what you don't know can hurt you
Showing 1 - 24 of 24 RSS Feed

Files from T. Weber

First Active2016-11-14
Last Active2019-09-04
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
Posted Sep 4, 2019
Authored by T. Weber | Site sec-consult.com

Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.

tags | exploit, vulnerability
systems | cisco
advisories | CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-1472, CVE-2015-5277, CVE-2015-7547, CVE-2015-8778, CVE-2015-8779, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2016-6301, CVE-2017-1000366, CVE-2017-16544, CVE-2018-20679, CVE-2019-5747
MD5 | c446ad84eeb90a116264677ada159562
Zyxel USG/UAG/ATP/VPN/NXC External DNS Requests
Posted Aug 30, 2019
Authored by T. Weber | Site sec-consult.com

Zyxel USG/UAG/ATP/VPN/NXC series suffer from an issue where a DNS request can be made by an unauthenticated attacker to either spam a DNS service of a third party with requests that have a spoofed origin or probe whether domain names are present on the internal network behind the firewall.

tags | exploit, spoof
MD5 | 0939a6e730c410be2d31a0edca0b654c
Zyxel NWA/NAP/WAC Hardcoded Credentials
Posted Aug 30, 2019
Authored by T. Weber | Site sec-consult.com

An FTP service runs on the Zyxel wireless access point that contains the configuration file for the WiFi network. This FTP server can be accessed with hard-coded credentials that are embedded in the firmware of the AP. When the WiFi network is bound to another VLAN, an attacker can cross the network by fetching the credentials from the FTP server.

tags | exploit
MD5 | 732ba97c2b92f9c52f82438a5b2e62cb
WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
Posted Jun 13, 2019
Authored by T. Weber | Site sec-consult.com

The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.

tags | exploit, vulnerability
advisories | CVE-2010-0296, CVE-2010-3856, CVE-2011-2716, CVE-2011-5325, CVE-2012-4412, CVE-2013-1813, CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-0235, CVE-2015-1472, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2016-6301, CVE-2019-12550
MD5 | a09f936638884fd22851a65866810bad
Siglent Technologies SDS 1202X-E Digital Oscilloscope 5.1.3.13 Hardcoded Credentials
Posted Nov 30, 2018
Authored by T. Weber | Site sec-consult.com

Siglent Technologies SDS 1202X-E Digital Oscilloscope version 5.1.3.13 suffers from multiple security vulnerabilities including hardcoded backdoor accounts, missing authentication, and more.

tags | exploit, vulnerability
MD5 | c82dcc5d51e395e50987efe964891fca
WAGO e!DISPLAY 7300T XSS / File Upload / Code Execution
Posted Jul 11, 2018
Authored by T. Weber | Site sec-consult.com

WAGO e!DISPLAY 7300T WP 4.3 480x272 PIO1 version FW 01 - 01.01.10(01) suffer from code execution, cross site scripting, weak permission, and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, file upload
advisories | CVE-2018-12979, CVE-2018-12980, CVE-2018-12981
MD5 | f12e1bdd6ce0d40862c5cca1957f6a1a
Vgate iCar2 WiFi OBD2 Dongle Inadequate Access Protections
Posted May 29, 2018
Authored by T. Weber | Site sec-consult.com

Vgate iCar2 WiFi OBD2 dongles suffer from having unprotected wifi access and unencrypted data transfer mechanisms alongside unauthenticated access to on-board diagnostics.

tags | exploit
advisories | CVE-2018-11476, CVE-2018-11477, CVE-2018-11478
MD5 | 3ab11642a9b0be868cd57f6e52edf99e
Zyxel ZyWALL ZLD 4.30 Cross Site Scripting
Posted Apr 24, 2018
Authored by T. Weber | Site sec-consult.com

Zyxel ZyWALL ZLD versions 4.30 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4ff1882ff71af9364621432c7b64502c
TestLink Open Source Test Management Insecure Direct Object Reference
Posted Feb 28, 2018
Authored by T. Weber | Site sec-consult.com

TestLink Open Source Test Management versions prior to 1.9.17 suffer from an insecure direct object reference.

tags | exploit
MD5 | 64c620e2f1d03d7aaf509219b7585ba8
Sprecher Automation SPRECON-E-C / PU-2433 Traversal / DoS
Posted Jan 31, 2018
Authored by T. Weber | Site sec-consult.com

Sprecher Automation SPRECON-E-C and PU-2433 versions prior to 8.49 suffer from directory traversal, missing authentication, broken authentication, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
MD5 | 3eee1d1477c9814e48ff458b33bc5936
WAGO PFC 200 Series Authentication Bypass
Posted Dec 4, 2017
Authored by T. Weber | Site sec-consult.com

WAGO PFC 200 Series suffers from multiple unauthenticated access bypass vulnerabilities.

tags | exploit, vulnerability
MD5 | e2abe1666aac18721e912c338c5dd1a2
Linksys E Series CSRF / XSS / Denial Of Service / Header Injection
Posted Oct 17, 2017
Authored by T. Weber | Site sec-consult.com

Linksys E series devices suffer from cross site request forgery, cross site scripting, header injection, denial of service, and various other vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, csrf
MD5 | 0ce91d638136df599d22cc0f4b0e53b1
Ubiquiti Networks UniFi Cloud Key Command Injection
Posted Sep 15, 2017
Authored by T. Weber | Site sec-consult.com

Ubiquiti Networks UniFi Cloud Key wwith firmware versions 0.6.4 and below suffer from an authenticated command injection vulnerability.

tags | exploit
MD5 | 4d0cd508a986d910f949bc461e2fce58
Ubiquiti Networks UniFi Cloud Key Firmware 0.6.1 Command Injection
Posted Aug 5, 2017
Authored by T. Weber | Site sec-consult.com

Ubiquiti Networks UniFi Cloud Key with firmware version 0.6.1 suffers from an authenticated command injection vulnerability.

tags | exploit
MD5 | cec2c4c027f77927bb4c9350db9a32ba
Ubiquiti Networks UniFi Cloud Key Command Injection / Privilege Escalation
Posted Jul 27, 2017
Authored by T. Weber | Site sec-consult.com

Ubiquiti Networks UniFi Cloud Key with firmware versions 0.5.9 and 0.6.0 suffer from weak crypto, privilege escalation, and command injection vulnerabilities.

tags | exploit, crypto, vulnerability
MD5 | 9d9057dd1f6cb362de396bc65e582462
KATHREIN UFSconnect 916 / 906 DoS / Unauthenticated Actions
Posted Jul 27, 2017
Authored by T. Weber | Site sec-consult.com

KATHREIN UFSconnect 916 and 906 with firmware version 2.23 build 224 suffer from denial of service and unauthenticated access vulnerabilities.

tags | exploit, denial of service, vulnerability
MD5 | ca0531e9beaa5674b87dfd3a24c1b333
Ubiquiti Networks Open Redirect
Posted Jul 25, 2017
Authored by T. Weber | Site sec-consult.com

Ubiquiti Networks products suffer from an open redirection vulnerability. Products affected include, but are not limited to TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16, AG-HP-2G20, AG-HP-5G23, AG-HP-5G27, AirGrid M, AirGrid M2, AirGrid M5, AR, AR-HP, BM2HP, BM2-Ti, BM5HP, BM5-Ti, LiteStation M5, locoM2, locoM5, locoM9, M2, M3, M365, M5, M900, NB-2G18, NB-5G22, NB-5G25, NBM3, NBM365, NBM9, NSM2, NSM3, NSM365, NSM5, PBM10, PBM3, PBM365, PBM5, PICOM2HP, and Power AP N.

tags | exploit
MD5 | d8a96607ecdf34caf2ce76f9750a5348
Ubiquiti Networks EP-R6 / ER-X / ER-X-SFP Cross Site Scripting
Posted Jul 25, 2017
Authored by Rene Freingruber, T. Weber | Site sec-consult.com

Ubiquiti Networks EP-R6, ER-X, and ER-X-SFP with firmware version 1.9.1 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9ea2bb02f107be6df0906b4c0a16edf9
AGFEO Smart Home ES 5xx / 6xx Authentication Bypass / XSS / Hardcoded Credentials
Posted Jul 12, 2017
Authored by T. Weber | Site sec-consult.com

AGFEO Smart Home ES 5xx / 6xx versions 1.9b and 1.10 suffers from authentication bypass, cross site scripting, and hard-coded private key vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | d8b060c4416bc13adecea2847e56ea96
Solar-Log CSRF / Information Disclosure / DoS / File Upload
Posted Mar 22, 2017
Authored by T. Weber | Site sec-consult.com

Solare Datensysteme GmbH Solar-Log versions 250, 300, 500, 800e, 1000, 1000 PM+, 1200, and 2000 suffer from cross site request forgery, cross site scripting, file upload, information disclosure, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, info disclosure, file upload, csrf
MD5 | 3d7da7086a3bee04a402cfd29ba39c1c
Ubiquiti Networks Command Injection
Posted Mar 16, 2017
Authored by T. Weber | Site sec-consult.com

Various Ubiquiti Networks products suffers from an authenticated command injection vulnerability.

tags | advisory
MD5 | b4522845b8f688284e4281b44509acbe
JUNG Smart Visu Server 1.0.8x Path Traversal / Backdoor Accounts
Posted Feb 8, 2017
Authored by T. Weber | Site sec-consult.com

JUNG Smart Visu server with firmware versions 1.0.804, 1.0.830, and 1.0.832 suffer from backdoor account and path traversal vulnerabilities.

tags | exploit, vulnerability
MD5 | a430b54aba9641238f193bcacf9c48b5
Ubiquiti Networks Cross Site Scripting / Cross Site Request Forgery
Posted Jan 31, 2017
Authored by T. Weber | Site sec-consult.com

Multiple Ubiquiti Networks products, e.g. TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16, AG-HP-2G20, AG-HP-5G23, AG-HP-5G27, AirGrid M, AirGrid M2, AirGrid M5, AR, AR-HP, BM2HP, BM2-Ti, BM5HP, BM5-Ti, LiteStation M5, locoM2, locoM5, locoM9, M2, M3, M365, M5, M900, NB-2G18, NB-5G22, NB-5G25, NBM3, NBM365, NBM9, NSM2, NSM3, NSM365, NSM5, PBM10, PBM3, PBM365, PBM5, PICOM2HP, Power AP N, PicoStation2, and PicoStation2HP, suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
MD5 | 23bc37fc0f1ea3435f5be28e9cd3d366
I-Panda SolarEagle Authentication Issues / Denial Of Service
Posted Nov 14, 2016
Authored by T. Weber | Site sec-consult.com

SolarEagle version 2.00 suffers from an administrative login bypass vulnerability. MPPT Solar Controller SMART2 suffers from missing server-side authentication, unencrypted communication, and denial of service issues.

tags | advisory, denial of service, bypass
MD5 | dac0c0b53282127dc00071468ca0fa57
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close