Nice find! I figured as much, but good to see there's a patch out
there somewhere...
On 8/23/2018 at 9:14 AM, "Simon Waters" wrote:
On Thu, 23 Aug 2018 at 16:22, wrote:
It's likely CVE-2009-1524, but the description is vague and no public
PoC was released as far as I can tell.
The demise of
It's likely CVE-2009-1524, but the description is vague and no public
PoC was released as far as I can tell.
On 8/23/2018 at 2:00 AM, "Simon Waters" wrote:
On Tue, 21 Aug 2018 at 18:15, 1n3--- via Fulldisclosure wrote:
Title: Jetty 6.1.6 Cross-Site Scripting
Date: 8/14/2018
A
Title: Jetty 6.1.6 Cross-Site Scripting
Date: 8/14/2018
Author: 1N3@CrowdShield - https://crowdshield.com
Software Link: http://www.mortbay.org/jetty/
Tested on: Jetty 6.1.6 (other versions may also be vulnerable)
CVE: N/A
Background: Jetty 6.1.6 is vulnerable to Cross-Site Scripting (XSS)
which
# Exploit Title: IPSwitch MoveIt Stored Cross Site Scripting (XSS)
# Date: 1-31-2017
# Software Link: https://www.ipswitch.com/moveit
# Affected Version: 8.1-9.4 (only confirmed on 8.1 but other versions
prior to 9.5 may also be vulnerable)
# Exploit Author: 1N3@CrowdShield - https
=
Title: Zabbix 3.0.3 SQL Injection Vulnerability
Product: Zabbix
Vulnerable Version(s): 2.2.x, 3.0.x
Fixed Version: 3.0.4
Homepage: http://www.zabbix.com
Patch link: https://support.zabbix.com/browse/ZBX-11023
Credit: 1N3@CrowdShield
Gr33tz. I'm disclosing details for a potential 0day RCE vulnerability
in a number of common routers which may allow full control of affected
devices. I haven't found an existing vulnerability for this and this
appears to be a new trend in my ModSecurity logs. Hoping to get some
feedback from the