exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files from Harrison Neal

Email addresshneal at whatdidibreak.com
First Active2017-04-03
Last Active2023-04-05
FedEx Ship Manager (FSM) 3704 Insecure .NET Remoting
Posted Apr 5, 2023
Authored by Harrison Neal

FedEx Ship Manager (FSM) version 3704 suffers from an insecure use of .NET remoting.

tags | advisory
SHA-256 | 5374eec020dce43a5457b925be44af09e35de3c8bc67ec604ca0b4dc0b6af4de
SolarWinds TFTP Server Remote Unauthenticated Reconfiguration
Posted Mar 16, 2021
Authored by Harrison Neal

SolarWinds TFTP Server version suffers from a remote unauthenticated reconfiguration vulnerability that could result in code execution.

tags | advisory, remote, code execution
SHA-256 | 875755fa3670a1f2faa0470381eb4d5fe1671e54c578c762aea9a129387550d8
HPE Systems Insight Manager AMF Deserialization Remote Code Execution
Posted Mar 9, 2021
Authored by Harrison Neal, Grant Willcox, Jang | Site metasploit.com

A remotely exploitable vulnerability exists within HPE System Insight Manager (SIM) version 7.6.x that can be leveraged by a remote unauthenticated attacker to execute code within the context of HPE System Insight Manager's hpsimsvc.exe process, which runs with administrative privileges. The vulnerability occurs due to a failure to validate data during the deserialization process when a user submits a POST request to the /simsearch/messagebroker/amfsecure page. This module exploits this vulnerability by leveraging an outdated copy of Commons Collection, namely 3.2.2, that ships with HPE SIM, to gain remote code execution as the administrative user running HPE SIM.

tags | exploit, remote, code execution
advisories | CVE-2020-7200
SHA-256 | 345538a899771c26db9d29a59a3850937177e4ce0cf67f8b2233fabdd208dc60
Oracle Privilege Escalation / Denial Of Service / Code Execution
Posted Feb 2, 2021
Authored by Harrison Neal

The Oracle CPU dated 2020 Jan 14 included patches for various issues related to database links and gateways ("Oracle Heterogeneous Services"). Two vulnerabilities in particular might lead to privilege escalation, denial of service, or code execution attacks against Oracle databases.

tags | advisory, denial of service, vulnerability, code execution
SHA-256 | a6605ae9ea1c50359727048ada7d1a952d239333c8cbb8a3fb4831930530deb9
EBBISLAND EBBSHAVE 6100-09-04-1441 Remote Buffer Overflow
Posted Jan 8, 2020
Authored by Harrison Neal

EBBISLAND EBBSHAVE 6100-09-04-1441 suffers from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
advisories | CVE-2017-3623
SHA-256 | 752c0dd1427815a28ffca2405491b7679ebea46ed02260ee83be0b02302b6008
JetBrains TeamCity 2018.2.4 Remote Code Execution
Posted Jan 8, 2020
Authored by Harrison Neal

JetBrains TeamCity version 2018.2.4 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2019-15039
SHA-256 | 0c3bfaca43dec73060f830e405b2120c3ab1e6d61f374999890652784051cad8
Tomcat 9.0.0.M1 Sandbox Escape
Posted Jan 8, 2020
Authored by Harrison Neal

Tomcat version 9.0.0.M1 proprietaryEvaluate sandbox escape proof of concept.

tags | exploit, proof of concept
advisories | CVE-2016-5018
SHA-256 | 6387cb2de359a320bca8b8198ebe1e1860a11299b6b805ab3668970553e0d452
Cisco DCNM JBoss 10.4 Credential Leakage
Posted Jan 8, 2020
Authored by Harrison Neal

Cisco DCNM JBoss version 10.4 suffers from a credential leakage vulnerability.

tags | exploit, info disclosure
systems | cisco
advisories | CVE-2019-15999
SHA-256 | 2e290ed0460d004995aa5c6beda5de80054af8fec723414b381b7f8d67e3a1a2
HID ActivID ActivClient Denial Of Service
Posted Oct 31, 2018
Authored by Harrison Neal

HID ActivID ActivClient version appears to include the JasPer library for parsing JPEG 2000 facial images that may be present on PIV cards. It suffers from multiple denial of service conditions.

tags | advisory, denial of service
advisories | CVE-2017-5499, CVE-2017-5500, CVE-2017-5502
SHA-256 | 47c4613810ea8b2e7bc632eee27806dd5a0491ef7e14a343a6f8613b2e8ece1a
HID ActivID ActivClient Heap Spray / Denial Of Service
Posted Oct 27, 2018
Authored by Harrison Neal

HID ActivID ActivClient version may not enforce upper bounds on the size of data received from a smart card, which can lead to attacks such as memory exhaustion, or serve as a heap spraying primitive for other attacks against the software, albeit slowly.

tags | exploit, denial of service
SHA-256 | 8f152ff2c4f8e62b07f2d5b2c106633d4aa5a263ab60b54c6da64427b460e860
RSA Authentication Agent For Web XSS / Buffer Overflow
Posted Mar 28, 2018
Authored by Harrison Neal | Site emc.com

RSA Authentication Agent for Web for both IIS and Apache Web Server version 8.0. 1 and earlier contain multiple vulnerabilities that could potentially be exploit ed by malicious users to compromise affected systems. These issues include cross site scripting, buffer overflow, and information disclosure.

tags | advisory, web, overflow, vulnerability, xss, info disclosure
advisories | CVE-2018-1232, CVE-2018-1233, CVE-2018-1234
SHA-256 | 824af128e2d83214afc6cfd21dd6dd7b691bc610075d88c3421407f35c6e5466
ArcGIS Server 10.3.1 RMIClassLoader useCodebaseOnly=false Code Execution
Posted Oct 10, 2017
Authored by Harrison Neal

ArcGIS Server version 10.3.1 suffers from an RMIClassLoader useCodebaseOnly=false remote code execution vulnerability.

tags | advisory, remote, code execution
SHA-256 | 545522cd9fdc53bb73cff1f212207e711bdb3b99b915d2982025352ffc2e9200
HP SiteScope 11.32 Remote Code Execution
Posted May 20, 2017
Authored by Harrison Neal

In default installations of HP SiteScope version 11.32, access to Java Management Extensions (JMX) is allowed to unauthenticated users over port 28006. This configuration allows for remote code execution exploits.

tags | advisory, java, remote, code execution
SHA-256 | 52544054868c2ef0c003c8317520227934d8c939f448bb6d5e4d362256c9015c
Dell OpenManage Server Administrator 8.4 Directory Traversal
Posted Apr 3, 2017
Authored by Harrison Neal

OpenManage Server Administrator version 8.4 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2016-4004
SHA-256 | 64df1022197272561fbf522b26472bc450a0c8b7c4f7cf66729ba27dcad0eadc
Page 1 of 1

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By