[FD] UPS Web/SNMP-Manager CS121 authentication bypass, credentials leak, ...

UPS Web/SNMP-Manager CS121 by Generex comes in with a default enabled "service"-port, that makes it possible to bypass any specified login for HTTP(s), snmp or telnet. CS121 is a widely used management card in ups systems from Legrand, Rittal, Eaton, AEG, Masterguard Attached is a poc, f

[FD] check_dhcp - Nagios Plugins <= 2.0.1 Arbitrary Option File Read

= - Release date: 15.05.2014 - Discovered by: Dawid Golunski - Severity: Moderate = I. VULNERABILITY - check_dhcp - Nagios Plugins <= 2.0.1 Arbitrary Option File Read II. BACKGROUND

[FD] [CVE-2014-3749] Construtiva CIS Manager CMS POST SQLi

Construtiva CIS Manager CMS POST SQLi TL;DR; == . PRODUCT : Construtiva CIS Manager . TYPE: SQLi http://site/autenticar/lembrarlogin.asp (POST email) . CVE : CVE-2014-3749 Software Description . The CIS Manager platform is a complete and powerfu

[FD] CVE-2014-3719 SQL Injection Vulnerability

Greetings:        I found on a ALEPH500 (Integrated library management system) SQL Injection Vulnerability；CVE-ID is CVE-2014-3719. Aleph 500, fully meet the industry standard, is an art class perfect librarysolution, the Ex Libris to pursue the essence of philosophy is flexible and easy

Re: [FD] project unicorn exploitable index

Deployed the thing to the cloud : http://un1c0rn.net/ -> Let's see how long it holds :) Scanning will resume as soon as the communication bus is secured. ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure

Re: [FD] AirDroid Lock Screen Bypass

Good Morning, Although this is not something that I would personally call a vulnerability, I can see your reason for concern. In order for an attacker to successfully exploit this, they would not only have to gain access to your physical phone but also gain access to your Airdroid account. You hav

[FD] Mac OS X stack_chk_guard not always safe from overwrite

Hi, $ sysctl kern.version kern.version: Darwin Kernel Version 13.1.0: Wed Apr 2 23:52:02 PDT 2014; root:xnu-2422.92.1~2/RELEASE_X86_64 $ mkdir stack_guard=0x4141414141414141 $ ln -sf ../appledump stack_guard=0x4141414141414141/link $ stack_guard=0x4141414141414141/link string(0): string(1): st

[FD] [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability

Revive Adserver Security Advisory REVIVE-SA-2014-001 Advisory ID: REVIVE-SA-2014-001 CVE ID:CVE-2013-5954 D

[FD] CVE-2014-3718] ALEPH500 (Integrated library management system) Cross Site Scripting Vulnerability

Greetings: a ALEPH500 (Integrated library management system) Cross Site Scripting??CVE-ID is CVE-2014-3718. Aleph 500, fully meet the industry standard, is an art class perfect librarysolution, the Ex Libris to pursue the essence of philosophy is flexible and easy to use. Ex Libris i

[FD] AirDroid Lock Screen Bypass

All, I'm running AirDroid v2.1.0 on CleanROM 8.1 Core Edition. On my phone (Galaxy S3), I have a pattern lock screen enabled. Vulnerability: When running AirDroid in the background and the phone locks, you can use a web browser to connect to the phone. On the phone, you get the usual pop-up box

[FD] [CVE-2014-3719] ALEPH500 (Integrated library management system) SQL Injection

Greetings:       I found on a ALEPH500 (Integrated library management system) Cross Site Scripting；CVE-ID is CVE-2014-3719.Aleph 500, fully meet the industry standard, is an art class perfect librarysolution, the Ex Libris to pursue the essence of philosophy is flexible and easy to use. Ex Libris i