exploit the possibilities
Showing 1 - 8 of 8 RSS Feed

Files from Quentin Kaiser

Email addresskaiserquentin at gmail.com
First Active2016-11-15
Last Active2019-10-31
Nostromo 1.9.6 Directory Traversal / Remote Command Execution
Posted Oct 31, 2019
Authored by Quentin Kaiser, sp0re | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Nostromo versions 1.9.6 and below. This issue is caused by a directory traversal in the function http_verify in nostromo nhttpd allowing an attacker to achieve remote code execution via a crafted HTTP request.

tags | exploit, remote, web, code execution
advisories | CVE-2019-16278
SHA-256 | 1baffab9687f81feac9fe65275eba574314a19a248d0ee583a4ac8f7f390b032
AwindInc SNMP Service Command Injection
Posted Sep 4, 2019
Authored by Quentin Kaiser | Site metasploit.com

This Metasploit module exploits a vulnerability found in AwindInc and OEM'ed products where untrusted inputs are fed to ftpfw.sh system command, leading to command injection. A valid SNMP read-write community is required to exploit this vulnerability.

tags | exploit
advisories | CVE-2017-16709
SHA-256 | fda2ed96c7854f1149174941d930215d8d922e9d68ec36da8fe223a30b08ad38
Cisco RV110W / RV130(W) / RV215W Remote Command Execution
Posted Sep 2, 2019
Authored by Quentin Kaiser, Yu Zhang, T. Shiomitsu, Haoliang Lu | Site metasploit.com

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected. Note: successful exploitation may not result in a session, and as such, on_new_session will never repair the HTTP server, leading to a denial-of-service condition.

tags | exploit, remote, web, arbitrary
systems | cisco
advisories | CVE-2019-1663
SHA-256 | 2c771b51eb75ada179bdbfecb74aebaee8b16721ebc04a5e5d918a82a211ed0a
Cisco RV130W Routers Management Interface Remote Command Execution
Posted Apr 14, 2019
Authored by Quentin Kaiser, Yu Zhang, T. Shiomitsu, Haoliang Lu | Site metasploit.com

A vulnerability in the web-based management interface of the Cisco RV130W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. Note: successful exploitation may not result in a session, and as such, on_new_session will never repair the HTTP server, leading to a denial-of-service condition.

tags | exploit, remote, web, arbitrary
systems | cisco
advisories | CVE-2019-1663
SHA-256 | 09f07f0e9d2f9b46f8c355fbdac1e89d6992aeb917ea250f9d23b8b7c6760b66
Hashicorp Consul Rexec Remote Command Execution
Posted Dec 28, 2018
Authored by Quentin Kaiser, Francis Alexander, Bharadwaj Machiraju | Site metasploit.com

This Metasploit module exploits a feature of Hashicorp Consul named rexec.

tags | exploit
SHA-256 | 963121d6bfb3e81f34ecc03a58fc3805bdfb01aa24c1119b8e63ed8a764c4e9d
Hashicorp Consul Services API Remote Command Execution
Posted Dec 28, 2018
Authored by Quentin Kaiser, Francis Alexander, Bharadwaj Machiraju | Site metasploit.com

This Metasploit module exploits Hashicorp Consul's services API to gain remote command execution on Consul nodes.

tags | exploit, remote
SHA-256 | c9985cec6d3688a95c8d7d41a6bd835101a9ebd7f40b4912c8819483c0608966
Eclipse Equinoxe OSGi Console Command Execution
Posted Mar 7, 2018
Authored by Quentin Kaiser | Site metasploit.com

This Metasploit module exploits the Eclipse Equinoxe OSGi (Open Service Gateway initiative) console fork command to execute arbitrary commands on the remote system..

tags | exploit, remote, arbitrary
SHA-256 | 32ab794c04a43a7815dcac8dd5adf291828425b976e3e4610d3300a8c8e5373e
Trend Micro Smart Protection Server Exec Remote Code Injection
Posted Nov 15, 2016
Authored by Quentin Kaiser | Site metasploit.com

This Metasploit module exploits a vulnerability found in TrendMicro Smart Protection Server where untrusted inputs are fed to ServWebExec system command, leading to command injection. Please note: authentication is required to exploit this vulnerability.

tags | exploit
SHA-256 | c0669d4763a8b0f7006a57298e45c4f523d05ca9e7d1a8c304ef6ed3cde57c5f
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close