The Microsoft Exchange Client Access Server (CAS) that services Autodiscover has been found vulnerable to an information disclosure. It has been discovered that a standard domain user without Exchange permissions can enumerate Autodiscover configuration files of Exchange users by an XML SOAP parameter injection.
54c985d67107ade894f094c2b0fe43f071b3e549fb3bf44c8d221541460ae91eThe Client Access Server (CAS) that services Autodiscover and Outlook Web App (OWA) has been found to be vulnerable to time-based authentication attacks. It has been discovered that when sending authentication requests to the CAS, behavior in the timing of the responses can be used to verify Active Directory (AD) realms and usernames within those realms. Authentication timing issues have been found in specific IIS file paths and OWA form-based authentication. This issue can allow an attacker to confirm the existence of a specific username in the directory, and will make other attacks such as password guessing or social engineering attacks more successful.
061b94a5edc404d05361b21ffb528c06f80aa1cef15fbbc558442730005bf285Multiple issues have been discovered that makes it possible to disclose internal IP addresses of remote Microsoft Exchange environments.
1583d0211f9142e47c610ac0fa845c95f421e39d1782f40c8b7bdb1923355789iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.
5b95ff2d4925704d59bad3c06ff3236538ddba11b05cf2e9a1c8ef2856b2ca80Photo WiFi Transfer version 1.01 suffers from a directory traversal vulnerability.
1aa823b490ae3034f340604d446c57cda18cd37a0e00d5b90ff571baddb13c0fSphider versions prior to 1.3.6 suffer from remote command execution and remote SQL injection vulnerabilities.
bec986214c397a937254385b2f0337a5a584dbc4ff7e00734b9bc377c4066878Status2k server monitoring software suffers from cross site scripting, remote command execution, information disclosure, and remote SQL injection vulnerabilities.
dad0340bdf5e7906eedba0edc8b1b611d19dccd29edc0a3c822aa85bcf6ebcceWordPress Gmedia Gallery version 1.2.1 suffers from a remote shell upload vulnerability.
ada74cee2453653efa88820002f6372519feaccf001d06065f6ef793721257a2WordPress SI CAPTCHA anti-spam plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
496ce86c42c0989ac8f5097875beb5aef7f0b190c0d28fb474cf96b7c16b50b3WordPress Gamespeed Theme suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
4dffcd3646f2f16f700273d8af9755e703255a2a3afbcf1090dded0c91f5f2d7WordPress MyBand theme suffers from a cross site scripting vulnerability. This finding houses site-specific data.
117ffb3b858d7a1be734b0e661c3e5e48ee0e3e8cc8f5900ff0a5f087910767a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed