what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files from Harrison Neal

Email addresshneal at whatdidibreak.com
First Active2017-04-03
Last Active2021-03-16
SolarWinds TFTP Server Remote Unauthenticated Reconfiguration
Posted Mar 16, 2021
Authored by Harrison Neal

SolarWinds TFTP Server version suffers from a remote unauthenticated reconfiguration vulnerability that could result in code execution.

tags | advisory, remote, code execution
SHA-256 | 875755fa3670a1f2faa0470381eb4d5fe1671e54c578c762aea9a129387550d8
HPE Systems Insight Manager AMF Deserialization Remote Code Execution
Posted Mar 9, 2021
Authored by Harrison Neal, Grant Willcox, Jang | Site metasploit.com

A remotely exploitable vulnerability exists within HPE System Insight Manager (SIM) version 7.6.x that can be leveraged by a remote unauthenticated attacker to execute code within the context of HPE System Insight Manager's hpsimsvc.exe process, which runs with administrative privileges. The vulnerability occurs due to a failure to validate data during the deserialization process when a user submits a POST request to the /simsearch/messagebroker/amfsecure page. This module exploits this vulnerability by leveraging an outdated copy of Commons Collection, namely 3.2.2, that ships with HPE SIM, to gain remote code execution as the administrative user running HPE SIM.

tags | exploit, remote, code execution
advisories | CVE-2020-7200
SHA-256 | 345538a899771c26db9d29a59a3850937177e4ce0cf67f8b2233fabdd208dc60
Oracle Privilege Escalation / Denial Of Service / Code Execution
Posted Feb 2, 2021
Authored by Harrison Neal

The Oracle CPU dated 2020 Jan 14 included patches for various issues related to database links and gateways ("Oracle Heterogeneous Services"). Two vulnerabilities in particular might lead to privilege escalation, denial of service, or code execution attacks against Oracle databases.

tags | advisory, denial of service, vulnerability, code execution
SHA-256 | a6605ae9ea1c50359727048ada7d1a952d239333c8cbb8a3fb4831930530deb9
EBBISLAND EBBSHAVE 6100-09-04-1441 Remote Buffer Overflow
Posted Jan 8, 2020
Authored by Harrison Neal

EBBISLAND EBBSHAVE 6100-09-04-1441 suffers from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
advisories | CVE-2017-3623
SHA-256 | 752c0dd1427815a28ffca2405491b7679ebea46ed02260ee83be0b02302b6008
JetBrains TeamCity 2018.2.4 Remote Code Execution
Posted Jan 8, 2020
Authored by Harrison Neal

JetBrains TeamCity version 2018.2.4 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2019-15039
SHA-256 | 0c3bfaca43dec73060f830e405b2120c3ab1e6d61f374999890652784051cad8
Tomcat 9.0.0.M1 Sandbox Escape
Posted Jan 8, 2020
Authored by Harrison Neal

Tomcat version 9.0.0.M1 proprietaryEvaluate sandbox escape proof of concept.

tags | exploit, proof of concept
advisories | CVE-2016-5018
SHA-256 | 6387cb2de359a320bca8b8198ebe1e1860a11299b6b805ab3668970553e0d452
Cisco DCNM JBoss 10.4 Credential Leakage
Posted Jan 8, 2020
Authored by Harrison Neal

Cisco DCNM JBoss version 10.4 suffers from a credential leakage vulnerability.

tags | exploit, info disclosure
systems | cisco
advisories | CVE-2019-15999
SHA-256 | 2e290ed0460d004995aa5c6beda5de80054af8fec723414b381b7f8d67e3a1a2
HID ActivID ActivClient Denial Of Service
Posted Oct 31, 2018
Authored by Harrison Neal

HID ActivID ActivClient version appears to include the JasPer library for parsing JPEG 2000 facial images that may be present on PIV cards. It suffers from multiple denial of service conditions.

tags | advisory, denial of service
advisories | CVE-2017-5499, CVE-2017-5500, CVE-2017-5502
SHA-256 | 47c4613810ea8b2e7bc632eee27806dd5a0491ef7e14a343a6f8613b2e8ece1a
HID ActivID ActivClient Heap Spray / Denial Of Service
Posted Oct 27, 2018
Authored by Harrison Neal

HID ActivID ActivClient version may not enforce upper bounds on the size of data received from a smart card, which can lead to attacks such as memory exhaustion, or serve as a heap spraying primitive for other attacks against the software, albeit slowly.

tags | exploit, denial of service
SHA-256 | 8f152ff2c4f8e62b07f2d5b2c106633d4aa5a263ab60b54c6da64427b460e860
RSA Authentication Agent For Web XSS / Buffer Overflow
Posted Mar 28, 2018
Authored by Harrison Neal | Site emc.com

RSA Authentication Agent for Web for both IIS and Apache Web Server version 8.0. 1 and earlier contain multiple vulnerabilities that could potentially be exploit ed by malicious users to compromise affected systems. These issues include cross site scripting, buffer overflow, and information disclosure.

tags | advisory, web, overflow, vulnerability, xss, info disclosure
advisories | CVE-2018-1232, CVE-2018-1233, CVE-2018-1234
SHA-256 | 824af128e2d83214afc6cfd21dd6dd7b691bc610075d88c3421407f35c6e5466
ArcGIS Server 10.3.1 RMIClassLoader useCodebaseOnly=false Code Execution
Posted Oct 10, 2017
Authored by Harrison Neal

ArcGIS Server version 10.3.1 suffers from an RMIClassLoader useCodebaseOnly=false remote code execution vulnerability.

tags | advisory, remote, code execution
SHA-256 | 545522cd9fdc53bb73cff1f212207e711bdb3b99b915d2982025352ffc2e9200
HP SiteScope 11.32 Remote Code Execution
Posted May 20, 2017
Authored by Harrison Neal

In default installations of HP SiteScope version 11.32, access to Java Management Extensions (JMX) is allowed to unauthenticated users over port 28006. This configuration allows for remote code execution exploits.

tags | advisory, java, remote, code execution
SHA-256 | 52544054868c2ef0c003c8317520227934d8c939f448bb6d5e4d362256c9015c
Dell OpenManage Server Administrator 8.4 Directory Traversal
Posted Apr 3, 2017
Authored by Harrison Neal

OpenManage Server Administrator version 8.4 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2016-4004
SHA-256 | 64df1022197272561fbf522b26472bc450a0c8b7c4f7cf66729ba27dcad0eadc
Page 1 of 1

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By