Twenty Year Anniversary
Showing 1 - 25 of 141 RSS Feed

Files from Securify B.V.

Email addresslists at securify.nl
First Active2014-09-22
Last Active2018-10-01
Ivanti Workspace Control UNC Path Data Security Bypass
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

Ivanti Workspace Control contains a flaw where it is possible to access folders that should be protected by Data Security. A local attacker can bypass these restrictions using localhost UNC paths. Depending on the NTFS permissions it may be possible for local users to access files and folders that should be protected using Data Protection. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

tags | advisory, local, bypass
MD5 | 148e251d9ddfd0423ac5e26fca7cc59a
Ivanti Workspace Control Registry Stored Credentials
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

A flaw was found in Workspace Control that allows a local unprivileged user to retrieve the database or Relay server credentials from the Windows Registry. These credentials are encrypted, however the encryption that is used is reversible. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

tags | advisory, local, registry
systems | windows
MD5 | 40fda4c2a16f2e00046340df84539054
Ivanti Workspace Control Named Pipe Privilege Escalation
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

It was found that Ivanti Workspace Control allows a local (unprivileged) attacker to run arbitrary commands with Administrator privileges. This issue can be exploited by spawning a new Composer process, injecting a malicious thread in this process. This thread connects to a Named Pipe and sends an instruction to a service to launch an attacker-defined application with elevated privileges. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

tags | advisory, arbitrary, local
MD5 | 7ee90d03763dd9d1bf3d0ff765a7bab3
Ivanti Workspace Control Application PowerGrid SEE Whitelist Bypass
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

It was found that the PowerGrid application can be used to run arbitrary commands via the /SEE command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.950.0.

tags | exploit, arbitrary, bypass
MD5 | 40d40eb07c533689a9146b8d54b35a20
Ivanti Workspace Control Application PowerGrid RWS Whitelist Bypass
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

It was found that the PowerGrid application will execute rundll32.exe from a relative path when it is started with the /RWS command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1.

tags | exploit, arbitrary, bypass
MD5 | 81f68b864a5e934987060adf6222477b
Western Digital My Cloud Authentication Bypass
Posted Sep 19, 2018
Authored by Securify B.V., Remco Vermeulen

It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.

tags | exploit, bypass
advisories | CVE-2018-17153
MD5 | 8137c7cec868dfc1cc789683ce268ce8
Zimbra Collaboration Suite 8.7.11_GA_1854 Cross Site Scripting
Posted Mar 25, 2018
Authored by Securify B.V., Stephan Kaag

Zimbra Collaboration Suite version 8.7.11_GA_1854 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-6882
MD5 | 6de4d493c54ea789d91dbcba0df1db8b
Seagate Media Server Arbitrary File / Folder Deletion
Posted Jan 15, 2018
Authored by Yorick Koster, Securify B.V.

Seagate Media Server on a Seagate Personal Cloud model SRN21C running firmware version 4.3.16.0 suffers from an unauthenticated arbitrary file and folder deletion vulnerability.

tags | exploit, arbitrary
MD5 | 5ae797b5faaf3d32724a1d8e66d233b3
VTech DigiGo 83.60630 Browser Overlay Attack
Posted Jan 15, 2018
Authored by Securify B.V., Sipke Mellema

VTech DigiGo with firmware 83.60630 suffers from a browser overlay attack vulnerability.

tags | exploit
MD5 | 77cea9e9382eded61fbed8053c84a2ad
Kaseya VSA 9.2 Authentication Bypass
Posted Jan 15, 2018
Authored by Securify B.V., Kin Hung Cheng, Robert Hartshorn

Kaseya VSA version 9.2 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 7283fc16d75dc79988225cb4c903d5c5
Kaseya VSA 9.2 Shell Upload
Posted Jan 15, 2018
Authored by Securify B.V., Kin Hung Cheng, Robert Hartshorn

Kaseya VSA version 9.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 907b91ed2f652a5d04feabc0ab331cb0
VTech DigiGo 83.60630 Broken TLS Certificate Validation
Posted Jan 15, 2018
Authored by Securify B.V., Sipke Mellema

VTech DigiGo with firmware version 83.60630 fails to perform validation of TLS certificates.

tags | exploit
MD5 | 59ddde2caff6394072eed1459a12fd42
Kaseya VSA R9.2 Arbitrary File Read
Posted Jan 15, 2018
Authored by Securify B.V., Kin Hung Cheng, Robert Hartshorn

A security vulnerability was found in Kaseya VSA file download file functionality. Using this vulnerability an authenticated user in a Kaseya VSA environment is able to download arbitrary files from the server (including source code of Kaseya, the database backups, configuration files, and even windows files). Version R9.2 was found affected.

tags | exploit, arbitrary
systems | windows
MD5 | 605ce3e61e7a1e700654afd0b394ab11
VTech DigiGo 83.60630 Certificate Pinning
Posted Jan 15, 2018
Authored by Securify B.V., Sipke Mellema

VTech DigiGo with firmware version 83.60630 fails to perform certificate pinning in some flows.

tags | advisory
MD5 | b42e1511b7ec7a18c5d96a398e4d3d07
pfSense 2.4.1 Clickjacking
Posted Nov 23, 2017
Authored by Securify B.V.

pfSense version 2.4.1 suffers from a clickjacking vulnerability in the cross site request forgery error page.

tags | advisory, csrf
MD5 | d27cfffbd264ae18908fb4c5e7e89289
Xamarin Studio For Mac 6.2.1 (Build 3) / 6.3 (Build 863) Privilege Escalation
Posted Aug 14, 2017
Authored by Yorick Koster, Securify B.V.

Xamarin Studio for Mac versions 6.2.1 (build 3) and 6.3 (build 863) suffer from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 0eb7c4204f9e48e3f70079bf8624f7da
Virtuozzo Power Panel (VZPP) 6.1.2 Buffer Over-Read
Posted Jul 5, 2017
Authored by Securify B.V., Sipke Mellema

Virtuozzo Power Panel (VZPP) and Automator version 6.1.2 suffers from a buffer over-read vulnerability.

tags | advisory
MD5 | 2af4bc88b18673fd24ac2f529c2fd96b
SyntaxHighlight 2.0 MediaWiki 1.28.0 Stored Cross Site Scripting
Posted Apr 29, 2017
Authored by Yorick Koster, Securify B.V.

A vulnerability was found in the SyntaxHighlight MediaWiki extension. Using this vulnerability it is possible for an anonymous attacker to pass arbitrary options to the Pygments library. By specifying specially crafted options, it is possible for an attacker to trigger a (stored) cross site scripting condition. In addition, it allows the creating of arbitrary files containing user-controllable data. Depending on the server configuration, this can be used by an anonymous attacker to execute arbitrary PHP code. This issue was tested on SyntaxHighlight version 2.0 as bundled with MediaWiki version 1.28.0.

tags | exploit, arbitrary, php, xss
advisories | CVE-2017-0372
MD5 | c2f465d0fafdbcf4b9a63fb413f084f5
Western Digital My Cloud 2.21.126 Authentication Bypass
Posted Apr 22, 2017
Authored by Securify B.V., Remco Vermeulen

Western Digital My Cloud with firmware version 2.21.126 suffers from an authentication bypass vulnerability that allows escalation to administrative privileges.

tags | exploit, bypass
MD5 | 03efc4e9cf55948800f65cb80dd0da13
WordPress Connection Information Cross Site Request Forgery
Posted Apr 20, 2017
Authored by Yorick Koster, Securify B.V.

The FTP/SSH form functionality of WordPress was found to be vulnerable to cross site request forgery. WordPress versions 4.5.3 through 4.7.4 are affected.

tags | exploit, csrf
MD5 | 25a2023423f7860059c0e4cb8e179437
Scriptler Jenkins 2.9 Cross Site Scripting
Posted Apr 15, 2017
Authored by Securify B.V., Burak Kelebek

Scriptler Jenkins version 2.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 51c7b60005aa4d94fc3a39b0ebc67e50
Microsoft Office OneNote 2007 DLL Hijacking
Posted Apr 11, 2017
Authored by Yorick Koster, Securify B.V.

Microsoft Office OneNote 2007 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | b33e14dcb95985bd6976931c23b1f515
Microsoft Edge Fetch API Arbitrary Header Setting
Posted Mar 14, 2017
Authored by Securify B.V.

It was found that the Fetch API in Microsoft Edge allows websites to set arbitrary HTTP request headers, including the Content-Length, and Host headers. Amongst others, a malicious website can use this issue to bypass the same origin policy, read HTTP response headers, or initiate arbitrary HTTP requests from the victim's browser (HTTP request smuggling).

tags | exploit, web, arbitrary
advisories | CVE-2017-0140
MD5 | c5887ca20f54ac55ae19e8611c88c6f7
Western Digital My Cloud Cross Site Request Forgery
Posted Mar 7, 2017
Authored by Securify B.V., Remco Vermeulen

Western Digital My Cloud suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
MD5 | 1f1be9f28d76dd964efe11d9a8018d08
Western Digital My Cloud Buffer Overflow
Posted Mar 7, 2017
Authored by Securify B.V., Remco Vermeulen

Western Digital My Cloud suffers from a buffer overflow vulnerability that allows for remote code execution.

tags | exploit, remote, overflow, code execution
MD5 | e64dc08f721927ea61266f162a334e42
Page 1 of 6
Back12345Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close