Hunt CCTV (and generics brands) Insufficient Authentication
January 17, 2013 - A. Ramos
-- CVE ID:
CVE-2013-1391 [reserved]
-- Affected Vendors:
Hunt CCTV (http://www.huntcctv.com/)
** generic brands from Hunt **
Capture CCTV (http://www.capturecctv.ca/)
NoVus CCTV (http://www.novuscctv.com
# Exploit Title: OpenText LiveLink multiple vulnerabilities (CSRF, XSS)
# Date: 22/06/2010
# Author: Alejandro Ramos
# http://www.securitybydefault.com
# Software Link: http://www.opentext.com/
# Version: 9.7.1
# Tested on: Solaris
Opentext (NASDAQ OTEX) LiveLink 9.7.1
Livelink features several
Hi everyone,
Here i attached a quick reference (also known as cheatsheet) for NMAP,
incorporating in addition to common parameters, some commands which
are specific of the last branch released. I've also incorporated on
the lower section some examples with typical scans which can be
performed with
Hello all,
Just another one: you can access to the configuration backup without
authentication at: /config.xml.sav
On Fri, Jan 15, 2010 at 17:12, Adam Baldwin
wrote:
> The MiFi by Novatel Wireless (re-branded and sold by multiple vendors
> such as Sprint and Verizon) is a mobile wifi hotspot. Th
Take a look over:
http://www.virustotal.com/analisis/0603d534b0128bf81ec57a8ab00e145c
2008/3/26 <[EMAIL PROTECTED]>:
>
>
>
>
> Pangolin is a GUI tool running on Windows to perform as more as possible
> pen-testing through SQL injection. This version now supports following
> databases and operat
ISC INN has not commented on this issue.
VI. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2006-116142 to this issue.
APPENDIX A. - Vendor Information
http://www.isc.org/index.pl?/sw/inn/
APPENDIX B. - References
NONE
CONTACT:
*A. Ramos [EMAIL
e_id AND th.thread_address_id = ad.address_id AND
t.ticket_id = " . $ticket . " GROUP BY th.thread_id LIMIT 0,1";
Solution:
---
Not available, maybe changing every "$cerberus_db->query($sql)" to
"$cerberus_db->escape($sql)".
History:
---
15-20/Nov/2005 --- Bugs discovered
11/Dec/2005 --- The Author has been notified .
19/Dec/2005 --- Full Disclosure
--
A. Ramos
mailto: <[EMAIL PROTECTED]>
http://www.unsec.net
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
bug found.
21 Sept 2005: Nokia security contacted.
24 Sept 2005: Disclosure in NCN - V congress (http://www.noconname.org).
26 Sept 2005: Full disclosure.
--
A. Ramos.
mailto: <[EMAIL PROTECTED]>
http://www.unsec.net
___
Full-Disclosure - We believe