Exploit the possiblities
Showing 1 - 25 of 54 RSS Feed

Files from Brandon Perry

First Active2012-09-07
Last Active2017-05-15
OpenEXR 2.2.0 Crash
Posted May 15, 2017
Authored by Brandon Perry

This archive contains a zip file of EXR images that cause segmentation faults in the OpenEXR library version 2.2.0.

tags | exploit
MD5 | 097c2c5b9357f7a1c7159ef406808ab6
FreeTDS Denial Of Service
Posted May 11, 2017
Authored by Brandon Perry

This archive contains numerous TDS streams that cause segmentation faults in the FreeTDS library. The 'tsql' binary was used for the fuzzing, so these most likely only affect client-side functionality. These have been resolved on master and the 1.0 branch.

tags | exploit, denial of service
MD5 | 861ffee935962526dd6483518c44a8e9
Oracle Outside In File ID Library 8.5.3 Memory Corruption
Posted Sep 18, 2016
Authored by Brandon Perry

Oracle Outside In File ID library version 8.5.3 suffers from a memory corruption issue.

tags | exploit
MD5 | ade9e5c4b42fac28037dda8dfa6fd0db
PrinceXML Wrapper Class Command Injection
Posted Jul 6, 2016
Authored by Brandon Perry

Wrapper classes provided by PrinceXML appear to suffer from command injection vulnerabilities.

tags | exploit, vulnerability
MD5 | 4ca94581a27f577b94c4c76b397e90dc
Apache Xerces-C XML Parser Crash
Posted Jun 29, 2016
Authored by Brandon Perry

The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker. Apache Xerces-C XML Parser library versions prior to 3.1.4 are affected.

tags | advisory, denial of service, overflow
advisories | CVE-2016-4463
MD5 | f3582ebcd1fe05c63ce8c5e48bdf6608
libical 0.47 / 1.0 Crash
Posted Jun 25, 2016
Authored by Brandon Perry

libical versions 0.47 and 1.0 suffer from a crash issue.

tags | exploit
MD5 | 1124be4c43a49904a55b7d8360902b53
Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection
Posted May 17, 2016
Authored by sinn3r, Brandon Perry | Site metasploit.com

This Metasploit module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL Injection attack, and gain remote code execution under the context of SYSTEM for Windows, or as Apache for Linux. Authentication is required to exploit this vulnerability, but this module uses the default admin:admin credential.

tags | exploit, remote, arbitrary, php, code execution, sql injection
systems | linux, windows
advisories | CVE-2014-4977
MD5 | 8789e5d66263a2ca19993abe27381b2b
Dell SonicWall Scrutinizer 11.0.1 SQL Injection / Code Execution
Posted May 10, 2016
Authored by mr_me, Brandon Perry

Dell SonicWall Scrutinizer versions 11.0.1 and below setUserSkin/deleteTab SQL injection / remote code execution exploit that leverages a vulnerability found by Brandon Perry in July of 2014.

tags | exploit, remote, code execution, sql injection
MD5 | 6b9fe791c08135b3f6ec39a587903df1
Raritan PowerIQ Default Accounts
Posted Sep 10, 2015
Authored by Brandon Perry

Raritan PowerIQ ships with three default backdoor credentials left in.

tags | exploit
MD5 | 01046bb950c07865832145771f1e513e
Symantec Endpoint Protection Manager Authentication Bypass / Code Execution
Posted Aug 17, 2015
Authored by Brandon Perry, Markus Wulftange | Site metasploit.com

This Metasploit module exploits three separate vulnerabilities in Symantec Endpoint Protection Manager in order to achieve a remote shell on the box as NT AUTHORITY\SYSTEM. The vulnerabilities include an authentication bypass, a directory traversal and a privilege escalation to get privileged code execution.

tags | exploit, remote, shell, vulnerability, code execution
advisories | CVE-2015-1486, CVE-2015-1487, CVE-2015-1489
MD5 | 94d61c5829628370b82e3454cfc59b31
Joomla J2Store 3.1.6 SQL Injection
Posted Jul 11, 2015
Authored by Brandon Perry

Joomla J2Store extension version 3.1.6 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | e4195e09626a80105fd1f936a2bd52a4
OS Solution OSProperty 2.8.0 SQL Injection
Posted Apr 29, 2015
Authored by Brandon Perry

OS Solution OSProperty version 2.8.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 4c15ec7cbcbae7ab163d547d32c2e885
Joomla ECommerce-WD 1.2.5 SQL Injection
Posted Mar 19, 2015
Authored by Brandon Perry

Joomla ECommerce-WD plugin version 1.2.5 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | da188df7cade95bd85ba4bb44c0bd9c2
Raritan PowerIQ 4.1 / 4.2 / 4.3 Code Execution
Posted Mar 12, 2015
Authored by Brandon Perry

Raritan PowerIQ versions 4.1, 4.2, and 4.3 ship with a Rails 2 web interface with a hardcoded session secret. This can be used to achieve unauthenticated remote code execution as the nginx user on vulnerable systems.

tags | exploit, remote, web, code execution
MD5 | 8576ccac08e21dcad3cb1f0f76e74135
Solarwinds Orion Service SQL Injection
Posted Mar 3, 2015
Authored by Brandon Perry

Various remote SQL injection vulnerabilities exist in the core Orion service used in most of the Solarwinds products. Affected products include Network Performance Monitor below version 11.5, NetFlow Traffic Analyzer below version 4.1, Network Configuration Manager below version 7.3.2, IP Address Manager below version 4.3, User Device Tracker below version 3.2, VoIP

tags | exploit, remote, web, vulnerability, sql injection
advisories | CVE-2014-9566
MD5 | f0e2b5f5ed02061d55950f46a5449d2d
eTouch Samepage 4.4.0.0.239 SQL Injection / File Read
Posted Feb 13, 2015
Authored by Brandon Perry

eTouch Samepage version 4.4.0.0.239 suffers from remote SQL injection and arbitrary file read vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file inclusion
MD5 | fd120265a06f4916b6e09391535be8b2
Wordpress Photo Gallery Unauthenticated SQL Injection User Enumeration
Posted Jan 13, 2015
Authored by Brandon Perry | Site metasploit.com

This Metasploit module exploits an unauthenticated SQL injection in order to enumerate the Wordpress users tables, including password hashes. This Metasploit module was tested against version 1.2.7.

tags | exploit, sql injection
advisories | CVE-2014-2238
MD5 | 05a4f9eff2ce86e27bee88dc9042ce06
McAfee ePolicy Orchestrator Authenticated XXE Credential Exposure
Posted Jan 6, 2015
Authored by Brandon Perry | Site metasploit.com

This Metasploit module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the database 'sa' user and of the admin user created during installation. This password is encrypted with a static key, and is encrypted using a weak cipher at that (ECB).

tags | exploit
MD5 | 6c549aa9ed67c22c17d4a1c813965c6d
BMC TrackIt! 11.3 Unauthenticated Local User Password Change
Posted Dec 11, 2014
Authored by Brandon Perry

BMC TrackIt! version 11.3 suffers from an unauthenticated local user password change vulnerability.

tags | exploit, local, bypass
MD5 | 4c6009239ffe2032589ed47818ed15ac
Device42 Embedded Credentials
Posted Nov 26, 2014
Authored by Brandon Perry

Device42 DCIM Appliance Manager versions 5.10 and 6.0 have hardcoded credentials and also suffer from remote command injection vulnerabilities.

tags | exploit, remote, vulnerability
MD5 | 970d75c3fd1cf02517ca875a7dfb7097
Device42 Traceroute Command Injection
Posted Nov 26, 2014
Authored by Brandon Perry | Site metasploit.com

Device42 DCIM Appliance Manager versions 5.10 and 6.0 with WAN emulator version 2.3 remote command injection exploit for Metasploit that leverages traceroute.

tags | exploit, remote
MD5 | 29dea352245e10c3a4a7588e05342cc0
Device42 Ping Command Injection
Posted Nov 26, 2014
Authored by Brandon Perry | Site metasploit.com

Device42 DCIM Appliance Manager versions 5.10 and 6.0 with WAN emulator version 2.3 remote command injection exploit for Metasploit that leverages ping.

tags | exploit, remote
MD5 | 6b6c3329dff12b38c51a77d1df5e5d00
Mulesoft ESB Runtime 3.5.1 Privilege Escalation / Code Execution
Posted Oct 22, 2014
Authored by Brandon Perry

Mulesoft ESB Runtime version 3.5.1 suffers from an authenticated privilege escalation vulnerability that can lead to remote code execution.

tags | exploit, remote, code execution
MD5 | 43422f24c207ba6498785ac36c9cfe00
Drupal HTTP Parameter Key/Value SQL Injection
Posted Oct 18, 2014
Authored by Brandon Perry, Christian Mehlmauer, SektionEins | Site metasploit.com

This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).

tags | exploit, remote, web, shell, sql injection
advisories | CVE-2014-3704
MD5 | a8306d84d19d3095b312666b206546a1
F5 iControl Remote Root Command Execution
Posted Oct 8, 2014
Authored by Brandon Perry | Site metasploit.com

This Metasploit module exploits an authenticated remote command execution vulnerability in the F5 BIGIP iControl API (and likely other F5 devices).

tags | exploit, remote
advisories | CVE-2014-2928
MD5 | 3e4e7b6e22d76579984514ab11233c5a
Page 1 of 3
Back123Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    42 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close