what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

D-Link DIR-859 Unauthenticated Remote Command Execution
Posted Jan 22, 2020
Authored by Miguel Mendez Z, Pablo Pollanco P | Site metasploit.com

D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.

tags | exploit, cgi
advisories | CVE-2019-17621
SHA-256 | ae3c3447736253b12652f3498e39b80ef8b5c39fdb23d42cf38844008d3a0195

Related Files

DLINK DPH-400SE FRU2.2.15.8 Information Disclosure
Posted Sep 5, 2023
Authored by tahaafarooq

DLINK DPH-400SE version FRU2.2.15.8 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | e04c693b7f9f2fc627223d12d2bb72ef8540956fc844b65711e66b98c9fb70bb
DLINK DAP-1620 A1 1.01 Directory Traversal
Posted May 11, 2022
Authored by Momen Eldawakhly

DLINK DAP-1620 A1 version 1.01 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2021-46381
SHA-256 | afc86a4ac9803168c3b340a707e44de908ed61a99b24127201ce6cfc66f250d0
DLINK DIR850 Insecure Direct Object Reference
Posted May 11, 2022
Authored by Ahmed Alroky

DLINK DIR850 suffers from a configuration disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2021-46378
SHA-256 | 5034a5f0e126b6ab60e98dea096eaebf7cc6ad8b71cab77e3def72b569c48e46
DLINK DIR850 Open Redirection
Posted May 11, 2022
Authored by Ahmed Alroky

DLINK DIR850 suffers from an open redirection vulnerability.

tags | exploit
advisories | CVE-2021-46379
SHA-256 | 72409a8afce1317e2f05d207afa64d2146abe33a6dccbbd6cf731c303a7744b9
Dlink DSL2750U Command Injection
Posted Jun 22, 2021
Authored by Mohammed Hadi

Dlink DSL2750U suffers from a reboot command injection vulnerability.

tags | exploit
SHA-256 | e1c1e65d0c0408be5cc26b5b08457b6edbb30d79d27245ffd3ab2ad1d7fe9464
D-Link Central WiFi Manager CWM(100) Remote Code Execution
Posted Aug 18, 2020
Authored by M3 at ZionLab, Redouane Niboucha | Site metasploit.com

This Metasploit module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM(100) versions below v1.03R0100_BETA6. The vulnerability exists in the username cookie, which is passed to eval() without being sanitized. Dangerous functions are not disabled by default, which makes it possible to get code execution on the target.

tags | exploit, php, code execution
advisories | CVE-2019-13372
SHA-256 | ac0e25a36b1f650a673695023120501aef0392916303b8f4a0574daeb5e71a35
DLINK DWL-2600 Authenticated Remote Command Injection
Posted Mar 28, 2020
Authored by Raki Ben Hamouda, Nick Starke | Site metasploit.com

This Metasploit module exploits some DLINK Access Points that are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin.

tags | exploit, web
advisories | CVE-2019-20499
SHA-256 | a2f0e8cf76051e688f4ad0f0c6c2006837b156b7ef27c777a6a73c0c8435e559
Ubuntu Security Notice USN-4294-1
Posted Mar 2, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4294-1 - It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An unprivileged local attacker could read the first line of any file on the filesystem.

tags | advisory, remote, arbitrary, shell, local, root
systems | linux, ubuntu
advisories | CVE-2020-8793, CVE-2020-8794
SHA-256 | 5b6805dc7503709eaa6444271d78fe6c8eb7dcb5aa91a23ed44fee1b7b1d5835
D-Link ssdpcgi Unauthenticated Remote Command Execution
Posted Feb 7, 2020
Authored by secenv, s1kr10s | Site metasploit.com

This Metasploit module exploits an ssdpcgi remote command execution vulnerability in D-Link devices.

tags | exploit, remote
advisories | CVE-2019-20215
SHA-256 | ed07a259961db246757dad8786ea4ac6379a39234cdb6aa11f129b8ba5516a52
Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
Posted Jun 7, 2019
Authored by Mandar Satam

Dlink DCS-1130 suffers from command injection, cross site request forgery, stack overflow, and various other vulnerabilities.

tags | exploit, overflow, vulnerability, csrf
advisories | CVE-2017-8404, CVE-2017-8405, CVE-2017-8406, CVE-2017-8407, CVE-2017-8408, CVE-2017-8409, CVE-2017-8410, CVE-2017-8411, CVE-2017-8412, CVE-2017-8413, CVE-2017-8414, CVE-2017-8415, CVE-2017-8416, CVE-2017-8417
SHA-256 | 62fb7f17828f6ae21c3e1303c125cf87700faed4aa3648a022446ba2a875e7f8
Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
Posted Sep 22, 2018
Authored by Jacob Robles, bwatters-r7, SandboxEscaper, asoto-r7 | Site metasploit.com

On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to .job files located in c:\windows\tasks because the scheduler does not use impersonation when checking this location. Since users can create files in the c:\windows\tasks folder, a hardlink can be created to a file the user has read access to. After creating a hardlink, the vulnerability can be triggered to set the DACL on the linked file. WARNING: The PrintConfig.dll (%windir%\system32\driverstor\filerepository\prnms003*) on the target host will be overwritten when the exploit runs. This Metasploit module has been tested against Windows 10 Pro x64.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2018-8440
SHA-256 | c95cd7c1a2ed4a550a27c66b7fcad45a1a61d5951227bc43830a853f611b7cd1
Ecessa ShieldLink SL175EHQ 10.7.4 Add Superuser Cross Site Request Forgery
Posted Jun 25, 2018
Authored by LiquidWorm | Site zeroscience.mk

Ecessa ShieldLink SL175EHQ version 10.7.4 suffers from an add superuser cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 5cc4b074d5af1b150d7925eb5d77aa54a0146fc3c23b9644b4d72c74d23cc8aa
D-Link DSL-2750B OS Command Injection
Posted May 24, 2018
Authored by p, Marcin Bury | Site metasploit.com

This Metasploit module exploits a remote command injection vulnerability in D-Link DSL-2750B devices. Vulnerability can be exploited through "cli" parameter that is directly used to invoke "ayecli" binary. Vulnerable firmwares are from 1.01 up to 1.03.

tags | exploit, remote
SHA-256 | 7cf7e6a9370862148d53fd85566a178ffcef9370005515e69583c6302f892ef1
systemd Local Privilege Escalation
Posted Jan 31, 2018
Authored by Michael Orlitzky

systemd (systemd-tmpfiles) versions prior to 236 suffer from an fs.protected_hardlinks=0 local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2017-18078
SHA-256 | ab5c7f27e35d1f4741577e57058839ae024c0d913dfc8c629d2aad07f55c2130
Ubuntu Security Notice USN-3534-1
Posted Jan 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3534-1 - It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. A memory leak was discovered in the _dl_init_paths function in the GNU C library dynamic loader. A local attacker could potentially exploit this with a specially crafted value in the LD_HWCAP_MASK environment variable, in combination with CVE-2017-1000409 and another vulnerability on a system with hardlink protections disabled, in order to gain administrative privileges. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2017-1000408, CVE-2017-1000409, CVE-2017-15670, CVE-2017-15804, CVE-2017-16997, CVE-2017-17426, CVE-2018-1000001
SHA-256 | b93b27e39dcc8e45fb3868d7d816bfc00ea67297dafc2734a0cec988cd371f26
D-Link DSL-2640R Unauthenticated Remote DNS Changer
Posted Jan 16, 2018
Authored by Todor Donev

D-Link DSL-2640R unauthenticated remote DNS changing exploit.

tags | exploit, remote
SHA-256 | fcf1c058c56aff2d7e56ad50294fec707d5ee83dd7dac74d7357c0d3cd4671d6
D-Link DIR-850L Credential Disclosure
Posted Nov 23, 2017
Authored by Pierre Kim, Zdenda, Raphael de la Vienne, Peter Geissler

D-Link DIR-850L remote code execution variant exploit that extracts username and password for the device.

tags | exploit, remote, code execution
SHA-256 | 1c82c3f87c75fc759451b815a7874e735d42e98ea00c4a393b3d85c52866af91
D-Link DIR-850L Unauthenticated Command Execution
Posted Nov 14, 2017
Authored by Mumbai, Zdenda | Site metasploit.com

This Metasploit module leverages an unauthenticated credential disclosure vulnerability to execute arbitrary commands on DIR-850L routers as an authenticated user.

tags | exploit, arbitrary
SHA-256 | cc7df6cd9e0b41f07f8a1a231bb9a9254b142b689a4c11057c1e7752ab535833
Ubuntu Security Notice USN-3225-1
Posted Mar 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3225-1 - It was discovered that libarchive incorrectly handled hardlink entries when extracting archives. A remote attacker could possibly use this issue to overwrite arbitrary files. Christian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered that libarchive incorrectly handled filename lengths when writing ISO9660 archives. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-5418, CVE-2016-6250, CVE-2016-7166, CVE-2016-8687, CVE-2016-8688, CVE-2016-8689, CVE-2017-5601
SHA-256 | 2390e963ac7b47dd561295e3663b96519c842fadf463ee74b2d1f962d126476e
Dlink DIR Routers Unauthenticated HNAP Login Stack Buffer Overflow
Posted Nov 21, 2016
Authored by Pedro Ribeiro | Site metasploit.com

Several Dlink routers contain a pre-authentication stack buffer overflow vulnerability, which is exposed on the LAN interface on port 80. This vulnerability affects the HNAP SOAP protocol, which accepts arbitrarily long strings into certain XML parameters and then copies them into the stack. This exploit has been tested on the real devices DIR-818LW and 868L (rev. B), and it was tested using emulation on the DIR-822, 823, 880, 885, 890 and 895. Others might be affected, and this vulnerability is present in both MIPS and ARM devices. The MIPS devices are powered by Lextra RLX processors, which are crippled MIPS cores lacking a few load and store instructions. Because of this the payloads have to be sent unencoded, which can cause them to fail, although the bind shell seems to work well. For the ARM devices, the inline reverse tcp seems to work best. Check the reference links to see the vulnerable firmware versions.

tags | exploit, overflow, shell, tcp, protocol
advisories | CVE-2016-6563
SHA-256 | f09dc3e03a56a9a9441af1cc6229aa3bd868aca364888ba73e07ec9a07559e11
Red Hat Security Advisory 2016-1850-01
Posted Sep 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1850-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.

tags | advisory, arbitrary, python
systems | linux, redhat
advisories | CVE-2015-8920, CVE-2015-8921, CVE-2015-8932, CVE-2016-4809, CVE-2016-5418, CVE-2016-5844, CVE-2016-7166
SHA-256 | 711241662188f0c0cfb9c91a6f39f28a53a23f91e708e6da3698d03b733d5d3a
Red Hat Security Advisory 2016-1844-01
Posted Sep 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1844-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.

tags | advisory, arbitrary, python
systems | linux, redhat
advisories | CVE-2015-8916, CVE-2015-8917, CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930, CVE-2015-8931, CVE-2015-8932, CVE-2015-8934, CVE-2016-1541, CVE-2016-4300, CVE-2016-4302, CVE-2016-4809, CVE-2016-5418, CVE-2016-5844, CVE-2016-6250, CVE-2016-7166
SHA-256 | ecc02ac8c19e821e663da1602fbb4cbf585f0740fa7472a450e18bdab7e321d2
Red Hat Security Advisory 2016-1852-01
Posted Sep 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1852-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-5418
SHA-256 | a67fa6324f51166b5e46df16d623948599e9407fc77a2052b844c253d114f9b7
D-Link DCS-930L Authenticated Remote Command Execution
Posted Feb 10, 2016
Authored by Nicholas Starke | Site metasploit.com

The D-Link DCS-930L Network Video Camera is vulnerable to OS Command Injection via the web interface. The vulnerability exists at /setSystemCommand, which is accessible with credentials. This vulnerability was present in firmware version 2.01 and fixed by 2.12.

tags | exploit, web
SHA-256 | be240e5ce556625bff02587580565e9c43078802e56197d7552916b159aefcf1
D-Link DCS-931L Arbitrary File Upload
Posted Jan 6, 2016
Authored by Brendan Coles, J. Rach, Allen Harper, Mike Baucom | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in D-Link DCS-931L network cameras. The setFileUpload functionality allows authenticated users to upload files to anywhere on the file system, allowing system files to be overwritten, resulting in execution of arbitrary commands. This Metasploit module has been tested successfully on a D-Link DCS-931L with firmware versions 1.01_B7 (2013-04-19) and 1.04_B1 (2014-04-21). D-Link DCS-930L, DCS-932L, DCS-933L models are also reportedly affected, but untested.

tags | exploit, arbitrary, file upload
advisories | CVE-2015-2049
SHA-256 | c85dbfd5bafc99162dc8561e5db898e4cfbb36756d3c4d4763c20bae09a13a20
Page 1 of 4
Back1234Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close