what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Sascha Kettler

Check_MK Arbitrary File Disclosure

Posted May 29, 2014

Authored by Markus Vervier, Sascha Kettler | Site lsexperts.de

Check_MK suffers from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary

advisories | CVE-2014-0243

SHA-256 | 29ea17ad8196b8ca5a593382f3d744479bd2f4a883b8f7db788780575f11978e

Download | Favorite | View

Sitepark Information Enterprise Server 2.9 Unauthenticated Access

Posted May 1, 2014

Authored by Markus Vervier, Sascha Kettler | Site lsexperts.de

LSE discovered that the installer of the Information Enterprise Server (IES) was available to unauthenticated users over HTTP. When updating from previous versions of IES, an installation form was not disabled after installation. In this case the servlet "/ies/install" was exposed to unauthenticated users. By accessing the servlet at URI "/ies/install/" on an affected IES server, an unauthenticated attacker was able to set a new password for the manager account. Additionally sensitive information regarding the IES installation was displayed.

tags | advisory, web

advisories | CVE-2014-3006

SHA-256 | a3bd5fbb77d7da353b590c6fc5e71a5468197a93c7835a587b10d09fad706a47

Download | Favorite | View