Members Login

Rss Feeds

Get our latest content via RSS feeds.

Report a Vulnerability

Report a vulnerability or exploit that you have found to SecuMania.
vul[at]SecuMania.org

advertise with us

add your link here only ($10/month)

Google PageRank Checker
 

Recommended Links

Most downloaded

Latest Comments

[…] self-propagating malware in the first place. Share this post: email it! | bookmark it! | digg ...
Hello Webmasters My name is Nikolai. I am making an organization for the protection internet users f...
good job you are the best . mgharba talmout :d
Hello, The reported problem has been fixed. Regards, Catalina Danila Online Rent Customer Supp...
Not Vulnerable: Luis Wang netOffice Dwins 1.3.1 visit website http://netofficedwins .sourceforge.ne...
Current version of script corrected. Security patch available to registered users in the user foru...
But i think to protect the password is not needed because it's not used in the SQL-Execute statement...
you may find that your hotfix doesnt stop the password field from having SQL injected into it. This ...
i tried cmd panel doesnt work
gcc exploit.c -o exploit $./exploit $[ ] root

Who's Online

Total: 4
Members: 0 / Guests: 4
No members online

Packet Storm

Links

viralcoders

lzer






Astalavista.com - the hacking & security community

LyricsWork.com
MovieWork.net
 Add your site here? Contact us

Visits today: 228
Visits yesterday: 746
Visits month: 12958
Visits total: 41063
Pages total: 635004
netOffice Dwins Authentication Bypass Vulnerability and Arbitrary File Upload Vulnerability Print E-mail
0
Friday, 29 February 2008
netOffice Dwins Authentication Bypass Vulnerability and Arbitrary File Upload Vulnerability
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Feb 29 2008 12:00AM
Updated: Feb 29 2008 05:42PM
Credit:
dB at rawsecurity.org discovered these issues.
Vulnerable:
Luis Wang netOffice Dwins 1.3 p2
Not Vulnerable:
Description:
netOffice Dwins is prone to a vulnerability that allows attackers to bypass authentication as well as a vulnerability that allows attackers to upload arbitrary files. These issues occur because the application fails to adequately sanitize user-supplied input.

Attackers can leverage these issues to gain unauthorized access to the application and to execute arbitrary code in the context of the application.

These issues affect Dwins 1.3 p2; other versions may also be affected.
Exploit:
Attackers may exploit these issues through a browser.

The following proof-of-concept code is available:
Solution:
Currently SecuMania is not aware of any solution for this issue.
If you are aware of more recent information, please mail us at: vul[at]SecuMania.org.
References:
Source:
Set as favorite
Bookmark
Email This
Hits: 298
Comments (1)add
This vulnerability has a solution
written by Luis , May 02, 2008
Not Vulnerable: Luis Wang netOffice Dwins 1.3.1
visit website
http://netofficedwins
.sourceforge.net
report abuse
vote down
vote up
Votes: +0
Write comment
quote
bold
italicize
underline
strike
url
image
quote
quote
smile
wink
laugh
grin
angry
sad
shocked
cool
tongue
kiss
cry
smaller | bigger

busy
 
< Prev   Next >
[ Back ]

Polls

How do you rate the SecuMania Security Portal?
 

Latest exploits

Latest vulnerabilities

Security

Spam

Viruses/Malware

Software/Programming

Linux

Microsoft

Technology

Web Directory | Debt Help | Loans | Loans | Repair Bad Creditlinks VoteThisMovie PalKeys Hey3arab arabekia