Next Page >>
port 80
"Marcello Barnaba (void)" <vjt@openssl.it> wrote:
> Tried on QuickTime 7.3.10 running on OSX 10.5.1, and the player doesn't
> try to connect to port 80 if 554 is closed.
> ...
> yea i second that i tested on Vista and it doesnt attempt to redirect
> to the port 80 there must be another condition that u have specified
> that allows for redirection
Uhmmm I imagine you are the same Marcello of yesterday, right?
Who else could be?
A number of sensitive Java Servlets delivered via a Java Servlet
framework in the Cisco Telepresence Multipoint Switch could allow a
remote, unauthenticated attacker to perform actions that should be
restricted to administrative users only. The attacker would need the
ability to submit a crafted request to an affected device on TCP port
80, 443, or 8080.
An attacker must perform a three-way TCP handshake and establish a
valid session to exploit these vulnerabilities.
* CTMS - CSCtf42008 ( registered customers only) has been assigned
On Jan 10, 2008, at 7:45 PM, Luigi Auriemma wrote:
> For exploiting this vulnerability is only needed that an user follows
> a rtsp:// link, if the port 554 of the server is closed Quicktime will
> automatically change the transport and will try the HTTP protocol on
> port 80, the 404 error message of the server (other error numbers are
> valid too) will be visualized in the LCD-like screen.
Tried on QuickTime 7.3.10 running on OSX 10.5.1, and the player doesn't
try to connect to port 80 if 554 is closed.
organization's network assets. Firewalls are often positioned at the
entrance points into networks. Cisco IOS software provides a set of
security features that enable you to configure a simple or elaborate
firewall policy, according to your particular requirements.
HTTP uses port 80 by default to transport Internet web services,
which are commonly used on the network and rarely challenged with
regard to their legitimacy and conformance to standards. Because port
80 traffic is typically allowed through the network without being
challenged, many application developers are leveraging HTTP traffic
as an alternative transport protocol that will allow their
* HTTP Server DoS
Cisco Unified IP Phone 7935 and 7936 devices running SCCP
firmware contain a DoS vulnerability in their internal HTTP
server. By sending a specially crafted HTTP request to TCP port
80 on a vulnerable phone, it may be possible to cause the phone
to reboot. It is possible to workaround this issue by disabling
the internal HTTP server on vulnerable phones. The internal HTTP
server only listens to TCP port 80. This vulnerability is
corrected in SCCP firmware version 3.2(17) for 7935 devices and
SCCP firmware version 3.3(15) for 7936 devices. This
A number of sensitive Java Servlets delivered via a Java Servlet
framework within the Cisco TelePresence Recording Server could allow
a remote, unauthenticated attacker to perform actions that should be
restricted to administrative users. To successfully exploit this
vulnerability, the attacker would need the ability to submit a
crafted request to an affected device on TCP port 80, TCP port 443,
or TCP port 8080.
An attacker must perform a three-way TCP handshake and establish a
valid session to exploit these vulnerabilities.
Again: this vulnerability is exploitable ONLY with magic quotes OFF and
any value of register globals.
$ curl -v "http://www.example.com/cacti/index.php/sql.php" -d \
"login_username=foo'+or+ascii(substring(password,1,1))<56#&action=login"
* About to connect() to www.example.com port 80 (#0)
* Trying 127.0.0.1... connected
* Connected to www.example.com (127.0.0.1) port 80 (#0)
> POST /cacti-0.8.7a/index.php/sql.php HTTP/1.1
> User-Agent: curl/1.1.1 (i986-gnu-ms-bsd) cacalib/3.6.9 OpenTelnet/0.1
> Host: www.example.com
and then associated to the instance of the ICM/IPCC Active Directory
hierarchy will have correct permissions. Filters such as Transit ACLs
can then be used to allow access to the Administration Workstation
from only the trusted hosts.
Filters that deny HTTP packets using TCP port 80 and HTTPS packets
using TCP port 443 should be deployed throughout the network as part
of a tACL policy for protection of traffic that enters the network at
ingress access points. This policy should be configured to protect
the network device where the filter is applied and other devices
behind it. Filters for HTTP packets using TCP port 80 and HTTPS
3Com 3CRWER100-75 is a wireless cable/DSL router (widely used here, in
israel).
The router has a web management interface in it's port 80 (available from
inside the network).
When the administrator assign a virtual server to port 80 (In the management
web filled under the firewall tab) and the line is not checked, the router
vulnerable device configured with Cisco IOS SSL VPN:
Router#show running | section webvpn
webvpn gateway Gateway
ip address 10.1.1.1 port 443
http-redirect port 80
ssl trustpoint Gateway-TP
inservice
!
Router#
TN> Discovered: 18 November, 2006
TN> Disclosed: 15 June, 2009
TN> I. DESCRIPTION
TN> The Netgear DG632 router has a web interface which runs on port 80. This
TN> allows an admin to login and administer the device's settings. However,
TN> a Denial of Service (DoS) vulnerability exists that causes the web interface
TN> to crash and stop responding to further requests.
TN> II. DETAILS
the HTTP proxy.
In Cisco content delivery system software 2.5.3 and earlier, it is
possible to configure "Enable Incoming Proxy", which when enabled,
accepts incoming requests on configured ports, in addition to TCP
port 80. The additional ports that the device will listen on for
HTTP requests is defined in the "List of Incoming HTTP Ports" field,
within "Devices > Devices > Application Control > Web > HTTP > HTTP
Connections" of the content delivery system manager menu. For further
information on HTTP settings, refer to the "Cisco Internet Streamer CDS
2.5 Software Configuration Guide - Configuring Devices" at the following
> $host=$argv[1];
> $shell=$argv[2];
> $cmd="";
> $port=80;
> $proxy="";
> for ($i=3; $i<$argc; $i++){
> $temp=$argv[$i][0].$argv[$i][1];
> if (($temp<>"-p") and ($temp<>"-P")) {$cmd.=" ".$argv[$i];}
> if ($temp=="-p")
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of HP MSA 2000 G3. Authentication is not
required to exploit this vulnerability.
The specific flaws exists within the web interface listening on TCP port
80. There exists a directory traversal flaw that can allow a remote
attacker to view any file on the system by simply specifying it in the
default URI. Additionally, the pasword file contains a default login
that can be used to authenticate to the device. This can be leveraged by
a remote attacker to perform any tasks an administrator is able to.
moreover the visualization of more than 1024 chars, but other better
ways could exist.
The internal web server built in the Unreal engine is a service useful
for managing the own game server remotely through a web browser.
This server is NOT enabled by default and works on port 80 if the admin
doesn't change it.
The files pointed by the server are those contained in the Web folder
inside the game directory and /images is the only one which doesn't
require authorization, and is also the one needed to exploit this bug.
Luigi Auriemma wrote:
> WS_FTP Server Manager (aka WS_FTP WebService) is the web administration
> interface of the IpSwitch WS_FTP server and runs by default on port 80.
This also affects the Ipswitch What's Up Gold 11.03 web server.
Description:
KeyFax response management system provides professional management of
housing and other repairs; KeyFax is normally accessed using a web
browser over port 80. Various KeyFax pages are vulnerable to a
reflective XSS attacks. Other pages including the configuration file
disclose information including the operator and SQL account passwords.
Version 3.2.2.6 dated 2003-2010
Vendor Site: http://www.astaro.com/
Firmware Version: 7.100
Pattern Version: 5661
Kernel: default-2.6.16.43-54.5
Overview: The following fingerprints discovered could allow an attacker to craft a malicious HTTP packet and or leverage other attacks via port 80 & 8080. Nmap services scan (-sV) most take place internal to the network.
HTTP
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
XP redirects just fine.
/str0ke
none@void.gov.com wrote:
> yea i second that i tested on Vista and it doesnt attempt to redirect to the port 80 there must be another condition that u have specified that allows for redirection
>
>
#include <sys/stat.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <fcntl.h>
#define PORT 80
#define sys_err(x) \
do { \
fprintf(stderr,"%s",x); \
exit(-1); \
} while(0)
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Sybase MBusiness Anywhere. Authentication is
not required to exploit this vulnerability.
The flaw exists within the agd.exe component which listens by default on
TCP port 80 and 443. When calling agd!encodeUsername the process creates
a 100 byte buffer on the heap. The process then blindly copies user
supplied data into that fixed-length buffer without verifying that the
size of the destination buffer is adequately sized. A remote attacker
can exploit this vulnerability to execute arbitrary code under the
context of the SYSTEM user.
the system running the XML service.
Description:
The Citrix XML Service (ctxxmls.exe) is installed on every server used for
sharing applications. This windows service listens by default on port 80 and
can receive HTTP requests. Using HTTP POST requests with a URL starting with
the path /scripts/ it is possible to send messages to so called "HTTP
Extension DLLs" which consist of XML markup.
By sending a POST request to a really long non-existent extension DLL some
computer should have locked down software to prevent unauthorised people
bypassing the security on the GB-50A".
I find it slightly scary that someone might have one of these on a
network that controls something like data centre aircon, and that an
attacker can scan for it trivially (what answers on port 80 with a 200
to a GET for /en/administrator.html) and turn off all the aircon in the
data centre...
cheers,
Discovered: 18 November, 2006
Disclosed: 15 June, 2009
I. DESCRIPTION
The Netgear DG632 router has a web interface which runs on port 80. This
allows an admin to login and administer the device's settings. However,
a Denial of Service (DoS) vulnerability exists that causes the web interface
to crash and stop responding to further requests.
II. DETAILS
yea i second that i tested on Vista and it doesnt attempt to redirect to the port 80 there must be another condition that u have specified that allows for redirection
http://docs.codehaus.org/display/JETTY/Running+Jetty-7.0.x
- From an unpacked release directory of jetty-7,
the server can be started with the command: java -jar start.jar
- This will start a HTTP server on port 8080 and
deploy the test web application at: http://localhost:8080/test
II. DESCRIPTION
Multiple Vulnerabilities exist in Jetty software.
$where= "uid=$uid"; //user id, usually admin, anonymous = 1
$argv[2] ? print("[*] Attacking...\n") : syntax();
$_f_prefix=false;
$_use_proxy=false;
$port=80;
$_enforce=false;
for ($i=3; $i<$argc; $i++){
if ( stristr($argv[$i],"--prefix")){
$_f_prefix=true;
The PartyGaming PartyPoker client program can be forced into downloading a
malicious update. This is a result of the PartyPoker client not properly
confirming the authenticity of the network update server or the
executable update files themselves. When downloading an update, first
the client program resolves the DNS address of the update host. Next, it
establishes a TCP connection on port 80 of the previously resolved IP
address. Then, it sends an HTTP request for an EXE file under the web
server's Downloads directory. Upon receiving the HTTP response, the
requested portable executable is written to disk and executed.
ANALYSIS
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
Port 80 gives access through an HTML interface to the configuration menu as would be expected, but although you can control access to that interface using a password, there is no control over the telnet port. So, telnetting to port 23 (on is default IP 192.168.0.1) the users get automatically access to the filesystem, by providing no credentials at all. Now the file system of the device may be used for malicious communication and temporary data storage. Too, a user may download the upgrade firware's HTML code from the www directory and modify it locally so allow other files than IMGs to be uploaded and replace the existing firmware, making the device useless.
Also, one can view the contents of /etc/htpasswd file, where everything is in plaintext, and retrieve the web-based administrator's (admin) password. Some of the possible implications, that can be triggered from the web-interface, but not limited to the following, are:
1. Intruders are now capable to open the configuration page and go through the submenus where they can get the wireless key in use (the wireless key is being displayed in plaintext, as well)
2. They can perform a trivial DoS attack (factory restart the modem and everything stops working) similarly from the telnet session, by issuing the command "reboot" the device will obey and it will restart itself
communicate using a series of xml packets and absolutely zero
authentication or encryption :-(
Oh, and just in case you thought about maybe putting something secure
like an ssl webserver proxying the thing, these java applets are hard
coded to connect back to port 80 on the originating host using HTTP :-(
Still, you should get an idea of how the box is *supposed* to be used by
the fact that its ip address is set with dip switches where the
192.168.1 bit is hard coded!
Next Page>>
|
