exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files from Craig Young

Email addressprivate
First Active2013-07-12
Last Active2014-06-06
View User Profile
OpenSSL CVE-2014-0224 Detection Script
Posted Jun 6, 2014
Authored by Craig Young | Site tripwire.com

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. This script tests for that vulnerability.

tags | tool, scanner
systems | unix
advisories | CVE-2014-0224
SHA-256 | f59eadbc19854f9ff9a362ab226550f4d66039b6eae733379588772f630f3b87
NETGEAR ReadyNAS Perl Code Evaluation
Posted Nov 25, 2013
Authored by H D Moore, juan vazquez, Craig Young | Site metasploit.com

This Metasploit module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and 4.1.11. The vulnerability exists on the web fronted, specifically on the np_handler.pl component, due to the insecure usage of the eval() perl function. This Metasploit module has been tested successfully on a NETGEAR ReadyNAS 4.2.23 Firmware emulated environment, not on real hardware.

tags | exploit, web, perl
advisories | CVE-2013-2751, OSVDB-98826
SHA-256 | bde67c6d5bd2eaadf289392fe66c898b1b40583f113cc479740f75c0912c0b93
Netgear ReadyNAS Remote Command Execution
Posted Oct 28, 2013
Authored by anonymous, Craig Young

Proof of concept exploit that demonstrates remote command execution on Netgear ReadyNAS.

tags | exploit, remote, proof of concept
SHA-256 | 7ae30b42d1addf06dce009c2571e44ead9195cf7589aebbb33dbd101756f76dd
Netgear ReadyNAS Complete System Takeover
Posted Oct 23, 2013
Authored by Craig Young | Site tripwire.com

Tripwire Security Advisory 2013-001 - Netgear ReadyNAS suffers from command injection and cross site request forgery vulnerabilities.

tags | advisory, vulnerability, csrf
advisories | CVE-2013-2751, CVE-2013-2752
SHA-256 | b3eefdfb27dbf2c8f6fecde888ea1eb5e5c4319117d673b20584fe6385aacbae
Linksys WRT110 Remote Command Execution
Posted Oct 8, 2013
Authored by juan vazquez, Craig Young, joev | Site metasploit.com

The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.

tags | exploit, web
advisories | CVE-2013-3568
SHA-256 | 44b428488518ed2abeee03160462e56c8203577c382cafa8ace86476e15928be
Linksys WRT110 Remote Command Execution
Posted Sep 20, 2013
Authored by Craig Young | Site metasploit.com

The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.

tags | exploit, web
advisories | CVE-2013-3568
SHA-256 | 5fdabb65539c0e2248afcba9871e415908777fb0b2f288107530f6a551406d99
Loftek CSRF / Memory Dump / Credential Disclosure
Posted Aug 23, 2013
Authored by Craig Young

This archive holds proof of concept code for cross site request forgery, memory dump, and wifi credential disclosure vulnerabilities in Loftek Nexus 543 IP cameras.

tags | exploit, vulnerability, proof of concept, csrf
systems | linux
advisories | CVE-2013-3311, CVE-2013-3312, CVE-2013-3313, CVE-2013-3314
SHA-256 | d8d9a9612f6d40cf5a8de4bce2dac3ab2ab4a787138a95efeac38d560c8a7206
Android Weblogin: Google's Skeleton Key
Posted Aug 8, 2013
Authored by Craig Young

Included in this archive is a presentation of Android Weblogin: Google's Skeleton Key along with various proof of concept code from the talk presented at DefCon 21.

tags | exploit, proof of concept
systems | linux
SHA-256 | 917ef9c7b31e3a0e0835376c951d3aec56779e5a92b79073ee01261b4a737f47
MiniDLNA SQL Injection / Buffer Overflow
Posted Jul 17, 2013
Authored by Craig Young

MiniDLNA versions prior to 1.1.0 suffer from heap-based buffer overflow and remote SQL injection vulnerabilities.

tags | advisory, remote, overflow, vulnerability, sql injection
advisories | CVE-2013-2738, CVE-2013-2739, CVE-2013-2745
SHA-256 | e7d1ebafa357dc3be45f9cf26f26f66c2a057c0cc51364b9154c4436a393da48
SilverStripe CMS Cross Site Scripting
Posted Jul 15, 2013
Authored by Craig Young

SilverStripe CMS decidedly to quietly fix multiple persistent cross site scripting vulnerabilities without informing the public. Fail.

tags | advisory, vulnerability, xss
advisories | CVE-2012-6458
SHA-256 | ba424faa00595576e5473a7a215b946162b069fd5671798ba3d039f2833caee3
Linksys WRT110 Command Injection / CSRF
Posted Jul 12, 2013
Authored by Craig Young

Linksys WRT110 suffers from root shell command injection and cross site request forgery vulnerabilities.

tags | advisory, shell, root, vulnerability, csrf
advisories | CVE-2013-3568
SHA-256 | 850308c35db1a6b6413065eb09749bb1a66bb16d4e5f80c535788b446adada12
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close