Security Research and Intelligence

CUPS IPP Use-After-Free Denial of Service Vulnerability Proof of Concept [CVE-2010-2941]

Fellas,
SecPod Research Team member “Veerendra GG” has written a valid working POC to crash CUPS Service. The POC is written based on the information provided in RedHat Bugzilla (CVE-2010-2941) which sends a malformed IPP (Internet Printing Protocol) packets over TCP. For more information on this vulnerability, you can refer here. You can manage these Vulnerabilities with the help of a good Vulnerability Management Tool. Well, inline comments inside the Python script can help you more to figure out how the bug was reproduced to crash the service. The Vulnerability Management System can resolve these issues and keep your infrastructures safe. For brevity, the poc is posted below as well. (more…)

2 Comments
November 17, 2010
Category(Default) - Do Not Use This

XSS Vulnerability in ZeusCart Shopping Cart [0day]

Folks,
SecPod Research Team member (Sooraj K.S) found an XSS flaw in ZeusCart Ecommerce Shopping Cart, which can be used to gain sensitive information and launch further attacks. The flaw lies in the search parameter while ZeusCart web app processes the user-supplied input and renders the content back to the client’s browser. The flaw can be exploited to inject arbitrary HTML codes and steal cookies and so on. (more…)

Comments Off on XSS Vulnerability in ZeusCart Shopping Cart [0day]
August 5, 2010

End of content

No more pages to load

Newer Posts
Older Posts