what you don't know can hurt you
Showing 1 - 6 of 6 RSS Feed

Files from Daniel Jensen

Email addressdaniel.jensen at security-assessment.com
First Active2015-06-30
Last Active2016-03-12
Kaltura Community Edition 11.1.0-2 Code Execution / File Upload / File Read
Posted Mar 12, 2016
Authored by Daniel Jensen | Site security-assessment.com

The Kaltura platform contains a number of vulnerabilities, allowing unauthenticated users to execute code, read files, and access services listening on the localhost interface. Vulnerabilities present in the application also allow authenticated users to execute code by uploading a file, and perform stored cross site scripting attacks from the Kaltura Management Console into the admin console. Weak cryptographic secret generation allows unauthenticated users to bruteforce password reset tokens for accounts, and allows low level users to perform privilege escalation attacks.

tags | exploit, vulnerability, xss, file upload
MD5 | c7050648ed43cc5d4feaeaa9bf7972f3
Watchguard XCS Remote Command Execution
Posted Sep 26, 2015
Authored by Daniel Jensen | Site metasploit.com

This Metasploit module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On the other hand, a vulnerability in the web interface allows the attacker to inject operating system commands as the 'nobody' user.

tags | exploit, remote, web, vulnerability, sql injection
MD5 | 1df4951bef32290025b8bc993a1ac0f1
Watchguard XCS FixCorruptMail Local Privilege Escalation
Posted Sep 26, 2015
Authored by Daniel Jensen | Site metasploit.com

This Metasploit module exploits a vulnerability in the Watchguard XCS 'FixCorruptMail' script called by root's crontab which can be exploited to run a command as root within 3 minutes.

tags | exploit, root
MD5 | 4b19d8ebfa27900cc4b0ece2e4f1f3aa
Silver Peak VX Command Injection / Shell Upload / File Read
Posted Sep 14, 2015
Authored by Daniel Jensen | Site security-assessment.com

Silver Peak VX virtual appliance running VXOA before version 6.2.11 contains a number of security vulnerabilities, including command injection, unauthenticated file read, mass assignment, shell upload, and hardcoded credentials. By combining these vulnerabilities, an attacker may remotely obtain root privileges on the underlying host.

tags | exploit, shell, root, vulnerability
MD5 | af047861e9c6314e6a5254b591dddfa8
Watchguard XCS 10.0 SQL Injection / Command Execution
Posted Jun 30, 2015
Authored by Daniel Jensen | Site security-assessment.com

The Watchguard XCS virtual appliance contains a number of vulnerabilities, including unauthenticated SQL injection, command execution and privilege escalation. By combining these vulnerabilities, an attacker may remotely obtain root privileges on the underlying host. Versions 10.0 and below are affected.

tags | exploit, root, vulnerability, sql injection
MD5 | bf1ede087fd8f52948510e55bd983d5f
WedgeOS 4.0.4 Arbitrary File Read / Command Execution
Posted Jun 30, 2015
Authored by Daniel Jensen | Site security-assessment.com

Wedge Networks WedgeOS Virtual Appliance contains a number of security vulnerabilities, including unauthenticated arbitrary file read as root, command injection in the web interface, privilege escalation to root, and command execution via the system update functionality. Versions 4.0.4 and below are affected.

tags | exploit, web, arbitrary, root, vulnerability
MD5 | 882345aa8830eb0a40e7ff9fad972596
Page 1 of 1
Back1Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close