NGENUITY-2009-005 OpenCart Order By Blind SQL Injection

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-005 - OpenCart Order By Blind SQL Injection Application: OpenCart 1.1.8 Vendor: OpenCart Vendor website: http://www.opencart.com <http://www.chambermaster.com> Author: Adam Baldwin (ada

ExpressionEngine Persistent Cross-Site Scripting

ttp://www.transparent-tech.com/> Author: Adam Baldwin (adam_bald...@ngenuity-is.com) I. BACKGROUND "ExpressionEngine is a flexible, feature-rich content management system that empowers thousands of individuals, organizations, and companies around the world to easily manage their w

Zabbix Multiple Frontend CSRF (Password reset & command execution)

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-006 - Zabbix Multiple Frontend CSRF Application: Zabbix 1.6.2 Vendor: Zabbix Vendor website: http://www.zabbix.com Author: Adam Baldwin (adam_bald...@ngenuity-is.com) I. BACKGROUND "Z

McAfee UTM Firewall Help Reflected Cross-Site Scripting

Advisory Information Advisory ID: NGENUITY-2010-005 Date published: 6/9/2010 Vulnerability Information Class: Reflected Cross-Site Scripting (XSS) Software Description McAfee UTM Firewall (Firmware 3.0.0 to 4.0.6) (formerly SnapGear) is the affected product line. More inf

Nagios XI 2009R1.2B Multiple CSRF

Advisory Information Advisory ID: NGENUITY-2010-006 Date published: Aug. 7, 2010 Class: Cross-Site Request Forgery (CSRF) Software Description Nagios XI is the commercial / enterprise version of the open source Nagios project. Vulnerability Description Nagios XI 2009R1.2B

Nagios XI Login XSS

. Technical Description Here is a non-malicious example. The input after login.php is inserted into the permalink_base variable without being sanitized. http://example.com/nagiosxi/login.php?%22;alert%281%29;// Credits This vulnerability was discovered by Adam Baldwin Original Advisory http

Nagios XI users.php SQL Injection

message as a result of this query. Credits This vulnerability was discovered by Adam Baldwin Original Advisory: http://ngenuity-is.com/advisories/2010/aug/24/nagios-xi-usersphp-sql-injection/

Django admin list filter data extraction / leakage

exploit this vulnerability. Here's looking at you CMS apps! CREDIT: This vulnerability was discovered by Adam Baldwin <mailto:adam_bald...@ngenuity-is.com><mailto:adam_bald...@ngenuity-is.com> REFERENCES: [1] - http://www.djangoproject.com [2] - http://www.djangoproject.com/w

osTicket v1.6 RC4 Admin Login Blind SQLi

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-007 osTicket Admin Login Blind SQL Injection Application: osTicket v1.6 RC4 Vendor: osTicket Vendor website: http://www.osticket.com Author: Adam Baldwin (adam_bald...@ngenuity-is.com) I

[NGENUITY] - Ticket Subject Persistent XSS in Kayako SupportSuite

nGenuity Information Services – Security Advisory Advisory ID: NGENUITY-2009-008 - Ticket Subject Persistent XSS in Kayako SupportSuite Application: SupportSuite v3.50.06 Vendor: Kayako Vendor website: http://www.kayako.com Author: Adam Baldwin (adam_bald...@ngenuity-is.com

[NGENUITY] - Spiceworks Multiple Vulnerabilities (XSS & CSRF)

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-009 - Spiceworks Multiple Vulnerabilities (XSS & CSRF) Application: Spiceworks 3.6.31847 Vendor: Spiceworks Vendor website: http://www.spiceworks.com Author: Adam Baldwin (adam_bald...@ngen

Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker

The MiFi by Novatel Wireless (re-branded and sold by multiple vendors such as Sprint and Verizon) is a mobile wifi hotspot. The mifi also has a built in GPS to provide location based searching. Turns out that the web interface to this little device has a lot going on that can be exploited, from ga

Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker

On 1/16/10 8:13 AM, A. Ramos wrote: > Hello all, > > Just another one: you can access to the configuration backup without > authentication at: /config.xml.sav If you have the Sprint MiFi with the latest firmware rev (AP 11.47.17 Router 018.0101) The correct path is /config.xml.savefile -Adam

Zenoss Multiple Admin CSRF

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2010-002 - Zenoss Multiple Admin CSRF Application: Zenoss 2.3.3 Vendor: Zenoss Vendor website: http://www.zenoss.com Author: Adam Baldwin (adam_bald...@ngenuity-is.com) I. BACKGROUND Zenoss is a