attacks
=)
syntax: ping [-s] IPNAME [DATASZ [NUMPKTS]]
-- Larry W. Cashdollar
Unix Administrator
Security Operations
There is, however, quite a bit of documentation in the hub's manual about
setting a root password, and the importance of doing so.. don't know who
decided to use this same firmware in plotters/printers or what their
documentation is like, however it seems to come down to the general rule
of
Tarantella addressed these issues in a security bulletin:
http://www.tarantella.com/security/bulletin-04.html
#!/usr/bin/perl -w
#Another Exploit for tarantella enterprise 3 installation.
#Larry Cashdollar [EMAIL PROTECTED] 2/08/2002
#Exploits gunzip$$ binary being created in /tmp with perm
Vapid Labs
Larry W. Cashdollar
9/9/02
Summary: OpenOffice 1.0.1 Race condition during installation can overwrite
system files.
Severity: Low
Description: A very simple and easy to exploit race condition exist during
Vapid Labs
Security Note
A quick note on Fastlink Software's TheServer http server. I was not
going to write this up since it is a silly problem but this server is
listed in the netcraft survey so people are using it. TheServer is
Title: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line
Date: 11/15/2013
Author: Larry W. Cashdollar, @_larry0
Download: http://rubygems.org/gems/bio-basespace-sdk
Description:
BaseSpace Ruby SDK is a Ruby based Software Development Kit to be used in the
development of Apps
})
If the attacker can control zip_dir, zip_name or output then they can possibly
execute shell commands by injecting shell meta characters as input.
PoC:
For example: filename;id;.zip
I contacted the developer a few weeks ago but received no response.
Thanks!
Larry W. Cashdollar
@_larry0
http
Title: Command injection in Ruby Gem Webbynode 1.0.5.3
Date: 11/11/2013
Author: Larry W. Cashdollar, @_larry0
Download: http://rubygems.org/gems/webbynode
Vulnerability Description:
The following code located in: ./webbynode-1.0.5.3/lib/webbynode/notify.rb
doesn't fully sanitize user
Title: Persistent XSS in Media File Renamer V1.7.0 wordpress plugin
Date: 1/31/2014
Author: Larry W. Cashdollar, @_larry0
Vendor: Notified 2/4/2014
CVE: 2014-2040
Download:
http://www.meow.fr/media-file-renamer/
Vulnerability:
The following functions do not sanitize input before being echoed
Title: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem
Author: Larry W. Cashdollar, @_larry0
Download Site: http://rubygems.org/gems/Arabic-Prawn
CVE: 2014-2322
Date: 12/17/2013
In Arabic-Prawn-0.0.1/lib/string_utf_support.rb, the following lines pass
unsanitized input to the shell
Title: Remote Command Injection in Ruby Gem sfpagent 0.4.14
Date: 4/15/2014
Author: Larry W. Cashdollar, @_larry0
CVE: 2014-2888
Download: http://rubygems.org/gems/sfpagent
Vulnerability
The list variable generated from the user supplied JSON[body] input is passed
directly to the system
Title: Vulnerabilities in WordPress Database Manager v2.7.1
Author: Larry W. Cashdollar, @_larry0
Date: 10/13/2014
Download: https://wordpress.org/plugins/wp-dbmanager/
Downloads: 1,171,358
Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/
Contacted: 10/13/2014, Vulnerabilities addressed
Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1
(Joomla!) Vulnerabilities
Author: Larry W. Cashdollar, @_larry0
Date: 10/17/2014
Download: https://wordpress.org/plugins/xcloner-backup-and-restore/
Download:
http://extensions.joomla.org/extensions/access-a-security/site
#!/bin/bash
#Larry W. Cashdollar, @_larry0
#Will brute force and search a Wordpress target site with WP-DB-Backup v2.2.4
plugin installed for any backups done on
#20141031 assumes the wordpress database is wordpress and the table prefix is
wp_
#http://www.vapid.dhs.org/advisories/wordpress
Title: Remote file upload vulnerability in wordpress plugin
videowhisper-video-presentation v3.31.17
Author: Larry W. Cashdollar, @_larry0
Date: 2015-03-29
Download Site: https://wordpress.org/plugins/videowhisper-video-presentation/
Vendor: http://www.videowhisper.com/
Vendor Notified: 2015-03
v3.1.2 wordpress plugin authenticated command execution and XSS
Author: Larry W. Cashdollar, @_larry0
Date: 2015-05-10
Download Site: https://wordpress.org/plugins/xclonerbackupandrestore/
http://extensions.joomla.org/extensions/accessasecurity/sitesecurity/ backup/665
Advisory: http
Title: Path Traversal vulnerability in Wordpress plugin
se-html5-album-audio-player v1.1.0
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-06
Advisory: http://www.vapid.dhs.org/advisory.php?v=124
Download Site: https://wordpress.org/plugins/se-html5-album-audio-player/
Vendor: https
Title: Remote file upload vulnerability in
aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-07
Download Site:
https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms
Vendor: Waters Edge Web Design
Title: SQL Injection in easy2map wordpress plugin v1.24
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-08
Download Site: https://wordpress.org/plugins/easy2map
Vendor: Steven Ellis
Vendor Notified: 2015-06-08, fixed in v1.25
Vendor Contact: https://profiles.wordpress.org/stevenellis/
Advisory
Title: SQL Injection in easy2map-photos wordpress plugin v1.09
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-08
Download Site: https://wordpress.org/plugins/easy2map-photos
Vendor: Steven Ellis
Vendor Notified: 2015-06-08, fixed in v1.1.0
Vendor Contact: https://profiles.wordpress.org
Title: Remote file download vulnerability in wordpress plugin
wp-ecommerce-shop-styling v2.5
Author: Larry W. Cashdollar, @_larry0
Date: 2015-07-05
Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling
Vendor: https://profiles.wordpress.org/haet/
Vendor Notified: 2015-07-05
Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla
Fixed: v1.1.7
Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva
Date: 2016-07-14
Download Site:
http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro
Vendor: huge-it.com
Vendor
/master/mobile_plugin_exploit.sh
URL: http://www.vapidlabs.com/advisory.php?v=178
Credit: Larry W. Cashdollar, @_larry0
https://github.com/lcashdol/Exploits/blob/master/mobile_plugin_exploit.sh
23 matches
Mail list logo