what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

Files from Chris Lyne

First Active2017-12-02
Last Active2020-07-17
Plex Unpickle Dict Windows Remote Code Execution
Posted Jul 17, 2020
Authored by h00die, Chris Lyne | Site metasploit.com

This Metasploit module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the Windows only Plex variable LocalAppDataPath to the newly created photo library, a file named Dict will be unpickled, which causes remote code execution as the user who started Plex. Plex_Token is required, to get it you need to log-in through a web browser, then check the requests to grab the X-Plex-Token header. See info -d for additional details. If an exploit fails, or is cancelled, Dict is left on disk, a new ALBUM_NAME will be required as subsequent writes will make Dict-1, and not execute.

tags | exploit, remote, web, arbitrary, code execution, python
systems | windows
advisories | CVE-2020-5741
MD5 | 41eb0c77f9b7de3ab74e8c47a61a86c3
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Posted May 12, 2020
Authored by Brendan Coles, Chris Lyne | Site metasploit.com

Druva inSync client for Windows exposes a network service on TCP port 6064 on the local network interface. inSync versions 6.5.2 and prior do not validate user-supplied program paths in RPC type 5 messages, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested successfully on inSync version 6.5.2r99097 on Windows 7 SP1 (x64).

tags | exploit, arbitrary, local, tcp
systems | windows, 7
advisories | CVE-2019-3999
MD5 | c631ada55c0c2348cdd0af3ac42a8258
Druva inSync Windows Client 6.5.2 Privilege Escalation
Posted Apr 29, 2020
Authored by Chris Lyne

Druva inSync Windows Client version 6.5.2 suffers from a local privilege escalation vulnerability.

tags | exploit, local
systems | windows
advisories | CVE-2019-3999
MD5 | 8f9e26da527f8060a8ddce66165678c8
Citrix SD-WAN Appliance 10.2.2 Authentication Bypass / Remote Command Execution
Posted Jul 15, 2019
Authored by Chris Lyne

Citrix SD-WAN Appliance version 10.2.2 suffers from authentication bypass and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, bypass
advisories | CVE-2019-12989, CVE-2019-12991
MD5 | 1c552352db4cb01f5841843a21926509
Nagios XI Magpie_debug.php Root Remote Code Execution
Posted Jun 25, 2019
Authored by Chris Lyne, Guillaume Andre | Site metasploit.com

This Metasploit module exploits two vulnerabilities in Nagios XI 5.5.6. One allows for unauthenticated remote code execution and another allows for local privilege escalation. When combined, these two vulnerabilities give us a root reverse shell.

tags | exploit, remote, shell, local, root, vulnerability, code execution
advisories | CVE-2018-15708, CVE-2018-15710
MD5 | 6f7a8dbb53ba27c5718670f3c77faad2
Nagios XI 5.5.6 Remote Code Execution / Privilege Escalation
Posted Jan 23, 2019
Authored by Chris Lyne

Nagios XI version 5.5.6 suffers from remote code execution and privilege escalation vulnerabilities.

tags | exploit, remote, vulnerability, code execution
advisories | CVE-2018-15708, CVE-2018-15710
MD5 | 9db3bf9447a6e05a531207e50c4eafd9
Advantech WebAccess SCADA 8.3.2 Remote Code Execution
Posted Nov 5, 2018
Authored by Chris Lyne

Advantech WebAccess SCADA version 8.3.2 suffers from a code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2018-15705, CVE-2018-15707
MD5 | 727aaf04dd2f0fb7bd5914eeb8b226cf
Advantech WebAccess webvrpcs Buffer Overflow
Posted Mar 30, 2018
Authored by Chris Lyne

Advantech WebAccess versions prior to 8.1 webvrpcs DrawSrv.dll path BwBuildPath stack-based buffer overflow remote code execution exploit.

tags | exploit, remote, overflow, code execution
advisories | CVE-2016-0856
MD5 | d00ffd5fd32ca5259aff391734a6ec46
Advantech WebAccess Directory Traversal / Remote Code Execution
Posted Mar 13, 2018
Authored by Chris Lyne

Advantech WebAccess versions less than 8.3 suffer from directory traversal and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
advisories | CVE-2017-16720
MD5 | e67eb41a2e88e0a2d0c8cb8b0a15388b
Advantech WebAccess 8.0-2015.08.16 SQL Injection
Posted Jan 29, 2018
Authored by Chris Lyne

Advantech WebAccess version 8.0-2015.08.16 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-16716
MD5 | a8f1fb75073d4488b95ed11ac0198cf5
HPE iMC 7.3 RMI Java Deserialization
Posted Jan 29, 2018
Authored by Chris Lyne

HPE iMC version 7.3 suffers from an RMI java deserialization vulnerability.

tags | exploit, java
advisories | CVE-2017-5792
MD5 | 008853aa2d74dceeb9a610639d73d721
HPE iMC dbman RestoreDBase Unauthenticated Remote Command Execution
Posted Jan 10, 2018
Authored by Chris Lyne, sztivi | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restore a user-specified database (OpCode 10007), however the database connection username is not sanitized resulting in command injection, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This Metasploit module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN).

tags | exploit, remote, arbitrary, tcp
systems | windows, 7
advisories | CVE-2017-5817
MD5 | 252d40a332488ae10b75261fe5cefc7d
HPE iMC dbman RestartDB Unauthenticated Remote Command Execution
Posted Jan 10, 2018
Authored by Chris Lyne, sztivi | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restart a user-specified database instance (OpCode 10008), however the instance ID is not sanitized, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This Metasploit module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN).

tags | exploit, remote, arbitrary, tcp
systems | windows, 7
advisories | CVE-2017-5816
MD5 | 5919ea7fa37b5b123d15780fb9eca50b
HP iMC Plat 7.2 Remote Code Execution
Posted Dec 2, 2017
Authored by Chris Lyne

HP iMC Plat version 7.2 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-5816
MD5 | 8baebfa60a6f51e59e3521de21d45b0a
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    1 Files
  • 27
    Sep 27th
    1 Files
  • 28
    Sep 28th
    20 Files
  • 29
    Sep 29th
    11 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close