[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] EMC CTA v10.0 unauthenticated XXE with root perms

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] EMC CTA v10.0 unauthenticated XXE with root perms
From: Brandon Perry <bperry.volatile@xxxxxxxxx>
Date: Mon, 31 Mar 2014 11:06:19 -0500

Hi,

The linked gist below details an unauthenticated XXE vulnerability that
allows an attacker to read /etc/shadow within EMC CTA v10.0.

https://gist.github.com/brandonprry/9895721

-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Next by Date: [FD] Introducing APSAM - Beyond Military Grade Security
Next by thread: [FD] Introducing APSAM - Beyond Military Grade Security
Index(es):
- Date
- Thread