compromise Archives - XeroSecurity

All posts tagged: compromise

xer0dayz Blog

CVE-2016-4401 – Unauthenticated Database Credential Leak In Aruba ClearPass

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-010.txt

It is possible for an unauthenticated user with network access to a ClearPass server to expose database credentials.  
This vulnerability leads to complete system compromise.

Severity: CRITICAL
CVSSv3 Overall Score: 9.8
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Discovery: This vulnerability was discovered by [email protected] and reported through the BugCrowd managed bug bounty
program.

FIX: Fixed in 6.5.7 and 6.6.2

Bounty: $1,500

October 17, 2016 xer0dayz Bug Bounties, CVE's, Uncategorized No comments yet

Fuzzer Add-on $39.99
Brute Force Add-on $29.99
Sn1per Professional v8.0 + Command Execution Add-on $198.00

Sn1per Community Edition v8.4 Released! June 9, 2020
Sn1per Professional v8.0 Fuzzer Add-on Released! May 17, 2020
Aftermath2020 #002 with @xer0dayz – Live Bug Bounty Recon with Sn1per Professional April 3, 2020
Aftermath2020 #001 with @xer0dayz – Live Bug Bounty Recon with Sn1per Professional March 31, 2020
Sn1per Professional v8.0 Brute Force Add-on Released! March 11, 2020
Sn1per Professional v8.0 – What’s New? January 1, 2020
Sn1per Professional 8.0 Upgrade Special! December 23, 2019
Sn1per Professional v7.0 Released! May 31, 2019
Sn1per Community Edition v7.0 Released! May 8, 2019
Sn1per Professional v6.0 now available! December 17, 2018
Bug Bounty Recon Like A Pro October 9, 2018
IPSwitch MoveIt Stored Cross Site Scripting (XSS) January 15, 2018
Exploiting Python Deserialization Vulnerabilities September 4, 2017
Exploiting Path Traversal in PSPDFKit for Android (2.3.3 – 2.8.0) August 11, 2017
Advanced Client Side Exploitation Using BeEF April 15, 2017