Showing 1 - 11 of 11

Files from Craig Young

OpenSSL CVE-2014-0224 Detection Script: Posted Jun 6, 2014; Authored by Craig Young | Site tripwire.com; OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. This script tests for that vulnerability.; tags | tool, scanner; systems | unix; advisories | CVE-2014-0224; SHA-256 | f59eadbc19854f9ff9a362ab226550f4d66039b6eae733379588772f630f3b87; Download | Favorite | View

NETGEAR ReadyNAS Perl Code Evaluation: Posted Nov 25, 2013; Authored by H D Moore, juan vazquez, Craig Young | Site metasploit.com; This Metasploit module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and 4.1.11. The vulnerability exists on the web fronted, specifically on the np_handler.pl component, due to the insecure usage of the eval() perl function. This Metasploit module has been tested successfully on a NETGEAR ReadyNAS 4.2.23 Firmware emulated environment, not on real hardware.; tags | exploit, web, perl; advisories | CVE-2013-2751, OSVDB-98826; SHA-256 | bde67c6d5bd2eaadf289392fe66c898b1b40583f113cc479740f75c0912c0b93; Download | Favorite | View

Netgear ReadyNAS Remote Command Execution: Posted Oct 28, 2013; Authored by anonymous, Craig Young; Proof of concept exploit that demonstrates remote command execution on Netgear ReadyNAS.; tags | exploit, remote, proof of concept; SHA-256 | 7ae30b42d1addf06dce009c2571e44ead9195cf7589aebbb33dbd101756f76dd; Download | Favorite | View

Netgear ReadyNAS Complete System Takeover: Posted Oct 23, 2013; Authored by Craig Young | Site tripwire.com; Tripwire Security Advisory 2013-001 - Netgear ReadyNAS suffers from command injection and cross site request forgery vulnerabilities.; tags | advisory, vulnerability, csrf; advisories | CVE-2013-2751, CVE-2013-2752; SHA-256 | b3eefdfb27dbf2c8f6fecde888ea1eb5e5c4319117d673b20584fe6385aacbae; Download | Favorite | View

Linksys WRT110 Remote Command Execution: Posted Oct 8, 2013; Authored by juan vazquez, Craig Young, joev | Site metasploit.com; The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.; tags | exploit, web; advisories | CVE-2013-3568; SHA-256 | 44b428488518ed2abeee03160462e56c8203577c382cafa8ace86476e15928be; Download | Favorite | View

Linksys WRT110 Remote Command Execution: Posted Sep 20, 2013; Authored by Craig Young | Site metasploit.com; The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.; tags | exploit, web; advisories | CVE-2013-3568; SHA-256 | 5fdabb65539c0e2248afcba9871e415908777fb0b2f288107530f6a551406d99; Download | Favorite | View

Loftek CSRF / Memory Dump / Credential Disclosure: Posted Aug 23, 2013; Authored by Craig Young; This archive holds proof of concept code for cross site request forgery, memory dump, and wifi credential disclosure vulnerabilities in Loftek Nexus 543 IP cameras.; tags | exploit, vulnerability, proof of concept, csrf; systems | linux; advisories | CVE-2013-3311, CVE-2013-3312, CVE-2013-3313, CVE-2013-3314; SHA-256 | d8d9a9612f6d40cf5a8de4bce2dac3ab2ab4a787138a95efeac38d560c8a7206; Download | Favorite | View

Android Weblogin: Google's Skeleton Key: Posted Aug 8, 2013; Authored by Craig Young; Included in this archive is a presentation of Android Weblogin: Google's Skeleton Key along with various proof of concept code from the talk presented at DefCon 21.; tags | exploit, proof of concept; systems | linux; SHA-256 | 917ef9c7b31e3a0e0835376c951d3aec56779e5a92b79073ee01261b4a737f47; Download | Favorite | View

MiniDLNA SQL Injection / Buffer Overflow: Posted Jul 17, 2013; Authored by Craig Young; MiniDLNA versions prior to 1.1.0 suffer from heap-based buffer overflow and remote SQL injection vulnerabilities.; tags | advisory, remote, overflow, vulnerability, sql injection; advisories | CVE-2013-2738, CVE-2013-2739, CVE-2013-2745; SHA-256 | e7d1ebafa357dc3be45f9cf26f26f66c2a057c0cc51364b9154c4436a393da48; Download | Favorite | View

SilverStripe CMS Cross Site Scripting: Posted Jul 15, 2013; Authored by Craig Young; SilverStripe CMS decidedly to quietly fix multiple persistent cross site scripting vulnerabilities without informing the public. Fail.; tags | advisory, vulnerability, xss; advisories | CVE-2012-6458; SHA-256 | ba424faa00595576e5473a7a215b946162b069fd5671798ba3d039f2833caee3; Download | Favorite | View

Linksys WRT110 Command Injection / CSRF: Posted Jul 12, 2013; Authored by Craig Young; Linksys WRT110 suffers from root shell command injection and cross site request forgery vulnerabilities.; tags | advisory, shell, root, vulnerability, csrf; advisories | CVE-2013-3568; SHA-256 | 850308c35db1a6b6413065eb09749bb1a66bb16d4e5f80c535788b446adada12; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days