what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files from Daniel Jensen

Email addressdaniel.jensen at security-assessment.com
First Active2015-06-30
Last Active2016-03-12
Kaltura Community Edition 11.1.0-2 Code Execution / File Upload / File Read
Posted Mar 12, 2016
Authored by Daniel Jensen | Site security-assessment.com

The Kaltura platform contains a number of vulnerabilities, allowing unauthenticated users to execute code, read files, and access services listening on the localhost interface. Vulnerabilities present in the application also allow authenticated users to execute code by uploading a file, and perform stored cross site scripting attacks from the Kaltura Management Console into the admin console. Weak cryptographic secret generation allows unauthenticated users to bruteforce password reset tokens for accounts, and allows low level users to perform privilege escalation attacks.

tags | exploit, vulnerability, xss, file upload
SHA-256 | 6a562d68aad55791d5f73eb0e2e6999f1f616f8934f548cd3c95575d6c49943a
Watchguard XCS Remote Command Execution
Posted Sep 26, 2015
Authored by Daniel Jensen | Site metasploit.com

This Metasploit module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On the other hand, a vulnerability in the web interface allows the attacker to inject operating system commands as the 'nobody' user.

tags | exploit, remote, web, vulnerability, sql injection
SHA-256 | f3ce91f963a609ee2afb35c805a8185b216151f2f25fca139375b42759d02476
Watchguard XCS FixCorruptMail Local Privilege Escalation
Posted Sep 26, 2015
Authored by Daniel Jensen | Site metasploit.com

This Metasploit module exploits a vulnerability in the Watchguard XCS 'FixCorruptMail' script called by root's crontab which can be exploited to run a command as root within 3 minutes.

tags | exploit, root
SHA-256 | 7c6decaff907ef3b9b1bb529a51ba19b1033c58a2df89c836c3f0ff8739caa9f
Silver Peak VX Command Injection / Shell Upload / File Read
Posted Sep 14, 2015
Authored by Daniel Jensen | Site security-assessment.com

Silver Peak VX virtual appliance running VXOA before version 6.2.11 contains a number of security vulnerabilities, including command injection, unauthenticated file read, mass assignment, shell upload, and hardcoded credentials. By combining these vulnerabilities, an attacker may remotely obtain root privileges on the underlying host.

tags | exploit, shell, root, vulnerability
SHA-256 | 36799a3c7e2af82faa6d01908af9360ddba720c30151c46a004891b6be136f05
Watchguard XCS 10.0 SQL Injection / Command Execution
Posted Jun 30, 2015
Authored by Daniel Jensen | Site security-assessment.com

The Watchguard XCS virtual appliance contains a number of vulnerabilities, including unauthenticated SQL injection, command execution and privilege escalation. By combining these vulnerabilities, an attacker may remotely obtain root privileges on the underlying host. Versions 10.0 and below are affected.

tags | exploit, root, vulnerability, sql injection
SHA-256 | 21607839bbbdd227a1fed5a3aae9f1e09f5c3ba5d6cf448a29b254d43dbc7f66
WedgeOS 4.0.4 Arbitrary File Read / Command Execution
Posted Jun 30, 2015
Authored by Daniel Jensen | Site security-assessment.com

Wedge Networks WedgeOS Virtual Appliance contains a number of security vulnerabilities, including unauthenticated arbitrary file read as root, command injection in the web interface, privilege escalation to root, and command execution via the system update functionality. Versions 4.0.4 and below are affected.

tags | exploit, web, arbitrary, root, vulnerability
SHA-256 | 18dd393ace4d14161649a80f893aaf38c39cd9fa4882db05ddf096eaeca05aa0
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close