CUPS IPP Use-After-Free Denial of Service Vulnerability Proof of Concept [CVE-2010-2941]

Fellas,
SecPod Research Team member “Veerendra GG” has written a valid working POC to crash CUPS Service. The poc is written based on the information provided in RedHat Bugzilla (CVE-2010-2941) which sends malformed IPP (Internet Printing Protocol) packet over TCP. For more information on this vulnerability you can refer here. Well, inline comments inside the python script can help you more to figure out on how the bug was reproduced to crash the service. For brevity the poc is posted below as well. (more…)

Continue Reading CUPS IPP Use-After-Free Denial of Service Vulnerability Proof of Concept [CVE-2010-2941]

XSS Vulnerability in ZeusCart Shopping Cart [0day]

Folks,
SecPod Research Team member (Sooraj K.S) found an XSS flaw in ZeusCart Ecommerce Shopping Cart, which can be used to gain sensitive information and launch further attacks. The flaw lies in the search parameter while ZeusCart web app processes the user-supplied input and renders the content back to the client’s browser. The flaw can be exploited to inject arbitrary HTML codes and steal cookies and so on. (more…)

Continue Reading XSS Vulnerability in ZeusCart Shopping Cart [0day]