Twenty Year Anniversary
Showing 1 - 25 of 25 RSS Feed

Files from Pierre Kim

Email addresspierre.kim.sec at gmail.com
First Active2015-04-08
Last Active2017-11-23
D-Link DIR-850L Credential Disclosure
Posted Nov 23, 2017
Authored by Pierre Kim, Zdenda, Raphael de la Vienne, Peter Geissler

D-Link DIR-850L remote code execution variant exploit that extracts username and password for the device.

tags | exploit, remote, code execution
MD5 | b4ca3f0d10a248730135ce2865102871
WiseGiga NAS CSRF / LFI / Command Execution
Posted Sep 11, 2017
Authored by Pierre Kim

WiseGiga NAS suffers from cross site request forgery, local file inclusion, command execution, and default credential vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
MD5 | 047939def71293ad9bd51f3067e33736
D-Link 850L XSS / Backdoor / Code Execution
Posted Sep 8, 2017
Authored by Pierre Kim

D-Link 850L suffers from cross site scripting, access bypass, backdoor, bruteforcing, information disclosure, remote code execution, and denial of service vulnerabilities. Basically, do not use this device unless you want to analyze it to see how not to design something.

tags | exploit, remote, denial of service, vulnerability, code execution, xss, info disclosure, csrf
MD5 | 806b47aee2ece40feb77375c1dcacc3d
Wireless IP Camera (P2P) WIFICAM GoAhead Backdoor / Remote Command Execution
Posted Mar 9, 2017
Authored by Pierre Kim

Wireless IP Camera (P2P) WIFICAM, which gets rebranded as many others, suffers from a backdoor account, remote command execution, transit, and various authentication vulnerabilities.

tags | exploit, remote, vulnerability
MD5 | 0e1b2a533b379a94268af085356c0110
TP-Link C2 / C20i Command Injection / Denial Of Service
Posted Feb 9, 2017
Authored by Pierre Kim

TP-Link CS and C20i are vulnerable to command injection, denial of service, and improper firewall rule issues.

tags | exploit, denial of service
MD5 | ff684d87101be1b4b66916094a6514a3
OpenBSD HTTP Server 6.0 Denial Of Service
Posted Feb 6, 2017
Authored by Pierre Kim

OpenBSD HTTP server versions up to 6.0 suffer from a denial of service vulnerability.

tags | exploit, web, denial of service
systems | openbsd
advisories | CVE-2017-5850
MD5 | a57c0e5bc7595c3696deb558b8b3eb1f
D-Link DWR-932B Backdoors / Default WPS PIN
Posted Sep 28, 2016
Authored by Pierre Kim

D-Link DWR-932B suffers from backdoor accounts, default WPS PIN, weak WPS PIN generation, and various other bad security practices and issues.

tags | exploit
MD5 | b2fbfed0ccd8e0f65c0d1132f585653d
Quanta LTE Router Code Execution / Backdoor Accounts
Posted Apr 5, 2016
Authored by Pierre Kim

Quanta LTE routers suffer from backdoor accounts, remote code execution, weak WPS functionality, arbitrary file reading, and a ridiculous amount of other vulnerabilities.

tags | exploit, remote, denial of service, arbitrary, vulnerability, code execution
MD5 | af3f20b956c147737af1e201febb9559
FreeBSD bsnmpd Information Disclosure
Posted Jan 16, 2016
Authored by Pierre Kim

FreeBSD suffers from a bsnmpd information disclosure vulnerability.

tags | exploit, info disclosure
systems | freebsd, bsd
advisories | CVE-2015-5677
MD5 | 7d1a99c3863b05856f67c2ccb39b1ae2
FreeBSD Security Advisory - FreeBSD-SA-16:06.bsnmpd
Posted Jan 15, 2016
Authored by Pierre Kim

FreeBSD Security Advisory - The SNMP protocol supports an authentication model called USM, which relies on a shared secret. The default permission of the bsnmpd configuration file, /etc/bsnmpd.conf, is weak and does not provide adequate protection against local unprivileged users. A local user may be able to read the shared secret, if configured and used by the system administrator.

tags | advisory, local, protocol
systems | freebsd
advisories | CVE-2015-5677
MD5 | fc7515d3e9f8630afb77d28bd7a61646
Ganeti Denial Of Service / Information Disclosure
Posted Jan 5, 2016
Authored by Pierre Kim

Ganeti suffers from unauthenticated information disclosure and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure
advisories | CVE-2015-7944, CVE-2015-7945
MD5 | cdd1a828c167bb8e1139a3135ab77989
Huawei Wimax CSRF / Information Disclosure / Manipulation
Posted Dec 1, 2015
Authored by Pierre Kim

Huawei Wimax routers suffer from cross site request forgery, information disclosure, and system manipulation vulnerabilities.

tags | exploit, vulnerability, info disclosure, csrf
MD5 | 113c1dd8907383654de5b6c53b288f29
OpenBSD net-snmp Information Disclosure
Posted Nov 13, 2015
Authored by Pierre Kim

OpenBSD net-snmp suffers from a credential and information disclosure vulnerability.

tags | exploit, info disclosure
systems | openbsd
advisories | CVE-2015-8100
MD5 | 58ae670019233a11582c38947b6d86cc
Huawei 3G Routers CSRF / DoS / Bypass / Information Disclosure
Posted Oct 7, 2015
Authored by Pierre Kim

Huawei 3G routers suffer from authentication bypass, cross site request forgery, denial of service, and various other vulnerabilities.

tags | exploit, denial of service, vulnerability, csrf
MD5 | 78fbb0438c064469c08b5da3017a2070
TOTOLink Backdoor Persistence
Posted Aug 13, 2015
Authored by Pierre Kim

Although they have provided an image with it disabled on start up, TOTOLink routers still have a backdoor built into them.

tags | advisory
MD5 | 7dfd03389aec52abd9ffabdddb197959
8 TOTOLINK Routers Backdoored / Command Execution
Posted Jul 16, 2015
Authored by Pierre Kim, Alexandre Torres

8 TOTOLINK router models have backdoor hardcoded credentials and suffer from remote command execution vulnerabilities.

tags | exploit, remote, vulnerability
MD5 | 227406165b323d377c2f25eac75c99a5
4 TOTOLINK Routers Backdoored
Posted Jul 16, 2015
Authored by Pierre Kim

4 TOTOLINK router models are backdoored with hardcoded credentials.

tags | exploit
MD5 | 444efc2347fce301aca38012e4496eed
4 TOTOLINK Routers Cross Site Request Forgery / Cross Site Scripting
Posted Jul 16, 2015
Authored by Pierre Kim

4 TOTOLINK router models suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | f881ecd2cca51da5c105e4a4895a51a0
15 TOTOLINK Routers Remote Command Execution
Posted Jul 16, 2015
Authored by Pierre Kim, Alexandre Torres

15 TOTOLINK router models are vulnerable to multiple remote command execution vulnerabilities.

tags | exploit, remote, vulnerability
MD5 | d5f3f7cf82c828d8596937b7901c5d71
ipTIME DHCP Remote Command Execution
Posted Jul 6, 2015
Authored by Pierre Kim

127 ipTIME routers are vulnerable to a DHCP-related remote command execution vulnerability.

tags | exploit, remote
MD5 | 80d958f2c12e3fba8be0f1e0146b9c10
ipTIME n104r3 Cross Site Request Forgery / Cross Site Scripting
Posted Jul 3, 2015
Authored by Pierre Kim

ipTIME n104r3 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 7018dc9d2f6a043fed8e610d28ee468e
ipTIME Remote Code Execution
Posted Jul 2, 2015
Authored by Pierre Kim

ipTIME firmwares prior to 9.58 version are vulnerable to a remote code execution which gives root privileges.

tags | exploit, remote, root, code execution
MD5 | 1ecfc744cbb66471ef3d84c77520c1ff
112 ipTIME Remote Code Execution
Posted Apr 19, 2015
Authored by Pierre Kim, Alexandre Torres

Many 112 ipTIME routers / modems / firewalls suffer from a remote root code execution vulnerability.

tags | advisory, remote, root, code execution
MD5 | 914adf235f667ba89e9e18adc6ef5e8e
FreeBSD Security Advisory - GELI Keyfile Permissions
Posted Apr 8, 2015
Authored by Pierre Kim | Site security.freebsd.org

FreeBSD Security Advisory - The default permission set by bsdinstall installer when configuring full disk encrypted ZFS is too open. A local attacker may be able to get a copy of the geli provider's keyfile which is located at a fixed location.

tags | advisory, local
systems | freebsd
advisories | CVE-2015-1415
MD5 | 84c96464403b6f8603f9c7937d7b20f3
FreeBSD 10.x ZFS encryption.key Disclosure
Posted Apr 8, 2015
Authored by Pierre Kim

FreeBSD 10.x installer supports the installation of FreeBSD 10.x on an encrypted ZFS filesystem by default. When using the encryption system within ZFS during the installation of FreeBSD 10.0 and FreeBSD 10.1, the encryption.key has wrong permissions which allow local users to read this file. Even if the keyfile is passphrase-encrypted, it can present a risk.

tags | exploit, local, info disclosure
systems | freebsd
advisories | CVE-2015-1415
MD5 | 07a9532173408a514f487eeee305e6b7
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    11 Files
  • 21
    Jul 21st
    1 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close