So you need administrative access to upload the file?
On Thu, Jun 9, 2011 at 7:24 AM, Tiago Ferreira wrote:
> [ Alligator Security Team
> ]===
>
> FreePBX - Module Administration Arbitrary File Upload
>
> Members: Tiago Ferreira < tiago SPAM alligat
I just saw this on reddit and have some questions that may answer my
question on why this took so long when tokens were implemented in other
areas of the product.
To start with, you seem to be able to disable three things. Application
security seems to be disabled by default and Java 2 Security w
I really don't want to talk more about this because everyone seems to be
hating on this. However...
ld_preload has to be set locally by the user or somehow remotely pass and
set ld_preload environment variable. Not only that, but it has to be in the
trusted path. This search path problem would be
I used to work there and I don't think I can officially say anything yet for
another month or two.
But I'll just say they have problems. I even sent some problems 'up the
chain' and didn't receive any response.
On Fri, Feb 4, 2011 at 10:24 AM, Wesley Kerfoot wrote:
> I think the fact that they
Found By:TurboBorland
Email Address:tborla...@gmail.com
Software: Kryn <=0.6
Date Found: 06/21/2010
Date Submitted: 06/29/2010
Ethical Disclosure: Vendor submitted - Replied with fix: "We've fix
this issues and already uploaded the new versions for kryn-core and
usermanagement." - Submissi
Login for email seems to be through normal http. Messages will be
traveling over plaintext as well.
As long as the access point for wireless isn't encrypted, then
promiscuous will definitely work and be a much better angle. Best
spots for that is hotspots or places that allow unencrypted wifi
acc
Found By: TurboBorland
Email: tborla...@gmail.com
Software: Asterisk Recording Interface
Date Found: 07/01/2010
Ethical Disclosure: Site down, no other location for project, author
can not be found, no one to get in touch with. Submission.
Vulnerabilities: LFI (steal voicemail (only nee
Yes, same exact story with different software. Pretty much, the only
difference is the tool they chose to modify. There are a few webcasts
in which I saw when they came out, where that iPhone forensics book
guy does a good hour webcasts on what he did and what more is
possible. Two different mod
Got bored and decided to break the new website of the company I work for.
Throughout I'll be dropping two new exploits that were chained to allow the
changing of the administrative password of a default mod-x install. This is
not a full review of mod-x, my main goal was just to break something, so
Hello Marsh,
I had found one of the previous holes.
http://seclists.org/fulldisclosure/2010/Jul/180
Don't forget to check out the includes for that file.
http://www.freepbx.org/trac/browser/freepbx/trunk/amp_conf/htdocs/admin/cdr/lib/defines.php?rev=10274
On Tue, Sep 21, 2010 at 3:33 PM, Marsh R
/*
Exploit: Windows Vista/7 lpksetup.exe (oci.dll) DLL Hijacking
Vulnerability
Extension: .mlc
Author: Tyler Borland (tborla...@gmail.com)
Date: 10/20/2010
Tested on: Windows 7 Ultimate (Windows Vista Ultimate/Enterpries and
Windows 7 Enterprise should be vulnerable as well
While the circumstance of the type of exploit may change, the actual exploit
type does not to me.
It does not escalate privileges, it will run under the context of the user
who opened the mcl as this is the same user level lpksetup will run under as
well. However, from my experience under Windows
> But your *aren't* controlling it. The loadlibrary seek priority is a set
path. The user must first connect to the share, and launch the file from
the share. THAT makes it part of the working directory. These are not the
droids you are looking for.
I don't understand why you don't believe we
I think it's getting ridiculous. Who cares about bureaucratical terms? I
find more and more 'researchers' trying to just be auditors and categorize
exploits and try to follow some kind of universal naming convention for
exploits that doesn't exist and shouldn't exist. I'd rather see information
14 matches
Mail list logo
