, cached documents, etc. Information obtained from an affected host may facilitate further attacks against the host. Exploitation of this flaw is trivial using common web server directory traversal techniques.
7dfe4ca44a797ab0dafbe716e1150c6cThe KnowledgeTree login.php login page is vulnerable to a blind SQL injection vulnerability within the username field. An attacker can leverage this flaw to execute arbitrary SQL commands and extract sensitive information from the backend database using standard blind SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host OS.
9cc42698710a8e4f4f6c68cd40d04275The default installation of the IBM WebSphere Application Server is deployed with a 'help' servlet which is designed to serve supporting documentation for the WebSphere system. When the 'help' servlet processes a URL that contains a reference to a Java plug-in Bundle that is registered with the Eclipse Platform Runtime Environment of the WebSphere Application Server, the 'help' servlet fails to ensure that the submitted URL refers to a file that is both located within the web root of the servlet and is of a type that is allowed to be served. An unauthenticated remote attacker can use this weakness in the 'help' servlet to retrieve arbitrary system files from the host that is running the 'help' servlet. This can be accomplished by submitting a URL which refers to a registered Java plug-in Bundle followed by a relative path to the desired file.
bbda60a4066610b477cb344a711398faThe default deployment of Cisco Unified Contact Center Express (UCCX) system is configured with multiple listening services. The web service that is listening on TCP port 9080, or on TCP port 8080 in versions prior to 8.0(x), serves a directory which is configured in a way that allows for a remote unauthenticated attacker to retrieve arbitrary files from the UCCX root filesystem through a directory traversal attack. It is possible for an attacker to use this vector to gain console access to the vulnerable node as the 'ccxcluster' user, and subsequently escalate privileges.
a35722c26845aaa0b0c6b472b18c85deMetropolis Technologies OfficeWatch enables a web server on TCP port 80 that is susceptible to a directory traversal. An attacker may send a ../ (dot-dot-slash) sequence to traverse out of the web root and access arbitrary files on the host.
2935db7b692f3ccd3f03083af86137c3Multiple Cybele Software, Inc. products are vulnerable to arbitrary file retrieval and directory traversal vulnerabilities including ThinVNC, ThinRDP, and ThinVNC Access Point 2.0. An unauthenticated remote attacker can submit requests for files that are located outside the root of the web server that is distributed with these Cybele Software, Inc. products.
34a20d2c0fd04f07d27b62973123b161The Axway SecureTransport device contains a directory traversal in the '/icons/' directory. An unauthenticated remote attacker can use this vulnerability to obtain arbitrary files from the root file system of the vulnerable host.
e35a29b1f835b8c6ef3ea3c7e7051e37The Alcatel-Lucent OmniVista 4760 NMS is vulnerable to a directory traversal. This flaw allows remote unauthenticated attackers to retrieve arbitrary files from a vulnerable system.
c72b908021cbb8ccb139fd2fa9a9429dThe rpc.cmsd service in Sun Solaris 10 contains an integer overflow which can allow a malicious unauthenticated user to cause a denial of service, or remotely execute arbitrary code with root privileges.
843ebb44897c35e76b09d085128a2391ALPHA Ethernet Adapter II Web-Manager version 3.40.2 suffers from an authentication bypass vulnerability.
d580fa25d8c4d174e7e3da32aafee1cfThe login page of the F2L-3000 version 4.0.0 is vulnerable to SQL Injection. Exploitation of the vulnerability may allow attackers tobypass authentication and access sensitive information stored on the device.
65fa30f3ed6a05bafcd2835c26e753a1The login screen of the LogRover web interface is vulnerable to a SQL Injection which can allow remote attackers to login to the system via an authentication bypass. Version 2.3 for Windows XP is affected.
fc9466d2f2152310983fd8cd729634fdThe web interface on tcp port 8090 of IPsession suffers from a SQL injection vulnerability.
a9e4c0a0fb5a55991acaf2f0e3c218feCertain Precidia Ether232 devices contain memory overwrite and authentication flaws.
34d9c21405251aaab3e9e9d063f1afdfApache ActiveMQ version 5.2.0 suffers from multiple cross site scripting vulnerabilities.
730bcdba54ba8bcb45c891039e83c7e2A directory traversal vulnerability exists in the SMART Web Server.
b130314ed2d4f2c2d6548baac1ed3a07The vBook login application suffers from a cross site scripting vulnerability.
75fc728c21338f544aa8ddebd3c92860The NetMRI login application suffers from a cross site scripting vulnerability.
c333ae4b37e45fffa4f4fea03650d045The HP-ChaiSOE/1.0 embedded web server on certain HP JetDirect printers allows a potential attacker to gain read only access to directories and files outside of the web root. An attacker can leverage this flaw to read arbitrary system configuration files, cached documents, etc. Information obtained from an affected host may facilitate further attacks against the host. Exploitation of this flaw is trivial using common web server directory traversal techniques. Verified vulnerable systems include the HP JetDirect 2420 and the HP JetDirect 4250.
3fc73967d9a3f354bdb5160309340bc5The Citrix Broadcast Server administrative login page is vulnerable to trivial SQL injections via the txtUID HTTP POST parameter. An attacker could leverage this flaw to obtain unauthorized access to the web interface or to extract data from the database via blind SQL injection.
657e79ffbf7ce2e8ad204969e22dbf2f
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed