accept no compromises

Register | Login

FilesNewsUsersAuthors

Home Files News About Contact Add New

Showing 1 - 3 of 3

Files from Chris Graham

Epicor Returns Management SOAP-Based Blind SQL Injection

Posted May 18, 2012

Authored by Digital Defense, r@b13$, Chris Graham | Site digitaldefense.net

Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.

tags | advisory, arbitrary, sql injection

MD5 | 755a65afc10d5474042e3617ff61f528

Download | Favorite | Comments (0)

Metropolis Technologies OfficeWatch Directory Traversal

Posted Oct 3, 2011

Authored by Digital Defense, r@b13$, Chris Graham | Site digitaldefense.net

Metropolis Technologies OfficeWatch enables a web server on TCP port 80 that is susceptible to a directory traversal. An attacker may send a ../ (dot-dot-slash) sequence to traverse out of the web root and access arbitrary files on the host.

tags | advisory, web, arbitrary, root, tcp

MD5 | 2935db7b692f3ccd3f03083af86137c3

Download | Favorite | Comments (0)

Digital Defense VRT Advisory 2009.27

Posted Jan 26, 2010

Authored by Digital Defense, r@b13$, Chris Graham, Rob Kraus

The login page of the F2L-3000 version 4.0.0 is vulnerable to SQL Injection. Exploitation of the vulnerability may allow attackers tobypass authentication and access sensitive information stored on the device.

tags | advisory, sql injection

MD5 | 65fa30f3ed6a05bafcd2835c26e753a1

Download | Favorite | Comments (0)