exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 52 RSS Feed

Files

Virtual DJ Trial 6.1.2 Buffer Overflow
Posted Sep 6, 2010
Authored by Abhishek Lyall | Site aslitsecurity.com

Virtual DJ Trial version 6.1.2 SEH buffer overflow crash proof of concept exploit.

tags | exploit, overflow, proof of concept
SHA-256 | a5b8c6e0db614a05e1d351dbc0107d2a889852078222c00670df4ee82fcb6f6e

Related Files

Fuxnet: Disabling Russia's Industrial Sensor And Monitoring Infrastructure
Posted Apr 10, 2024
Authored by ruexfil

This report seems to detail an operation to disable Russia's industrial sensor and monitoring infrastructure at www.moscollector.ru.

tags | advisory
SHA-256 | dc18d47f336cf868537e45d6f49f679964dead8db88dba8751df5e9cd9d6c0a4
Compromising Industrial Processes Using Web-Based Programmable Logic Controller Malware
Posted Mar 4, 2024
Authored by Raheem Beyah, Ryan Pickren, Tohid Shekari, Saman Zonouz

This is an interesting whitepaper called Compromising Industrial Processes using Web-Based Programmable Logic Controller Malware. The authors present a novel approach to developing programmable logic controller (PLC) malware that proves to be more flexible, resilient, and impactful than current strategies.

tags | paper, web
SHA-256 | 741326e4fbc51ab41e106a049572fa380ad7b01037f9e364be260067feb5194b
Cybersecurity In Industry 4.0 And Smart Manufacturing
Posted Sep 25, 2023
Authored by Erhan YAZAN

Whitepaper called Cybersecurity in Industry 4.0 and Smart Manufacturing: The Rise of Security in the Age of IoT, IIoT, ICS, and SCADA. This article examines Industry 4.0's relationship with the rapidly developing technologies Internet of Things (IoT), Industrial Internet of Things (IIoT), Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) and why cyber security is important in these areas.

tags | paper
SHA-256 | 0458410365974be314b620bd7944a4541658322fd5a9cee88134e46a6317b29b
Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
Posted Jun 20, 2022
Authored by T. Weber | Site sec-consult.com

Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components.

tags | exploit
advisories | CVE-2015-0235, CVE-2015-7547, CVE-2015-9261, CVE-2017-16544, CVE-2022-32985
SHA-256 | 811819aa67b6ad1bef552d7cc55544b3fd1c366dc092a396d3d23c2d49bd1e36
USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor
Posted Apr 21, 2022
Authored by LiquidWorm | Site zeroscience.mk

The USR IOT industrial router is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. Affected versions include 1.0.36 and 1.2.7.

tags | exploit
systems | linux
SHA-256 | f2b44867a9d3fc671d927368e7311aaf4147f3f58be89622912f7a0f06ebb5cc
AIoTS 4th Annual Workshop Call For Papers
Posted Nov 10, 2021
Site mujeebch.github.io

The call for papers has been announced for the 4th international workshop in Artificial Intelligence and Industrial Internet-of-Things Security (AIoTS). It will be co-located with the ACNS2022 conference June 20 through the 23rd in Rome, Italy.

tags | paper, conference
SHA-256 | 93e3635739ba0bfd607e2ca07b7aed66f2efbf31ba1d7bb6fb8e6f40b4743083
Ricon Industrial Cellular Router S9922XL Remote Command Execution
Posted Jul 5, 2021
Authored by LiquidWorm | Site zeroscience.mk

Ricon Industrial Cellular Router S9922XL suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the admin (root) user via the ping_server_ip POST parameter. It is also vulnerable to Heartbleed.

tags | exploit, arbitrary, shell, root
SHA-256 | 6bc26692f58719553d7c44565a9e32b962f1b7a0df1be48e3aa022a96cc9e0b5
Red Hat Security Advisory 2020-4039-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4039-01 - OpenEXR is a high dynamic-range image file format developed by Industrial Light & Magic for use in computer imaging applications. This package contains libraries and sample applications for handling the format. Issues addressed include out of bounds read and out of bounds write vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-11761, CVE-2020-11763, CVE-2020-11764
SHA-256 | cd6e2fe01a516153fd6a4172082d4c44a33af3456476b8af2c4560b7cfe16de9
SUPERAntiSpyware Professional X Trial Privilege Escalation
Posted Aug 28, 2020
Authored by b1nary

SUPERAntiSpyware Professional X Trial versions prior to 10.0.1206 suffer from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | e338d1a038c462ffe3d9181e3b9e8eb1c580efd207a6480e628ceddc80e9935b
Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution
Posted Jul 26, 2019
Authored by Wietse Boonstra | Site metasploit.com

This Metasploit module exploits an authenticated insecure file upload and code execution flaw in Ahsay Backup versions 7.x through 8.1.1.50. To successfully execute the upload credentials are needed, default on Ahsay Backup trial accounts are enabled so an account can be created. It can be exploited in Windows and Linux environments to get remote code execution (usually as SYSTEM). This module has been tested successfully on Ahsay Backup v8.1.1.50 with Windows 2003 SP2 Server. Because of this flaw all connected clients can be configured to execute a command before the backup starts. Allowing an attacker to takeover even more systems and make it rain shells!

tags | exploit, remote, shell, code execution, file upload
systems | linux, windows
advisories | CVE-2019-10267
SHA-256 | 83afb5ef0b4fb3cbf8a67a2f3aef040fe1e3f8026ef03cddf56dee9c7ba91e49
WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
Posted Jun 13, 2019
Authored by T. Weber | Site sec-consult.com

The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.

tags | exploit, vulnerability
advisories | CVE-2010-0296, CVE-2010-3856, CVE-2011-2716, CVE-2011-5325, CVE-2012-4412, CVE-2013-1813, CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-0235, CVE-2015-1472, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2016-6301, CVE-2019-12550
SHA-256 | 5c8f473ce950d3d7fc4a502cd31cbb68d69766f0ee3d50da6ac20921262a4c65
Delta Electronics Delta Industrial Automation COMMGR 1.08 Buffer Overflow
Posted Oct 10, 2018
Authored by t4rkd3vilz

Delta Electronics Delta Industrial Automation COMMGR versions 1.08 and below suffer from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2018-10594
SHA-256 | 21735127472d0f336789c979a9109de253aab1f1853d7a1f0e0ccc5036d23af0
Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow
Posted Oct 8, 2018
Authored by t4rkd3vilz, hubertwslin | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in Delta Electronics Delta Industrial Automation COMMGR 1.08. The vulnerability exists in COMMGR.exe when handling specially crafted packets. This Metasploit module has been tested successfully on Delta Electronics Delta Industrial Automation COMMGR 1.08 over Windows XP SP3, Windows 7 SP1, and Windows 8.1.

tags | exploit, overflow
systems | windows
advisories | CVE-2018-10594
SHA-256 | e4890d38f7e77e0fc47c8e04e33af1e27192fdc6cf14b35bc40478d30d87c47e
Staubli Jacquard Industrial System JC6 Shellshock
Posted Sep 21, 2018
Authored by t4rkd3vilz

Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability.

tags | exploit, bash
advisories | CVE-2014-6271
SHA-256 | 298aac6aa0537ef624d332e5623f63e990ee12f9376d9baef4524a5f870ca6cb
Delta Industrial Automation COMMGR 1.08 Buffer Overflow
Posted Jul 2, 2018
Authored by t4rkd3vilz

Delta Industrial Automation COMMGR version 1.08 stack buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
advisories | CVE-2018-10594
SHA-256 | 31bd3e947b94ae771db04052a06edf75a60597c83defb0da2df81874c4d21c36
Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass
Posted Mar 12, 2018
Authored by LiquidWorm | Site zeroscience.mk

Prisma Industriale Checkweigher PrismaWEB version 1.21 suffers from a disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication.

tags | exploit
SHA-256 | e7583be59105d7a5be5df4ad64237a1bbb0e1ceb2fa631e5cbfefd20e5fb0ead
WorldCIST 18 Call For Papers
Posted Nov 6, 2017
Site worldcist.org

The Information Systems and Technologies research and industrial community is invited to submit proposals of Workshops for WorldCist'18. It will be held in Naples, Italy March 27th through the 29th, 2018.

tags | paper, conference
SHA-256 | 541556e137603510e7991490227598d63cb6214d7d5bf9e3510e7d36d60e1ed2
Compulab Intense PC / MintBox 2 Missing Write Protection
Posted Jun 5, 2017
Authored by Hal Martin | Site watchmysys.com

CompuLab manufactures and sells the IntensePC / MintBox 2, which is a small Intel-based fanless PC sold to end-users and industrial customers. It was discovered that in the default configuration write-protection is not enabled for the BIOS/ME/GbE regions of flash.

tags | advisory
advisories | CVE-2017-8083
SHA-256 | ff8900cf8ecac46185548e975afba3495d20bd3fa8cb061db438a6e0a2baf20b
IML 2017 Call For Papers
Posted Apr 29, 2017
Site bindscience.com

The International Conference on Internet of Things and Machine Learning (IML 2017) will be held from October 17th through the 18th, 2017 in Liverpool John Moores University, Liverpool city, United Kingdom. Through its technical program, the conference aims to provide an outstanding opportunity for both academic and industrial communities alike to address new trends and challenges, emerging technologies and progress in standards on topics relevant to today's fast moving areas of Internet of Things and Machine Learning. This workshop will discuss new results in the field of Internet of things and machine learning.

tags | paper, conference
SHA-256 | 4a3a6000dcf4d1550de47ee295b23371a6f2dd3059a12c5b3577b059f8f4610c
Intermec PM43 Industrial Printer Privilege Escalation
Posted Mar 28, 2017
Authored by Bourbon Jean-Marie

Intermec PM43 industrial printer suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2017-5671
SHA-256 | ae1b85cfe883429a619d40b84e5f3040ebac2c5c89f555a8ace4bd988c1afbb4
Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 Access Bypass
Posted Oct 23, 2016
Authored by Nassim Asrir

Industrial Secure Routers versions EDR-G903, EDR-G902, and EDR-G903 allow for unauthenticated administrative access.

tags | exploit, bypass
SHA-256 | 77e309240343fb2928ef90a3201ea3009abdf042c31b5cedfedc0f7c2312aff9
Cisco Security Advisory 20160928-cip
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Common Industrial Protocol (CIP) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly process an unusual, but valid, set of requests to an affected device. An attacker could exploit this vulnerability by submitting a CIP message request designed to trigger the vulnerability to an affected device. An exploit could cause the switch to stop processing traffic, requiring a restart of the device to regain functionality. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco
SHA-256 | 7eeed3c340b1022fe38348b497c56616974dcd7243014d0affae46bb15082884
WorldCIST 17 Call For Papers
Posted Aug 3, 2016
Site worldcist.org

The Information Systems and Technologies research and industrial community is invited to submit proposals of Workshops for WorldCist'17. It will be held on Porto Santo Island, Madeira, Portugal. It will take place April 11th through the 13th, 2017.

tags | paper, conference
SHA-256 | c20b010dbc13fcba33fc5de15774343b90f1e6cfdadb6a420767d91b445c53a1
Sierra Wireless AirLink Raven XE Industrial 3G Gateway CSRF / File Upload
Posted Jun 23, 2016
Authored by Karn Ganeshen

Sierra Wireless AirLink Raven XE Industrial 3G Gateway suffers from cross site request forgery, information disclosure, and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, info disclosure, file upload, csrf
SHA-256 | cf133ee4a7539de41de8f9b10bd820c5bdadc47e30cbefba82a1519fcb4b5918
Delta Industrial Automation DCISoft 1.12.09 Stack Buffer Overflow
Posted Feb 14, 2016
Authored by LiquidWorm | Site zeroscience.mk

Delta Industrial Automation DCISoft version 1.12.09 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 5989020771a973f9654bf96e2d22445a87ee557bf4a3037b4903386c316b57f8
Page 1 of 3
Back123Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close