what you don't know can hurt you
Showing 1 - 25 of 30 RSS Feed

Files from T. Weber

First Active2016-11-14
Last Active2020-11-24
ZTE MF253V 1.0.0B04 XSS / CSRF / Hardcoded Password
Posted Nov 24, 2020
Authored by T. Weber, S. Robertz | Site sec-consult.com

ZTE WLAN router MF253V version 1.0.0B04 suffers from cross site request forgery, hardcoded password, outdated component, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | b293a0edbfa49250febb13cbf573bd9b
RocketLinx Series Authentication Bypass / CSRF / Command Injection
Posted Oct 5, 2020
Authored by T. Weber | Site sec-consult.com

RocketLinx Series suffers from unauthenticated device administration, backdoor account, cross site request forgery, command injection, and unauthenticated tftp action vulnerabilities. Multiple versions are affected.

tags | advisory, vulnerability, csrf
advisories | CVE-2020-12500, CVE-2020-12501, CVE-2020-12502, CVE-2020-12503, CVE-2020-12504
MD5 | 9664ca8388506a40ebc5918326533f75
Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
Posted Sep 3, 2020
Authored by T. Weber | Site sec-consult.com

Red Lion N-Tron 702-W and 702M12-W versions 2.0.26 and below suffer from cross site request forgery, hidden shell interface, cross site scripting and busybox vulnerabilities.

tags | exploit, shell, vulnerability, xss, csrf
advisories | CVE-2020-16204, CVE-2020-16206, CVE-2020-16208, CVE-2020-16210
MD5 | 0d2c4894db250550f69bf99d4b85cdbd
ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password
Posted Aug 27, 2020
Authored by T. Weber | Site sec-consult.com

ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV1.00.01 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver.

tags | exploit, vulnerability
advisories | CVE-2019-3422
MD5 | 5fee15e2fe67f4a312641b206b87d209
Phoenix Contact TC Router / TC Cloud Client Command Injection
Posted Mar 14, 2020
Authored by T. Weber | Site sec-consult.com

Phoenix Contact TC Router and TC Cloud Client versions 2.05.3 and below, 2.03.17 and below, and 1.03.17 and below suffer from authenticated command injection and various other vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2020-9435, CVE-2020-9436
MD5 | 6dcc2e94234a1ad5dcf3e372f78caf57
Fronius Solar Inverter Series Insecure Communication / Path Traversal
Posted Dec 4, 2019
Authored by T. Weber | Site sec-consult.com

Fronius Solar Inverter Series with software versions below 3.14.1 (HM 1.12.1) suffer from unencrypted communication and path traversal vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2019-19228, CVE-2019-19229
MD5 | 0caf8457f509b9b49092b83b93420e13
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
Posted Sep 4, 2019
Authored by T. Weber | Site sec-consult.com

Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.

tags | exploit, vulnerability
systems | cisco
advisories | CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-1472, CVE-2015-5277, CVE-2015-7547, CVE-2015-8778, CVE-2015-8779, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2016-6301, CVE-2017-1000366, CVE-2017-16544, CVE-2018-20679, CVE-2019-5747
MD5 | c446ad84eeb90a116264677ada159562
Zyxel USG/UAG/ATP/VPN/NXC External DNS Requests
Posted Aug 30, 2019
Authored by T. Weber | Site sec-consult.com

Zyxel USG/UAG/ATP/VPN/NXC series suffer from an issue where a DNS request can be made by an unauthenticated attacker to either spam a DNS service of a third party with requests that have a spoofed origin or probe whether domain names are present on the internal network behind the firewall.

tags | exploit, spoof
MD5 | 0939a6e730c410be2d31a0edca0b654c
Zyxel NWA/NAP/WAC Hardcoded Credentials
Posted Aug 30, 2019
Authored by T. Weber | Site sec-consult.com

An FTP service runs on the Zyxel wireless access point that contains the configuration file for the WiFi network. This FTP server can be accessed with hard-coded credentials that are embedded in the firmware of the AP. When the WiFi network is bound to another VLAN, an attacker can cross the network by fetching the credentials from the FTP server.

tags | exploit
MD5 | 732ba97c2b92f9c52f82438a5b2e62cb
WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
Posted Jun 13, 2019
Authored by T. Weber | Site sec-consult.com

The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.

tags | exploit, vulnerability
advisories | CVE-2010-0296, CVE-2010-3856, CVE-2011-2716, CVE-2011-5325, CVE-2012-4412, CVE-2013-1813, CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-0235, CVE-2015-1472, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2016-6301, CVE-2019-12550
MD5 | a09f936638884fd22851a65866810bad
Siglent Technologies SDS 1202X-E Digital Oscilloscope 5.1.3.13 Hardcoded Credentials
Posted Nov 30, 2018
Authored by T. Weber | Site sec-consult.com

Siglent Technologies SDS 1202X-E Digital Oscilloscope version 5.1.3.13 suffers from multiple security vulnerabilities including hardcoded backdoor accounts, missing authentication, and more.

tags | exploit, vulnerability
MD5 | c82dcc5d51e395e50987efe964891fca
WAGO e!DISPLAY 7300T XSS / File Upload / Code Execution
Posted Jul 11, 2018
Authored by T. Weber | Site sec-consult.com

WAGO e!DISPLAY 7300T WP 4.3 480x272 PIO1 version FW 01 - 01.01.10(01) suffer from code execution, cross site scripting, weak permission, and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, file upload
advisories | CVE-2018-12979, CVE-2018-12980, CVE-2018-12981
MD5 | f12e1bdd6ce0d40862c5cca1957f6a1a
Vgate iCar2 WiFi OBD2 Dongle Inadequate Access Protections
Posted May 29, 2018
Authored by T. Weber | Site sec-consult.com

Vgate iCar2 WiFi OBD2 dongles suffer from having unprotected wifi access and unencrypted data transfer mechanisms alongside unauthenticated access to on-board diagnostics.

tags | exploit
advisories | CVE-2018-11476, CVE-2018-11477, CVE-2018-11478
MD5 | 3ab11642a9b0be868cd57f6e52edf99e
Zyxel ZyWALL ZLD 4.30 Cross Site Scripting
Posted Apr 24, 2018
Authored by T. Weber | Site sec-consult.com

Zyxel ZyWALL ZLD versions 4.30 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4ff1882ff71af9364621432c7b64502c
TestLink Open Source Test Management Insecure Direct Object Reference
Posted Feb 28, 2018
Authored by T. Weber | Site sec-consult.com

TestLink Open Source Test Management versions prior to 1.9.17 suffer from an insecure direct object reference.

tags | exploit
MD5 | 64c620e2f1d03d7aaf509219b7585ba8
Sprecher Automation SPRECON-E-C / PU-2433 Traversal / DoS
Posted Jan 31, 2018
Authored by T. Weber | Site sec-consult.com

Sprecher Automation SPRECON-E-C and PU-2433 versions prior to 8.49 suffer from directory traversal, missing authentication, broken authentication, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
MD5 | 3eee1d1477c9814e48ff458b33bc5936
WAGO PFC 200 Series Authentication Bypass
Posted Dec 4, 2017
Authored by T. Weber | Site sec-consult.com

WAGO PFC 200 Series suffers from multiple unauthenticated access bypass vulnerabilities.

tags | exploit, vulnerability
MD5 | e2abe1666aac18721e912c338c5dd1a2
Linksys E Series CSRF / XSS / Denial Of Service / Header Injection
Posted Oct 17, 2017
Authored by T. Weber | Site sec-consult.com

Linksys E series devices suffer from cross site request forgery, cross site scripting, header injection, denial of service, and various other vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, csrf
MD5 | 0ce91d638136df599d22cc0f4b0e53b1
Ubiquiti Networks UniFi Cloud Key Command Injection
Posted Sep 15, 2017
Authored by T. Weber | Site sec-consult.com

Ubiquiti Networks UniFi Cloud Key wwith firmware versions 0.6.4 and below suffer from an authenticated command injection vulnerability.

tags | exploit
MD5 | 4d0cd508a986d910f949bc461e2fce58
Ubiquiti Networks UniFi Cloud Key Firmware 0.6.1 Command Injection
Posted Aug 5, 2017
Authored by T. Weber | Site sec-consult.com

Ubiquiti Networks UniFi Cloud Key with firmware version 0.6.1 suffers from an authenticated command injection vulnerability.

tags | exploit
MD5 | cec2c4c027f77927bb4c9350db9a32ba
Ubiquiti Networks UniFi Cloud Key Command Injection / Privilege Escalation
Posted Jul 27, 2017
Authored by T. Weber | Site sec-consult.com

Ubiquiti Networks UniFi Cloud Key with firmware versions 0.5.9 and 0.6.0 suffer from weak crypto, privilege escalation, and command injection vulnerabilities.

tags | exploit, crypto, vulnerability
MD5 | 9d9057dd1f6cb362de396bc65e582462
KATHREIN UFSconnect 916 / 906 DoS / Unauthenticated Actions
Posted Jul 27, 2017
Authored by T. Weber | Site sec-consult.com

KATHREIN UFSconnect 916 and 906 with firmware version 2.23 build 224 suffer from denial of service and unauthenticated access vulnerabilities.

tags | exploit, denial of service, vulnerability
MD5 | ca0531e9beaa5674b87dfd3a24c1b333
Ubiquiti Networks Open Redirect
Posted Jul 25, 2017
Authored by T. Weber | Site sec-consult.com

Ubiquiti Networks products suffer from an open redirection vulnerability. Products affected include, but are not limited to TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16, AG-HP-2G20, AG-HP-5G23, AG-HP-5G27, AirGrid M, AirGrid M2, AirGrid M5, AR, AR-HP, BM2HP, BM2-Ti, BM5HP, BM5-Ti, LiteStation M5, locoM2, locoM5, locoM9, M2, M3, M365, M5, M900, NB-2G18, NB-5G22, NB-5G25, NBM3, NBM365, NBM9, NSM2, NSM3, NSM365, NSM5, PBM10, PBM3, PBM365, PBM5, PICOM2HP, and Power AP N.

tags | exploit
MD5 | d8a96607ecdf34caf2ce76f9750a5348
Ubiquiti Networks EP-R6 / ER-X / ER-X-SFP Cross Site Scripting
Posted Jul 25, 2017
Authored by Rene Freingruber, T. Weber | Site sec-consult.com

Ubiquiti Networks EP-R6, ER-X, and ER-X-SFP with firmware version 1.9.1 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9ea2bb02f107be6df0906b4c0a16edf9
AGFEO Smart Home ES 5xx / 6xx Authentication Bypass / XSS / Hardcoded Credentials
Posted Jul 12, 2017
Authored by T. Weber | Site sec-consult.com

AGFEO Smart Home ES 5xx / 6xx versions 1.9b and 1.10 suffers from authentication bypass, cross site scripting, and hard-coded private key vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | d8b060c4416bc13adecea2847e56ea96
Page 1 of 2
Back12Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close