what you don't know can hurt you
Showing 1 - 24 of 24 RSS Feed

Files from Johannes Greil

First Active2005-12-14
Last Active2018-07-04
ADB Group Manipulation Privilege Escalation
Posted Jul 4, 2018
Authored by Johannes Greil | Site sec-consult.com

An attacker with standard / low access rights within the web GUI is able to gain access to the CLI (if it has been previously disabled by the configuration) and escalate his privileges. Depending on the CLI features it is possible to extract the whole configuration and manipulate settings or gain access to debug features of the device, e.g. via "debug", "upgrade", "upload" etc. commands in the CLI. Attackers can gain access to sensitive configuration data such as VoIP credentials or other information and manipulate any settings of the device. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.

tags | exploit, web
advisories | CVE-2018-13110
MD5 | 0254447d93834f28ac860a21891adb56
ADB Authorization Bypass
Posted Jul 4, 2018
Authored by Johannes Greil | Site sec-consult.com

Depending on the firmware version/feature-set of the ISP deploying the ADB device, a standard user account may not have all settings enabled within the web GUI. An authenticated attacker is able to bypass those restrictions by adding a second slash in front of the forbidden entry of the path in the URL. It is possible to access forbidden entries within the first layer of the web GUI, any further subsequent layers/paths (sub menus) were not possible to access during testing but further exploitation can't be ruled out entirely. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.

tags | exploit, web
advisories | CVE-2018-13109
MD5 | e41c2384f02b6cc08acf7b55cfe6e66e
ADB Local Root Jailbreak
Posted Jul 4, 2018
Authored by Johannes Greil | Site sec-consult.com

ADB broadband gateways and routers suffer from a local root jailbreak vulnerability via a network file sharing flaw. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.

tags | exploit, local, root
advisories | CVE-2018-13108
MD5 | e1b1a79ae21d1cb9f872306500296cf4
Loxone Smart Home XSS / DoS / Access Control
Posted May 14, 2015
Authored by Johannes Greil | Site sec-consult.com

Loxone Smart Home versions prior to firmware 6.4.5.12 suffer from flaws including denial of service, cross site scripting, credential theft, header injection, and control of arbitrary devices.

tags | exploit, denial of service, arbitrary, xss
MD5 | d4e07a69ec7d67e3df705784c34ec43e
Snom IP Phones XSS / CSRF / Traversal / Escalation / Command Execution
Posted Jan 13, 2015
Authored by Johannes Greil | Site sec-consult.com

Snom IP phones with firmware versions prior to 8.7.5.15 suffer from authentication bypass, command execution, cross site request forgery, cross site scripting, privilege escalation, and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 481f877719848ac83238c4cad9e7bb61
Readsoft Invoice Processing / Process Director XSS / Design Issues
Posted Aug 6, 2014
Authored by Johannes Greil | Site sec-consult.com

Readsoft Invoice Processing version 5.6 and Process Director version 7.2 suffers from cross site scripting and design vulnerabilities.

tags | advisory, vulnerability, xss
MD5 | d2515cd634e002552df532d460e75923
Shopizer 1.1.5 Code Execution / XSS / CSRF / Data Manipulation
Posted Jul 11, 2014
Authored by Johannes Greil, Johannes Dahse | Site sec-consult.com

Shopizer version 1.1.5 suffers from remote command execution, cross site request forgery, cross site scripting, and data manipulation vulnerabilities.

tags | exploit, remote, vulnerability, xss, csrf
MD5 | 3af209e37aec448f8096ab7aeed1123d
NICE Recording eXpress 6.x Root Backdoor / XSS / Bypass
Posted May 30, 2014
Authored by Johannes Greil | Site sec-consult.com

NICE Recording eXpress versions 6.0.x, 6.1.x, 6.2.x, 6.3.x, and 6.5.x suffer from cross site scripting, root backdoor, unauthenticated access, fail authorization, insecure cookie handling, and remote SQL injection vulnerabilities.

tags | exploit, remote, root, vulnerability, xss, sql injection, insecure cookie handling
MD5 | 84c627abbbedce37f8fcc1d6c972b8f4
Huawei E5331 MiFi Unauthenticated Access / Setting Manipulation
Posted Mar 7, 2014
Authored by Johannes Greil | Site sec-consult.com

Huawei E5331 MiFi mobile hotspot version 21.344.11.00.414 suffers from unauthenticated access and setting manipulation vulnerabilities.

tags | exploit, vulnerability
MD5 | 189f1a2529e99cd3a66a2a786f634d06
T-Mobile Router Disclosure / Command Execution / Traversal / CSRF
Posted Jan 22, 2014
Authored by Johannes Greil | Site sec-consult.com

T-Mobile HOME NET Router LTE / Huawei B593u-12 version V100R001C54SP063 suffers from cross site request forgery, information disclosure, command injection, and directory traversal vulnerabilities.

tags | advisory, vulnerability, info disclosure, csrf
MD5 | d04f1f1b50791a3139a58196ebf49b2b
Grouplink Everything Helpdesk 10.0.3 XSS / Admin Takeover
Posted Sep 5, 2013
Authored by Johannes Greil, V. Paulikas | Site sec-consult.com

Grouplink Everything HelpDesk versions 10.0.3 and below suffers from cross site scripting and password reset vulnerabilities.

tags | advisory, vulnerability, xss
MD5 | ab61f982fe67dd203c16f9f0795a37f1
GroundWork monarch_scan.cgi OS Command Injection
Posted Apr 24, 2013
Authored by Johannes Greil, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in GroundWork 6.7.0. This software is used for network, application and cloud monitoring. The vulnerability exists in the monarch_scan.cgi, where user controlled input is used in the perl qx function, which allows any remote authenticated attacker, whatever his privileges are, to inject system commands and gain arbitrary code execution. The module has been tested successfully on GroundWork 6.7.0-br287-gw1571 as distributed within the Ubuntu 10.04 based VM appliance.

tags | exploit, remote, arbitrary, cgi, perl, code execution
systems | linux, ubuntu
advisories | OSVDB-91051
MD5 | e0748ad1d02bbc1b0c70db9e441df0dc
GroundWork Monitor Enterprise 6.7.0 SQL Injection / Command Execution
Posted Mar 8, 2013
Authored by Johannes Greil | Site sec-consult.com

GroundWork Monitor Enterprise version 6.7.0 suffers from remote SQL injection, file disclosure, command injection, and cross site scripting vulnerabilities. This is the second of two advisories documenting all the issues in GroundWork. Detailed proof of concepts were removed by the author because GroundWork is refusing to fix the underlying security issues.

tags | advisory, remote, vulnerability, xss, sql injection, proof of concept
MD5 | d3702878f4841006bba6d61916b168eb
GroundWork Monitor Enterprise 6.7.0 XSS / Disclosure / Command Execution
Posted Mar 8, 2013
Authored by Johannes Greil | Site sec-consult.com

GroundWork Monitor Enterprise version 6.7.0 suffers from insufficient authentication, file disclosure, file modification, cross site scripting, XML external entity injection, command injection, and various other vulnerabilities. Detailed proof of concepts were removed by the author because GroundWork is refusing to fix the underlying security issues.

tags | advisory, vulnerability, xss, proof of concept, xxe
MD5 | fb88b1a5c1aaa92ced6bd28b87020c26
VOXTRONIC Voxlog Professional 3.7.2.729 SQL Injection / Disclosure
Posted Feb 20, 2012
Authored by Johannes Greil | Site sec-consult.com

VOXTRONIC Voxlog Professional versions 3.7.2.729 and below suffer from file disclosure, remote code execution, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection
MD5 | dd44dc935826ca881de1db178bf05065
SecCommerce SecSigner Java Applet 3.5.0 File Upload
Posted Dec 19, 2011
Authored by Johannes Greil, Elisabeth Demeter | Site sec-consult.com

The SecCommerce SecSigner Java applet version 3.5.0 suffers from a client-side remote arbitrary file upload vulnerability.

tags | advisory, java, remote, arbitrary, file upload
MD5 | 97a68963b11eb9b926c5a86c12289388
Check Point SSL VPN Command Execution
Posted Aug 11, 2011
Authored by Johannes Greil | Site sec-consult.com

Check Point SSL VPN On-Demand applications suffer from remote file upload and command execution vulnerabilities.

tags | advisory, remote, vulnerability, file upload
advisories | CVE-2011-1827
MD5 | 915ad4b42aad95d83319f5a78098c1dd
Sawmill Enterprise Code Execution / Cross Site Request Forgery / Cross Site Scripting
Posted Oct 22, 2010
Authored by Johannes Greil | Site sec-consult.com

Sawmill Enterprise versions prior to 8.1.7.3 suffers from arbitrary code execution, cross site request forgery, cross site scripting and various other vulnerabilities. suffers from buffer overflow, cross site request forgery, cross site scripting and file disclosure vulnerabilities.

tags | exploit, overflow, arbitrary, vulnerability, code execution, xss, csrf
MD5 | 84dae5ff07d76b46a06710399212b1ff
JSFTemplating / Mojarra Scales / GlassFish File Disclosure
Posted Sep 2, 2009
Authored by Johannes Greil | Site sec-consult.com

SEC Consult Security Advisory 20090901-0 - A file disclosure vulnerability exists in JSFTemplating, Mojarra Scales, and GlassFish Application Server v3 Admin console.

tags | exploit
MD5 | 4e37d0493a93c31752609f868f47f132
LevelOne AMG-2000 Wireless AP Proxy Bypass
Posted Apr 29, 2009
Authored by Johannes Greil | Site sec-consult.com

SEC Consult Security Advisory 20090429-0 - LevelOne AMG-2000 Wireless AP Management Gateway suffers from proxy bypass and plain text vulnerabilities.

tags | exploit, vulnerability
MD5 | 1acca6056a6eb86cbec0f49635149fa5
wirelesslan.pdf
Posted Aug 19, 2008
Authored by Johannes Greil | Site sec-consult.com

Wireless LAN Attacks - What you need to know or a simple guide to WEP/WPA-PSK cracking. Written in German.

tags | paper
MD5 | 7419b692e5dd4208687c98de6b8d59fe
SA-20070722-0.txt
Posted Jul 23, 2007
Authored by Johannes Greil | Site sec-consult.com

SEC Consult Security Advisory - SEC Consult has discovered an arbitrary code execution flaw in Joomla! version 1.5 beta 2.

tags | exploit, arbitrary, code execution
MD5 | 0eaa4db5b506cf61eee2ea96becdde66
SA-20070509-0.txt
Posted May 10, 2007
Authored by Johannes Greil | Site sec-consult.com

SEC Consult Security Advisory 20070509-0 - The Nokia Intellisync Mobile Suite is susceptible to cross site scripting, source code disclosure, and denial of service vulnerabilities. Details provided. Versions known vulnerable include 6.4.31.2, 6.6.0.107, and 6.6.2.2.

tags | exploit, denial of service, vulnerability, xss
MD5 | a1c8532f618a799a07f22f81e3e18cbf
SEC-20051211-0.txt
Posted Dec 14, 2005
Authored by Johannes Greil | Site sec-consult.com

SEC-CONSULT Security Advisory 20051211-0 - Horde versions 3.0.7 and below, Kronolith versions 2.0.5 and below, Mnemo version 2.0.2 and below, Nag versions 2.0.3 and below, and Turba versions 2.0.4 and below are susceptible to cross site scripting attacks.

tags | exploit, xss
MD5 | cd3e50c6d30cf26aab9c6ebd6280f69c
Page 1 of 1
Back1Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    10 Files
  • 23
    Apr 23rd
    22 Files
  • 24
    Apr 24th
    4 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close