accadmin Pubblicato in CLICKJACKING Nessun commento

pfSense 2.4.1 CSRF Error Page Clickjacking

This Metasploit module exploits a Clickjacking vulnerability in pfSense versions 2.4.1 and below. pfSense is a free and open source firewall and router. It was found that the pfSense WebGUI is vulnerable to Clickjacking. By tricking an authenticated admin into interacting with a specially crafted webpage it is possible for an attacker to execute arbitrary […]

The post pfSense 2.4.1 CSRF Error Page Clickjacking appeared first on MondoUnix.

13 12

accadmin Pubblicato in Credential Nessun commento

Fortinet FortiClient VPN Credential Disclosure

FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforementioned storage is world readable, which actually lays […]

The post Fortinet FortiClient VPN Credential Disclosure appeared first on MondoUnix.

13 12

accadmin Pubblicato in execution Nessun commento

Palo Alto Networks Firewalls Remote Root Code Execution

Three separate bugs can be used together to remotely execute commands as root through the web management interface without authentication on PAN-OS versions 6.1.18 and earlier, PAN-OS versions 7.0.18 and earlier, PAN-OS versions 7.1.13 and earlier, and…

13 12

accadmin Pubblicato in ADVISORY Nessun commento

Qualys Security Advisory – GNU C Library Memory Leak / Buffer Overflow

Qualys has discovered a memory leak and a buffer overflow in the dynamic loader (ld.so) of the GNU C Library (glibc).
Source: Qualys Security Advisory – GNU C Library Memory Leak / Buffer Overflow
The post Qualys Security Advisory – GNU C L…

13 12

accadmin Pubblicato in authentication Nessun commento

Meinberg LANTIME Web Configuration Utility 6.16.008 Authentication Bypass

Meinberg LANTIME Web Configuration Utility version 6.16.008 suffers from an authentication bypass vulnerability.
Source: Meinberg LANTIME Web Configuration Utility 6.16.008 Authentication Bypass
The post Meinberg LANTIME Web Configuration Utility 6.16….

13 12

accadmin Pubblicato in arbitrary Nessun commento

Meinberg LANTIME Web Configuration Utility 6.16.008 Arbitrary File Upload

Meinberg LANTIME Web Configuration Utility version 6.16.008 suffers from an arbitrary file upload vulnerability.
Source: Meinberg LANTIME Web Configuration Utility 6.16.008 Arbitrary File Upload
The post Meinberg LANTIME Web Configuration Utility 6.16….

13 12

accadmin Pubblicato in arbitrary Nessun commento

Meinberg LANTIME Web Configuration Utility 6.16.008 Arbitrary File Read

Meinberg LANTIME Web Configuration Utility version 6.16.008 suffers from an arbitrary file read vulnerability.
Source: Meinberg LANTIME Web Configuration Utility 6.16.008 Arbitrary File Read
The post Meinberg LANTIME Web Configuration Utility 6.16.008 …

13 12

accadmin Pubblicato in bypass Nessun commento

Zivif PR115-204-P-RS 2.3.4.2103 Bypass / Command Injection / Hardcoded Password

Zivif PR115-204-P-RS cameras version 2.3.4.2103 suffer from authentication bypass, command injection, and hardcoded password vulnerabilities.
Source: Zivif PR115-204-P-RS 2.3.4.2103 Bypass / Command Injection / Hardcoded Password
The post Zivif PR115-2…

12 12

accadmin Pubblicato in double Nessun commento

macOS / iOS Kernel IOSurfaceRootUserClient Double-Free

macOS and iOS suffer from a kernel double free vulnerability due to IOSurfaceRootUserClient not respecting MIG ownership rules.
Source: macOS / iOS Kernel IOSurfaceRootUserClient Double-Free
The post macOS / iOS Kernel IOSurfaceRootUserClient Double-Fr…

12 12

accadmin Pubblicato in exploit Nessun commento

macOS getrusage Stack Leak

macOS suffers from a getrusage stack leak through struct padding.
Source: macOS getrusage Stack Leak
The post macOS getrusage Stack Leak appeared first on MondoUnix.

Accademia dell'hardware e del software libero Adriano Olivetti

Il pensiero olivetti è in linea perfetta con i concetti del software e dell'hardware libero

Categoria: exploit

pfSense 2.4.1 CSRF Error Page Clickjacking

Fortinet FortiClient VPN Credential Disclosure

Palo Alto Networks Firewalls Remote Root Code Execution

Qualys Security Advisory – GNU C Library Memory Leak / Buffer Overflow

Meinberg LANTIME Web Configuration Utility 6.16.008 Authentication Bypass

Meinberg LANTIME Web Configuration Utility 6.16.008 Arbitrary File Upload

Meinberg LANTIME Web Configuration Utility 6.16.008 Arbitrary File Read

Zivif PR115-204-P-RS 2.3.4.2103 Bypass / Command Injection / Hardcoded Password

macOS / iOS Kernel IOSurfaceRootUserClient Double-Free

macOS getrusage Stack Leak