OCE' 9400 plotters

attacks =) syntax: ping [-s] IPNAME [DATASZ [NUMPKTS]] -- Larry W. Cashdollar Unix Administrator Security Operations

Re: OCE' 9400 plotters

There is, however, quite a bit of documentation in the hub's manual about setting a root password, and the importance of doing so.. don't know who decided to use this same firmware in plotters/printers or what their documentation is like, however it seems to come down to the general rule of

Exploit for Tarantella Enterprise 3 installation (BID 3966)

Tarantella addressed these issues in a security bulletin: http://www.tarantella.com/security/bulletin-04.html #!/usr/bin/perl -w #Another Exploit for tarantella enterprise 3 installation. #Larry Cashdollar [EMAIL PROTECTED] 2/08/2002 #Exploits gunzip$$ binary being created in /tmp with perm

OpenOffice 1.0.1 Race condition during installation.

Vapid Labs Larry W. Cashdollar 9/9/02 Summary: OpenOffice 1.0.1 Race condition during installation can overwrite system files. Severity: Low Description: A very simple and easy to exploit race condition exist during

TheServer log file access password in cleartext w/vendor resolution.

Vapid Labs Security Note A quick note on Fastlink Software's TheServer http server. I was not going to write this up since it is a silly problem but this server is listed in the netcraft survey so people are using it. TheServer is

Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line

Title: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line Date: 11/15/2013 Author: Larry W. Cashdollar, @_larry0 Download: http://rubygems.org/gems/bio-basespace-sdk Description: BaseSpace Ruby SDK is a Ruby based Software Development Kit to be used in the development of Apps

Command injection vulnerability in Ruby Gem sprout 0.7.246

}) If the attacker can control zip_dir, zip_name or output then they can possibly execute shell commands by injecting shell meta characters as input. PoC: For example: filename;id;.zip I contacted the developer a few weeks ago but received no response. Thanks! Larry W. Cashdollar @_larry0 http

Command injection in Ruby Gem Webbynode 1.0.5.3

Title: Command injection in Ruby Gem Webbynode 1.0.5.3 Date: 11/11/2013 Author: Larry W. Cashdollar, @_larry0 Download: http://rubygems.org/gems/webbynode Vulnerability Description: The following code located in: ./webbynode-1.0.5.3/lib/webbynode/notify.rb doesn't fully sanitize user

Persistent XSS in Media File Renamer V1.7.0 wordpress plugin

Title: Persistent XSS in Media File Renamer V1.7.0 wordpress plugin Date: 1/31/2014 Author: Larry W. Cashdollar, @_larry0 Vendor: Notified 2/4/2014 CVE: 2014-2040 Download: http://www.meow.fr/media-file-renamer/ Vulnerability: The following functions do not sanitize input before being echoed

Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem

Title: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem Author: Larry W. Cashdollar, @_larry0 Download Site: http://rubygems.org/gems/Arabic-Prawn CVE: 2014-2322 Date: 12/17/2013 In Arabic-Prawn-0.0.1/lib/string_utf_support.rb, the following lines pass unsanitized input to the shell

Remote Command Injection in Ruby Gem sfpagent 0.4.14

Title: Remote Command Injection in Ruby Gem sfpagent 0.4.14 Date: 4/15/2014 Author: Larry W. Cashdollar, @_larry0 CVE: 2014-2888 Download: http://rubygems.org/gems/sfpagent Vulnerability The list variable generated from the user supplied JSON[body] input is passed directly to the system

Vulnerabilities in WordPress Database Manager v2.7.1

Title: Vulnerabilities in WordPress Database Manager v2.7.1 Author: Larry W. Cashdollar, @_larry0 Date: 10/13/2014 Download: https://wordpress.org/plugins/wp-dbmanager/ Downloads: 1,171,358 Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/ Contacted: 10/13/2014, Vulnerabilities addressed

XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities

Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities Author: Larry W. Cashdollar, @_larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download: http://extensions.joomla.org/extensions/access-a-security/site

Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin

#!/bin/bash #Larry W. Cashdollar, @_larry0 #Will brute force and search a Wordpress target site with WP-DB-Backup v2.2.4 plugin installed for any backups done on #20141031 assumes the wordpress database is wordpress and the table prefix is wp_ #http://www.vapid.dhs.org/advisories/wordpress

Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17

Title: Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 Author: Larry W. Cashdollar, @_larry0 Date: 2015-03-29 Download Site: https://wordpress.org/plugins/videowhisper-video-presentation/ Vendor: http://www.videowhisper.com/ Vendor Notified: 2015-03

Xloner v3.1.2 wordpress plugin authenticated command execution and XSS

v3.1.2 wordpress plugin authenticated command execution and XSS Author: Larry W. Cashdollar, @_larry0 Date: 2015-05-10 Download Site: https://wordpress.org/plugins/xclonerbackupandrestore/ http://extensions.joomla.org/extensions/accessasecurity/sitesecurity/ backup/665 Advisory: http

Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0

Title: Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-06 Advisory: http://www.vapid.dhs.org/advisory.php?v=124 Download Site: https://wordpress.org/plugins/se-html5-album-audio-player/ Vendor: https

Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin

Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design

SQL Injection in easy2map wordpress plugin v1.24

Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact: https://profiles.wordpress.org/stevenellis/ Advisory

SQL Injection in easy2map-photos wordpress plugin v1.09

Title: SQL Injection in easy2map-photos wordpress plugin v1.09 Author: Larry W. Cashdollar, @_larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map-photos Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.1.0 Vendor Contact: https://profiles.wordpress.org

Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5

Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Author: Larry W. Cashdollar, @_larry0 Date: 2015-07-05 Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling Vendor: https://profiles.wordpress.org/haet/ Vendor Notified: 2015-07-05

XSS and SQLi in huge IT gallery v1.1.5 for Joomla

Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla Fixed: v1.1.7 Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva Date: 2016-07-14 Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro Vendor: huge-it.com Vendor

Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0

/master/mobile_plugin_exploit.sh URL: http://www.vapidlabs.com/advisory.php?v=178 Credit: Larry W. Cashdollar, @_larry0 https://github.com/lcashdol/Exploits/blob/master/mobile_plugin_exploit.sh