accept no compromises
Showing 1 - 11 of 11 RSS Feed

Files from Craig Young

Email addressprivate
First Active2013-07-12
Last Active2014-06-06
View User Profile
OpenSSL CVE-2014-0224 Detection Script
Posted Jun 6, 2014
Authored by Craig Young | Site tripwire.com

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. This script tests for that vulnerability.

tags | tool, scanner
systems | unix
advisories | CVE-2014-0224
MD5 | 0eb2fab294aa986d57cc0c145843b4e5
NETGEAR ReadyNAS Perl Code Evaluation
Posted Nov 25, 2013
Authored by H D Moore, juan vazquez, Craig Young | Site metasploit.com

This Metasploit module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and 4.1.11. The vulnerability exists on the web fronted, specifically on the np_handler.pl component, due to the insecure usage of the eval() perl function. This Metasploit module has been tested successfully on a NETGEAR ReadyNAS 4.2.23 Firmware emulated environment, not on real hardware.

tags | exploit, web, perl
advisories | CVE-2013-2751, OSVDB-98826
MD5 | d85b0453ec7ff515ff45ea5c314d7ddc
Netgear ReadyNAS Remote Command Execution
Posted Oct 28, 2013
Authored by anonymous, Craig Young

Proof of concept exploit that demonstrates remote command execution on Netgear ReadyNAS.

tags | exploit, remote, proof of concept
MD5 | 5b0d4c4a67a2b093cc77fefbf354b429
Netgear ReadyNAS Complete System Takeover
Posted Oct 23, 2013
Authored by Craig Young | Site tripwire.com

Tripwire Security Advisory 2013-001 - Netgear ReadyNAS suffers from command injection and cross site request forgery vulnerabilities.

tags | advisory, vulnerability, csrf
advisories | CVE-2013-2751, CVE-2013-2752
MD5 | 744e2b70c2926ed8f47e074d99865db9
Linksys WRT110 Remote Command Execution
Posted Oct 8, 2013
Authored by juan vazquez, Craig Young, joev | Site metasploit.com

The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.

tags | exploit, web
advisories | CVE-2013-3568
MD5 | 1ca8f7625acdc9ee3909e6ec2684b65a
Linksys WRT110 Remote Command Execution
Posted Sep 20, 2013
Authored by Craig Young | Site metasploit.com

The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.

tags | exploit, web
advisories | CVE-2013-3568
MD5 | bbdf7fb19e1abc379b80c5ee33c26243
Loftek CSRF / Memory Dump / Credential Disclosure
Posted Aug 23, 2013
Authored by Craig Young

This archive holds proof of concept code for cross site request forgery, memory dump, and wifi credential disclosure vulnerabilities in Loftek Nexus 543 IP cameras.

tags | exploit, vulnerability, proof of concept, csrf
systems | linux
advisories | CVE-2013-3311, CVE-2013-3312, CVE-2013-3313, CVE-2013-3314
MD5 | 02aea1a11fbe505a39d5b5245b30b28d
Android Weblogin: Google's Skeleton Key
Posted Aug 8, 2013
Authored by Craig Young

Included in this archive is a presentation of Android Weblogin: Google's Skeleton Key along with various proof of concept code from the talk presented at DefCon 21.

tags | exploit, proof of concept
systems | linux
MD5 | 0a4407d1745293d1be2b0a02e980ba60
MiniDLNA SQL Injection / Buffer Overflow
Posted Jul 17, 2013
Authored by Craig Young

MiniDLNA versions prior to 1.1.0 suffer from heap-based buffer overflow and remote SQL injection vulnerabilities.

tags | advisory, remote, overflow, vulnerability, sql injection
advisories | CVE-2013-2738, CVE-2013-2739, CVE-2013-2745
MD5 | a57c4f7b7f8774d800886893643fc573
SilverStripe CMS Cross Site Scripting
Posted Jul 15, 2013
Authored by Craig Young

SilverStripe CMS decidedly to quietly fix multiple persistent cross site scripting vulnerabilities without informing the public. Fail.

tags | advisory, vulnerability, xss
advisories | CVE-2012-6458
MD5 | 948de04e40911961d5e4f5b2ba0a6293
Linksys WRT110 Command Injection / CSRF
Posted Jul 12, 2013
Authored by Craig Young

Linksys WRT110 suffers from root shell command injection and cross site request forgery vulnerabilities.

tags | advisory, shell, root, vulnerability, csrf
advisories | CVE-2013-3568
MD5 | 76f59b38e7044204109d353063bc58d2
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close