scripting web
vulnerability in the `domain` admin_loglist.html value has CVSS Score of 8.9
Credits Authors:
==
John Page ( hyp3rlinx ) @apparitionsec
Disclaimer Information:
=
The information provided in this advisory is provided as it is without any
disclaims all warranties,
either expressed or implied, including the warranties of merchantability and
capability for a particular purpose. apparitionsec or its suppliers are not
liable in any case of damage, including direct, indirect, incidental,
consequential loss of business profits or special
Affected Vendor:
www.topnew.net/sidu/
Credits: John Page ( hyp3rlinx )
Domains: hyp3rlinx.altervista.org
Source:
http://hyp3rlinx.altervista.org/advisories/AS-SIDU0513.txt
Product:
Sidu version 5.2 is a web based database front-end administration tool.
Advisory Information:
[Correction] of Vendor Info for Symphony CMS XSS Vulnerability POST on (Jun 08)
=
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-SYMPHONY0606.txt
Vendor:
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/
Vendor:
http://www.silverstripe.org/software/download
Product:
SilverStripe CMS Framework
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-SYMPHONY0606.txt
Vendor:
www.getsymphony.com/download/
Product:
Symphony CMS 2.6.2
[+] Credits: hyp3rlinx
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt
Vendor:
http://www.silverstripe.org/software/download
Product:
SilverStripe CMS
[+] Credits: hyp3rlinx
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt
Vendor:
http://www.silverstripe.org/software/download
Product:
SilverStripe CMS
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-GENIXCMS0621.txt
Vendor:
=
genixcms.org
Product:
=
GeniXCMS
[+] Credits: hyp3rlinx
[+] Domains: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621.txt
Vendor:
=
code.google.com/p/mysql-lite-administrator
Product:
[+] Credits: hyp3rlinx
[+] Domains: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621.txt
Vendor:
=
code.google.com/p/mysql-lite-administrator
Product:
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-ZCMS0612.txt
Vendor:
=
http://zencherry.com/
http://sourceforge.net/projects/zencherrycms
Product:
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-NAKIDCMS0611.txt
Vendor:
http://kilrizzy.github.io/Nakid-CMS/
Product:
Credits: John Page ( hyp3rlinx )
Domains: hyp3rlinx.altervista.org
Source:
http://hyp3rlinx.altervista.org/advisories/AS-JSPMYADMIN0529.txt
Vendor:
code.google.com/p/jsp-myadmin
Product:
JSPAdmin 1.1 is a Java web based MySQL database management system.
Advisory Information:
# Exploit Title: DbNinja Flash XSS Exploit
# Google Dork: intitle: Flash XSS
# Date: May 27, 2015
# Exploit Author: John Page (hyp3rlinx)
# Website: hyp3rlinx.altervista.org
# Vendor Homepage: www.dbninja.com
# Software Link: www.dbninja.com
# Version: 3.2.6
# Tested on: Windows 7
# Category:
# Exploit Title: DbNinja Flash XSS Exploit
# Google Dork: intitle: Flash XSS
# Date: May 27, 2015
# Exploit Author: John Page (hyp3rlinx)
# Website: hyp3rlinx.altervista.org
# Vendor Homepage: www.dbninja.com
# Software Link: www.dbninja.com
# Version: 3.2.6
# Tested on: Windows 7
# Category:
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt
Vendor:
www.eliacom.com
www.eliacom.com/mysql-gui-download.php
Product:
Enhanced SQL Portal 5.0.7961 web based MySQL administration
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-VFRONT0602.txt
Vendor:
==
www.vfront.org
Product:
===
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt
Vendor:
===
community.novius-os.org
Product:
===
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPLITEADMIN0705.txt
Vendor:
bitbucket.org/phpliteadmin
Product:
phpLiteAdmin v1.1
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-DDI-0818.txt
Vendor:
www.trendmicro.com
Product:
===
Trend Micro Deep Discovery
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-DDI-081815b.txt
Vendor:
www.trendmicro.com
Product:
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-PHPFILEMANAGER0729.txt
Vendor:
phpfm.sourceforge.net
Product:
phpFileManager version 0.9.8
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812c.txt
Vendor:
pfn.sourceforge.net
Product:
===
PHPfileNavigator v2.3.3
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPIPAM0812.txt
Vendor:
phpipam.net
Product:
==
phpipam-1.1.010
Vulnerability Type:
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812a.txt
Vendor:
pfn.sourceforge.net
Product:
===
PHPfileNavigator v2.3.3
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPIPAM0812.txt
Vendor:
phpipam.net
Product:
==
phpipam-1.1.010
Vulnerability Type:
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-HAWKEYEG0725.txt
Vendor:
www.hexiscyber.com
Product:
Hawkeye-G v3.0.1.4912
Hawkeye G is
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-HAWKEYEG0724.txt
Vulnerability Type:
===
CSRF
CVE Reference:
==
CVE-2015-2878
Vendor:
===
www.hexiscyber.com
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-OPENWEBANALYTICS0721.txt
Vendor:
www.openwebanalytics.com
Product:
***[UPDATED CORRECTION] ***
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-HAWKEYEG0724.txt
Vulnerability Type:
===
CSRF
CVE Reference:
==
CVE-2015-2878
Vendor:
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPSQLITECMS0712.txt
Vendor:
phpsqlitecms.net
Product:
ilosuna-phpsqlitecms-d9b8219
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-MICROSOFT-XSS-ELEVATION-OF-PRIVILEGE.txt
Vendor:
==
www.microsoft.com
Product:
===
Microsoft .NET Framework
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-CFIMAGEHOST-XSS.txt
Vendor:
codefuture.co.uk/projects/imagehost
Product:
===
CF Image Host 1.65 -
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-CFIMAGEHOST-PHP-CMD-INJECTION.txt
Vendor:
codefuture.co.uk/projects/imagehost
Product:
===
CF Image
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-CFIMAGEHOST-CSRF.txt
Vendor:
codefuture.co.uk/projects/imagehost
Product:
===
CF Image Host 1.65 -
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-PHPSRVMONITOR-PRIV-ESCALATE.txt
Vendor:
www.phpservermonitor.org
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-PHPSRVMONITOR-CSRF.txt
Vendor:
www.phpservermonitor.org
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-TCPING-2.1.0-BUFFER-OVERFLOW.txt
Vendor:
Spetnik.com
Product:
=
Spetnik TCPing 2.1.0 / tcping.exe
circa
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-NXFILTER-CSRF.txt
Vendor:
www.nxfilter.org/p2/
Product:
NXFilter v3.0.3
Vulnerability Type:
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-NXFILTER-XSS.txt
Vendor:
www.nxfilter.org/p2/
Product:
NXFilter v3.0.3
Vulnerability Type:
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-BLAT-MAILER-BUFFER-OVERFLOW.txt
Vendor:
www.blat.net
http://sourceforge.net/projects/blat/
Product:
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt
Vendor:
www.zope.org
plone.org
Product:
Zope Management Interface 4.3.7
Zope is a
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-ADOBE-WRKGRP-BUFFER-OVERFLOW.txt
Vendor:
www.adobe.com
Product:
=
AdobeWorkgroupHelper.exe v2.8.3.3
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-LANWHOIS-BUFFER-OVERFLOW-10062015.txt
Vendor:
www.lantricks.com
Product:
LanWhoIs.exe 1.0.1.120
#include windows.h
#include Tlhelp32.h
#define SMC_EXE Smc.exe
#define SMC_GUI SmcGui.exe
#define CC_SVC_HST ccSvcHst.exe
/*
By John Page (hyp3rlinx) - Dec 2014 - hyp3rlinx.altervista.org
Symantec Endpoint Protection version 12.1.4013
First reported to Symantec - Jan 20, 2015
Goal:
Kill Symantec
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-JSPMYSQLADMINISTRADOR-0904.txt
Vendor:
JSPMySQL Administrador
https://sites.google.com/site/mfpledon/producao-de-software
Product:
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-MS-EXCHANGE-INFO-DISCLOSURE.txt
Vendor:
www.microsoft.com
Product:
Microsoft Exchange Outlook Web
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-CP_IKEVIEW-0911.txt
Vendor:
www.checkpoint.com
Product:
IKEView.exe Fox beta 1
IKEVIew.EXE is used to
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-IKEVIEWR60-0914.txt
Vendor:
www.checkpoint.com
http://pingtool.org/downloads/IKEView.exe
Product:
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-LANSPY-BUFFER-OVERFLOW-10052015.txt
Vendor:
www.lantricks.com
Product:
LanSpy.exe
LanSpy is network
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-GIT-SSH-AGENT-BUFF-OVERFLOW.txt
Vendor:
git-scm.com
Product:
Git-1.9.5-preview20150319.exe
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-GIT-SSH-AGENT-BUFF-OVERFLOW.txt
Vendor:
git-scm.com
Product:
Git-1.9.5-preview20150319.exe
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-FTGATE-2009-CSRF.txt
Vendor:
www.ftgate.com
Product:
FTGate 2009 SR3 May 13 2010 Build 6.4.00
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-FORTIMANAGER-XSS-0924.txt
Vendor:
www.fortinet.com
Product:
FortiManager v5.2.2
FortiManager is a
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/ZEN-PHOTO-1.4.10-LFI.txt
Vendor:
www.zenphoto.org
Product:
===
Zenphoto 1.4.10
Vulnerability Type:
Local
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/ZEN-PHOTO-1.4.10-XSS.txt
Vendor:
www.zenphoto.org
Product:
===
Zenphoto 1.4.10
Vulnerability Type:
==
Cross
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/PHPBACK-XSS.txt
Vendor:
www.phpback.org
Product:
===
phpback v1.1
The open source feedback system, PHPBack is feedback a web application
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/FTPSHELL-v5.24-BUFFER-OVERFLOW.txt
Vendor:
www.ftpshell.com
Product:
FTPShell Client version 5.24
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/ACCESSDIVER-BUFFER-OVERFLOW.txt
Vendor:
==
M. Jean Fages
www.accessdiver.com
circa 1998-2006
Product:
=
AccessDiver V4.301 build 5888
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/IBMI-ACCESS-BUFFER-OVERFLOW-DOS.txt
Vendor:
==
www.ibm.com
Product:
IBM i Access for Windows
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/IBMI-CLIENT-ACCESS-BUFFER-OVERFLOW.txt
Vendor:
==
www.ibm.com
Product:
IBM i Access for
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/VMWARE-VSPHERE-FLASH-XSS.txt
[+] ISR: apparitionsec
Vendor:
===
www.vmware.com
Product:
VMWare vSphere Web
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/OP5-REMOTE-CMD-EXECUTION.txt
Vendor:
www.op5.com
Product:
===
op5 v7.1.9
op5 Monitor is a software product for server, Network monitoring and
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/PHPBACK-v1.3.0-SQL-INJECTION.txt
Vendor:
www.phpback.org
Product:
PHPBack v1.3.0
Vulnerability Type:
===
SQL Injection
[+] Credits: John Page aka HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE-INCLUSION.txt
[+] ISR: ApparitionSec
Vendor:
===
www.wso2.com
Product:
Ws02Carbon v4.4.5
WSO2
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AXESSH-DENIAL-OF-SERVICE.txt
[+] ISR: ApparitionSec
Vendor:
www.labf.com
Product:
=
Axessh 4.2.2
Axessh is a SSH client
and Buffer Overflow Exploit
#Discovery hyp3rlinx
#ISR: ApparitionSec
#hyp3rlinx.altervista.org
#shellcode to pop calc.exe Windows 7 SP1
sc=("\x31\xF6\x56\x64\x8B\x76\x30\x8B\x76\x0C\x8B\x76\x1C\x8B"
"\x6E\x08\x8B\x36\x8B\x5D\x3C\x8B\x5C\x1D\x78\x01\xEB\x8B"
"\x4B\x18\x8B\x7B\
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/RAPID-PHP-EDITOR-REMOTE-CMD-EXEC.txt
[+] ISR: Apparition Security
Vendor:
==
www.rapidphpeditor.com
Product:
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AXESSH-DENIAL-OF-SERVICE.txt
[+] ISR: ApparitionSec
Vendor:
www.labf.com
Product:
=
Axessh 4.2.2
Axessh is a SSH client
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WINCVS-PRIVILEGE-ESCALATION.txt
[+] ISR: ApparitionSec
Vendor:
==
cvsgui.sourceforge.net
www.wincvs.org
Product:
===
WinCvs
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/ORACLE-NETBEANS-IDE-DIRECTORY-TRAVERSAL.txt
[+] ISR: ApparitionSec
Vendor:
===
www.oracle.com
Product:
=
Netbeans IDE v8.1
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/PUPPET-AUTHENTICATION-REDIRECT.txt
[+] ISR: ApparitionSec
Vendor:
==
www.puppet.com
Product:
Puppet
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/PUPPET-USER-ENUMERATION.txt
[+] ISR: ApparitionSec
Vendor:
==
www.puppet.com
Product:
===
Puppet Enterprise Web
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/CORE-FTP-REMOTE-SSH-SFTP-BUFFER-OVERFLOW.txt
[+] ISR: ApparitionSec
Vendor:
===
www.coreftp.com
Product:
Core FTP LE
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/PUTTY.EXE-INSECURE-PASSWORD-STORAGE.txt
[+] ISR: ApparitionSec
Vendor:
==
www.chiark.greenend.org.uk
Product
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/ZEND-STUDIO-PRIVILEGE-ESCALATION.txt
[+] ISR: ApparitionSec
Vendor:
www.zend.com
Product:
==
ZendStudio IDE v13.5.1
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt
[+] ISR: ApparitionSec
Vendor:
=
www.snort.org
Product:
===
Snort v2.9.7.0-WIN32
Snort is an open-source
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/SYMANTEC-VIP-ACCESS-ARBITRARY-DLL-EXECUTION.txt
[+] ISR: ApparitionSec
Vendor:
www.symantec.com
Product:
===
Symantec
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MEDIA-CENTER-XXE-FILE-DISCLOSURE.txt
[+] ISR: ApparitionSec
Vendor:
==
www.microsoft.com
Product
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-MSINFO32-XXE-FILE-EXFILTRATION.txt
[+] ISR: ApparitionSec
Vendor:
=
www.microsoft.com
Product
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/FIREFOX-v54.0.1-DENIAL-OF-SERVICE.txt
[+] ISR: ApparitionSec
Vendor:
===
www.mozilla.org
Product:
===
Firefox v54.0.1
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt
[+] ISR: apparitionSec
Vendor:
===
www.cesanta.com
Product
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/CVE-2017-14087-TRENDMICRO-OFFICESCAN-XG-HOST-HEADER-INJECTION.txt
[+] ISR: ApparitionSec
Vendor:
==
www.trendmicro.com
Product
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/CVE-2017-14084-TRENDMICRO-OFFICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt
[+] ISR: ApparitionSec
Vendor:
==
www.trendmicro.com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt
[+] ISR: ApparitionSec
Vendor
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/CVE-2017-14089-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-MEMORY-CORRUPTION.txt
[+] ISR: ApparitionSec
Vendor:
==
www.trendmicro.com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txt
[+] ISR: ApparitionSec
Vendor
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-SERVER-SIDE-REQUEST-FORGERY.txt
[+] ISR: ApparitionSec
Vendor:
==
www.trendmicro.com
Product
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFFICESCAN-XG-REMOTE-NT-DOMAIN-PHP-INFO-DISCLOSURE.txt
[+] ISR: ApparitionSec
Vendor
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/CVE-2017-14084-TRENDMICRO-OFFICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt
[+] ISR: ApparitionSec
Vendor:
==
www.trendmicro.com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-IMAGE-FILE-EXECUTION-BYPASS.txt
[+] ISR: ApparitionSec
Vendor:
==
www.trendmicro.com
Product
: ApparitionSec
Vulnerabilities Summary
The following advisory describe three (3) vulnerabilities found in Mako
Servers tutorial page.
The vulnerabilities found are:
Unauthenticated Arbitrary File Write vulnerability that leads to Remote Command
Execution
Unauthenticated File
[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/CVE-2017-6331-SYMANTEC-ENDPOINT-PROTECTION-TAMPER-PROTECTION-BYPASS.txt
[+] ISR: ApparitionSec
Vendor:
===
www.symantec.com
Product
[+] SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3430
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WEBMIN-v1.850-REMOTE-COMMAND-EXECUTION.txt
[+] ISR: ApparitionSec
[+] Credits: John Page (aka Hyp3rlinX)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE-CODE-EXECUTION-CVE-2017-17055.txt
[+] ISR: ApparitionSec
Vendor:
===
www.articatech.com
Product
[+] Credits: John Page (aka Hyp3rlinX)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt
[+] ISR: ApparitionSec
Vendor:
=
mistserver.org
Product
[+] Credits: John Page (aka HyP3rlinX)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/ABYSS-WEB-SERVER-MEMORY-HEAP-CORRUPTION.txt
[+] ISR: ApparitionSec
Vendor:
==
aprelium.com
Product:
===
Abyss Web
555-
Exploit/POC:
=
import socket,re,ssl,warnings,subprocess,time
from platform import system as system_name
from os import system as system_call
#Adminer Server Side Request Forgery
#PortMiner Scanner Tool
#by John Page (hyp3rlinx)
#ISR: ApparitionSec
#hyp3rlinx.altervista.org
#===
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/ORACLE-JDEVELOPER-DIRECTORY-TRAVERSAL.txt
[+] ISR: apparition security
Vendor:
=
www.oracle.com
Product:
===
1 - 100 of 130 matches
Mail list logo