what you don't know can hurt you
Showing 1 - 13 of 13 RSS Feed

Files from Harrison Neal

Email addresshneal at whatdidibreak.com
First Active2017-04-03
Last Active2021-03-16
SolarWinds TFTP Server Remote Unauthenticated Reconfiguration
Posted Mar 16, 2021
Authored by Harrison Neal

SolarWinds TFTP Server version suffers from a remote unauthenticated reconfiguration vulnerability that could result in code execution.

tags | advisory, remote, code execution
MD5 | e85380a10c7825b34060476c3353e2c7
HPE Systems Insight Manager AMF Deserialization Remote Code Execution
Posted Mar 9, 2021
Authored by Harrison Neal, Grant Willcox, Jang | Site metasploit.com

A remotely exploitable vulnerability exists within HPE System Insight Manager (SIM) version 7.6.x that can be leveraged by a remote unauthenticated attacker to execute code within the context of HPE System Insight Manager's hpsimsvc.exe process, which runs with administrative privileges. The vulnerability occurs due to a failure to validate data during the deserialization process when a user submits a POST request to the /simsearch/messagebroker/amfsecure page. This module exploits this vulnerability by leveraging an outdated copy of Commons Collection, namely 3.2.2, that ships with HPE SIM, to gain remote code execution as the administrative user running HPE SIM.

tags | exploit, remote, code execution
advisories | CVE-2020-7200
MD5 | cf8674aaae2451fb617daa09623805e0
Oracle Privilege Escalation / Denial Of Service / Code Execution
Posted Feb 2, 2021
Authored by Harrison Neal

The Oracle CPU dated 2020 Jan 14 included patches for various issues related to database links and gateways ("Oracle Heterogeneous Services"). Two vulnerabilities in particular might lead to privilege escalation, denial of service, or code execution attacks against Oracle databases.

tags | advisory, denial of service, vulnerability, code execution
MD5 | 1fe163207ad85f89a41dc4ed17e8407f
EBBISLAND EBBSHAVE 6100-09-04-1441 Remote Buffer Overflow
Posted Jan 8, 2020
Authored by Harrison Neal

EBBISLAND EBBSHAVE 6100-09-04-1441 suffers from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
advisories | CVE-2017-3623
MD5 | ab799f4e3fd9b195e7addd60d5792f67
JetBrains TeamCity 2018.2.4 Remote Code Execution
Posted Jan 8, 2020
Authored by Harrison Neal

JetBrains TeamCity version 2018.2.4 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2019-15039
MD5 | c9903a974e422420e2f9b9b995b33e4a
Tomcat 9.0.0.M1 Sandbox Escape
Posted Jan 8, 2020
Authored by Harrison Neal

Tomcat version 9.0.0.M1 proprietaryEvaluate sandbox escape proof of concept.

tags | exploit, proof of concept
advisories | CVE-2016-5018
MD5 | d33e30810a886a7412766894d0f80db3
Cisco DCNM JBoss 10.4 Credential Leakage
Posted Jan 8, 2020
Authored by Harrison Neal

Cisco DCNM JBoss version 10.4 suffers from a credential leakage vulnerability.

tags | exploit, info disclosure
systems | cisco
advisories | CVE-2019-15999
MD5 | f2b2bc3ee27fbddf61de2d091386e2bd
HID ActivID ActivClient Denial Of Service
Posted Oct 31, 2018
Authored by Harrison Neal

HID ActivID ActivClient version appears to include the JasPer library for parsing JPEG 2000 facial images that may be present on PIV cards. It suffers from multiple denial of service conditions.

tags | advisory, denial of service
advisories | CVE-2017-5499, CVE-2017-5500, CVE-2017-5502
MD5 | 268d239bc2d68f2c22d6d1c5aeaab62a
HID ActivID ActivClient Heap Spray / Denial Of Service
Posted Oct 27, 2018
Authored by Harrison Neal

HID ActivID ActivClient version may not enforce upper bounds on the size of data received from a smart card, which can lead to attacks such as memory exhaustion, or serve as a heap spraying primitive for other attacks against the software, albeit slowly.

tags | exploit, denial of service
MD5 | a29f7cb371429ae6f35c995442f6104d
RSA Authentication Agent For Web XSS / Buffer Overflow
Posted Mar 28, 2018
Authored by Harrison Neal | Site emc.com

RSA Authentication Agent for Web for both IIS and Apache Web Server version 8.0. 1 and earlier contain multiple vulnerabilities that could potentially be exploit ed by malicious users to compromise affected systems. These issues include cross site scripting, buffer overflow, and information disclosure.

tags | advisory, web, overflow, vulnerability, xss, info disclosure
advisories | CVE-2018-1232, CVE-2018-1233, CVE-2018-1234
MD5 | cb74fb03e40e4c091cc179f2f257acbd
ArcGIS Server 10.3.1 RMIClassLoader useCodebaseOnly=false Code Execution
Posted Oct 10, 2017
Authored by Harrison Neal

ArcGIS Server version 10.3.1 suffers from an RMIClassLoader useCodebaseOnly=false remote code execution vulnerability.

tags | advisory, remote, code execution
MD5 | 09c12eb4a5e480b1ceb5f94f48af3943
HP SiteScope 11.32 Remote Code Execution
Posted May 20, 2017
Authored by Harrison Neal

In default installations of HP SiteScope version 11.32, access to Java Management Extensions (JMX) is allowed to unauthenticated users over port 28006. This configuration allows for remote code execution exploits.

tags | advisory, java, remote, code execution
MD5 | 28775130e13b3afa7ae1a5b6908c694f
Dell OpenManage Server Administrator 8.4 Directory Traversal
Posted Apr 3, 2017
Authored by Harrison Neal

OpenManage Server Administrator version 8.4 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2016-4004
MD5 | 011a0fd4b9583379978aa92d49c83500
Page 1 of 1

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By