exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

Files from Jared Arave

First Active2017-10-04
Last Active2018-11-28
Unitrends Enterprise Backup bpserverd Privilege Escalation
Posted Nov 28, 2018
Authored by h00die, Benny Husted, Cale Smith, Jared Arave | Site metasploit.com

It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This is very similar to exploits/linux/misc/ueb9_bpserverd however it runs against the localhost by dropping a python script on the local file system. Unitrends stopped bpserverd from listening remotely on version 10.

tags | exploit, remote, arbitrary, local, root, protocol, python
systems | linux
advisories | CVE-2018-6329
SHA-256 | 78074b1701e40ea4ef9e046d50ffaa646aa27cf4177d6b17c6371f5f32a674b7
Unitrends UEB HTTP API Remote Code Execution
Posted Oct 5, 2018
Authored by h00die, Benny Husted, Cale Smith, Jared Arave | Site metasploit.com

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. UEB v9 runs the api under root privileges and api/storage is vulnerable. UEB v10 runs the api under limited privileges and api/hosts is vulnerable.

tags | exploit, remote, web, arbitrary, root
advisories | CVE-2017-12478, CVE-2018-6328
SHA-256 | 26c3d9da1b69eb5067bf4415e099c1d16549287987fd59097875111bb16caf69
Nagios XI Chained Remote Code Execution
Posted Jun 29, 2018
Authored by Benny Husted, Cale Smith, Jared Arave | Site metasploit.com

This Metasploit module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to gain remote root access. The steps are: 1. Issue a POST request to /nagiosql/admin/settings.php which sets the database user to root. 2. SQLi on /nagiosql/admin/helpedit.php allows us to enumerate API keys. 3. The API keys are then used to add an administrative user. 4. An authenticated session is established with the newly added user 5. Command Injection on /nagiosxi/backend/index.php allows us to execute the payload with nopasswd sudo, giving us a root shell. 6. Remove the added admin user and reset the database user.

tags | exploit, remote, shell, root, php, vulnerability
advisories | CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736
SHA-256 | 80bee7aa780edc43040bd1dd427fbdb84bcd1f35f74873b32d619a620e07f20c
Nagios XI 5.x Chained Remote Root
Posted Apr 30, 2018
Authored by Benny Husted, Cale Smith, Jared Arave

Nagios XI versions 5.2.6 up to 5.2.9, 5.3, and 5.4 chained remote root exploit.

tags | exploit, remote, root
advisories | CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736
SHA-256 | bb9a9ca26635c2779d5e4662eab43b6b113e781b49058727e94049827cb3f59a
Unitrends UEB 9 HTTP API/Storage Remote Root
Posted Oct 21, 2017
Authored by Benny Husted, Cale Smith, Jared Arave | Site metasploit.com

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.

tags | exploit, remote, web, arbitrary, root
advisories | CVE-2017-12478
SHA-256 | c07f8ac2534501db5e1a2107a31c98fc3673f2ae2e3ea7c80d835f8d110dc418
Unitrends UEB bpserverd Authentication Bypass / Remote Command Execution
Posted Oct 21, 2017
Authored by Benny Husted, Cale Smith, Jared Arave | Site metasploit.com

It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.

tags | exploit, remote, arbitrary, root, protocol
advisories | CVE-2017-12477
SHA-256 | 105d0c7def915f528b4d6cbefeecd7e3bcaf3c9c59297fc9da4d9ce27c8a4197
Unitrends UEB 9.1 bpserverd Remote Command Execution
Posted Oct 5, 2017
Authored by Benny Husted, Cale Smith, Jared Arave

Unitrends UEB version 9.1 bpserverd remote command execution exploit.

tags | exploit, remote
advisories | CVE-2017-12477
SHA-256 | 82f1bd41a9b91ff7fcf43dabc0f2e01ae63a3f65d7f2de5cd8bcbb8efd53673b
Unitrends UEB 9.1 Authentication Bypass / Remote Command Execution
Posted Oct 4, 2017
Authored by Benny Husted, Cale Smith, Jared Arave

Unitrends UEB version 9.1 suffers from authentication bypass and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, bypass
advisories | CVE-2017-12478
SHA-256 | dc78b0fa80eae08212c73ef783d41166b3faa9276eaa480864465d043a22739a
Unitrends UEB 9.1 Privilege Escalation
Posted Oct 4, 2017
Authored by Benny Husted, Cale Smith, Jared Arave

Unitrends UEB version 9.1 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2017-12479
SHA-256 | 5e34110454ce1173b51f2831389e35dc0b6b2e68f613b44d1cccff58bd1e3048
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close