exploit the possibilities
Showing 1 - 25 of 96 RSS Feed

Files from Jeremy Brown

Real NameJeremy Brown
Email addressprivate
Websitewww.patchtuesday.org
First Active2008-07-15
Last Active2019-12-02
View User Profile
Ajenti 2.1.31 Command Injection
Posted Dec 2, 2019
Authored by Jeremy Brown, Onur ER | Site metasploit.com

This Metasploit module exploits a command injection in Ajenti version 2.1.31. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.

tags | exploit, shell
MD5 | 7c4130c9c91b99ff51567ab20d19ea6e
Podman / Varlink Remote Code Execution
Posted Oct 15, 2019
Authored by Jeremy Brown

Remote exploit for Podman when configured with Varlink that allows for remote command execution, denial of service, directory traversal, and information disclosure vulnerabilities.

tags | exploit, remote, denial of service, vulnerability, info disclosure
MD5 | 877a6bf3a116aaaf342e4d3eba5c9537
Ajenti Remote Command Execution
Posted Oct 11, 2019
Authored by Jeremy Brown

Ajenti suffers from a remote command execution vulnerability.

tags | exploit, remote
MD5 | 132a31448e87adbe514497f20f8d446f
Whale Win32 Attack Surface Toolkit
Posted Dec 7, 2016
Authored by Jeremy Brown

Whale in a win32 attack surface toolkit written in C#. It's capable of monitoring many of different areas of the Windows for new and removed kernel objects, open ports, drivers, services and much more. It also allows a user to test for different bug classes and has found a few interesting issues across the sub-systems.

tags | tool, kernel
systems | windows, 32
MD5 | 7c7cd88d5b54f9d2ccbe3d190ca4c39e
Microsoft Windows 10 x86/x64 WLAN AutoConfig Named Pipe Proof Of Concept
Posted Dec 7, 2016
Authored by Jeremy Brown

Microsoft Windows 10 x86/x64 build 10.0.14393 WLAN autoconfig named pipe denial of service proof of concept exploit.

tags | exploit, denial of service, x86, proof of concept
systems | windows
MD5 | d78a9bd236d6a1942ee373d12364f61f
BlackStratus LOGStorm 4.5.1.35 / 4.5.1.96 Remote Root
Posted Dec 5, 2016
Authored by Jeremy Brown

BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among other things, to assume complete control over the virtual appliance with root privileges. This is possible due to multiple network servers listening for network connections by default, allowing authorization with undocumented credentials supported by appliance's OS, web interface and sql server. Versions 4.5.1.35 and 4.5.1.96 are affected.

tags | exploit, remote, web, root, vulnerability
MD5 | 229e9c7351054e6f28651057eb3cffda
ShakeIt Grammar Mutation Engine Fuzzer
Posted Nov 30, 2015
Authored by Jeremy Brown

ShakeIt is a grammar mutation engine targeting browsers and PDF readers. For a given input, such as a web page or PDF file, and an output location, it will generate N mutated test cases. It was implemented in C#, but can be ported to other languages and is meant to fit within an existing fuzzing framework.

tags | tool, web, fuzzer
MD5 | 54c861884798451395aeaab5988a76c7
Portmanteau Unix Driver IOCTL Security Tool
Posted Nov 5, 2015
Authored by Jeremy Brown

Portmanteau is an experimental unix driver IOCTL security tool that is useful for fuzzing and discovering device driver attack surface.

tags | tool
systems | unix
MD5 | e1ff72313a6273d9d6517fa2acc9504a
Libmimedir VCF Memory Corruption Proof Of Concept
Posted Jun 11, 2015
Authored by Jeremy Brown

Libmimedir suffers from a memory corruption vulnerability. Adding two NULL bytes to the end of a VCF file allows a user to manipulate free() calls which occur during it's lexer's memory clean-up procedure. This could lead to exploitable conditions such as crafting a specific memory chunk to allow for arbitrary code execution.

tags | exploit, arbitrary
advisories | CVE-2015-3205
MD5 | 1df4218448d7ac2e97f07d47f005d627
Seagate Central Remote Root
Posted Jun 4, 2015
Authored by Jeremy Brown

Seagate Central by default has a passwordless root account (and no option to change it). This exploit logs into the ftp server and uploads a php shell to the webroot. From there, the uploaded shell can execute commands with root privileges as lighttpd.

tags | exploit, shell, root, php
MD5 | 2a6158d11c1b40429f00b3cddeb09daf
Seagate Central Remote Facebook Access Token
Posted Jun 4, 2015
Authored by Jeremy Brown

Seagate Central stores linked Facebook account access tokens in /etc/archive_accounts.ser and this exploit takes advantage of two bugs - Passwordless root login via FTP to retrieve archive_accounts.ser file which contains access tokens and reuses the unencrypted and unprotected (-rw-r--r--) access tokens for a chosen scope to return data.

tags | exploit, root
MD5 | 7cd4d2e2bae235e1c45b77da702e1e5f
Comodo GeekBuddy Local Privilege Escalation
Posted May 20, 2015
Authored by Jeremy Brown

Comodo GeekBuddy, which is bundled with Comodo Anti-Virus, Comodo Firewall, and Comodo Internet Security, runs a passwordless, background VNC server and listens for incoming connections. This can allow for at least local privilege escalation on several platforms. It also may be remotely exploitable via CSRF-like attacks utilizing a modified web-based VNC client (eg. a Java VNC client).

tags | exploit, java, web, local, virus
MD5 | 9fc05c99e3ced7baa78fc5b8a35e8e13
EMC PowerPath Virtual Appliance Undocumented User Accounts
Posted Apr 1, 2015
Authored by Jeremy Brown | Site emc.com

EMC PowerPath vApp contains undocumented user accounts that may potentially be utilized by malicious users to gain limited unauthorized access to the system. Version 1.x is affected.

tags | advisory
advisories | CVE-2015-0529
MD5 | c7eff923a0c604ac98bf2cc310e95742
ClearSCADA Remote Authentication Bypass
Posted Jan 29, 2015
Authored by Jeremy Brown

There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in dbserver.exe and taking advantage of the way the program handles it.

tags | exploit, bypass
advisories | OSVDB-75022
MD5 | 5a91b8965b0bd7e42547ec87525ee02b
OpenOffice DOC Memory Corruption
Posted Jul 26, 2013
Authored by Jeremy Brown

Apache OpenOffice suffers from a vulnerability that is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified. Versions affected include Apache OpenOffice 3.4.0 to 3.4.1 on all platforms.

tags | advisory
advisories | CVE-2013-2189
MD5 | 5ff23bea25fe066db860831c72f1dc8a
VMWare OVF Tools Format String
Posted Feb 6, 2013
Authored by Jeremy Brown, juan vazquez | Site metasploit.com

This Metasploit module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.

tags | exploit
systems | windows, xp
advisories | CVE-2012-3569, OSVDB-87117
MD5 | c305987e1b5b0f2ca5be4dc99b9547a1
VMWare OVF Tools Format String
Posted Feb 6, 2013
Authored by Jeremy Brown, juan vazquez | Site metasploit.com

This Metasploit module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.

tags | exploit
systems | windows, xp
advisories | CVE-2012-3569, OSVDB-87117
MD5 | f525bc1c9d5f21294e79afd950a4acc6
Enterasys NetSight nssyslogd.exe Buffer Overflow
Posted Jan 4, 2013
Authored by Jeremy Brown | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Enterasys NetSight. The vulnerability exists in the Syslog service (nssylogd.exe) when parsing a specially crafted PRIO from a syslog message. The module has been tested successfully on Enterasys NetSight 4.0.1.34 over Windows XP SP3 and Windows 2003 SP2.

tags | exploit, overflow
systems | windows, xp
advisories | CVE-2011-5227, OSVDB-77971
MD5 | 94b5565ea73b5e2ffa5148137c79b1af
IBM Tivoli Endpoint Manager POST Query Buffer Overflow
Posted Jun 12, 2011
Authored by bannedit, Jeremy Brown | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the way IBM Tivoli Endpoint Manager versions 3.7.1, 4.1, 4.1.1, 4.3.1 handles long POST query arguments. This issue can be triggered by sending a specially crafted HTTP POST request to the service (lcfd.exe) listening on TCP port 9495. To trigger this issue authorization is required. This exploit makes use of a second vulnerability, a hardcoded account (tivoli/boss) is used to bypass the authorization restriction.

tags | exploit, web, overflow, tcp
advisories | CVE-2011-1220, OSVDB-72713, OSVDB-72751
MD5 | f4e153a01dd05f0e3c4c1173454eb40f
IBM Tivoli Endpoint 4.1.1 Buffer Overflow / Hard-Coded Credentials
Posted Jun 7, 2011
Authored by Jeremy Brown

IBM Tivoli Endpoint version 4.1.1 remote SYSTEM exploit that leverages hard-coded base64 encoded authentication credentials in lcfd.exe and a stack-based buffer overflow when parsing HTTP variable values. Spawns a reverse shell to port 4444.

tags | exploit, remote, web, overflow, shell
MD5 | d362cf0faaea6135df8339096fcdd871
Progea Movicon TCPUploadServer Arbitrary Execution
Posted Mar 23, 2011
Authored by Jeremy Brown

The Progea Movicon 11 TCPUploadServer allows remote users to execute functions on the server without any form of authentication. Impacts include deletion of arbitrary files, execution of a program with an arbitrary argument, crashing the server, information disclosure, and more. This design flaw puts the host running this server at risk of potentially unauthorized functions being executed on the system.

tags | exploit, remote, arbitrary, info disclosure
MD5 | dbbf94c4467d62e7aa1ccc702f83fc50
IGSS 8 ODBC Server Denial Of Service
Posted Mar 23, 2011
Authored by Jeremy Brown

There are multiple remote uninitialized pointer free conditions in IGSS's ODBC server. By sending a specially crafted packet to listening port 20222, it is possible to crash the server. Execution of arbitrary code is unlikely.

tags | exploit, remote, denial of service, arbitrary
MD5 | d6b39ed72c2fbc76c2bd9f3bb6cb601b
Automated Solutions Modbus/TCP OPC Server Heap Corruption
Posted Jan 25, 2011
Authored by Jeremy Brown

Automated Solutions Modbus/TCP OPC server remote heap corruption proof of concept exploit.

tags | exploit, remote, tcp, proof of concept
MD5 | 8ab74316a0a72aa7090d0e3cbe065899
Objectivity/DB Lack Of Authentication
Posted Jan 14, 2011
Authored by Jeremy Brown

Objectivity/DB includes many different tools for administration. The problem is, anyone can use these tools to perform operations on the host running the lock server, advanced multithreaded server, and probably it's other servers as well, without any authentication. This design flaw puts the host running these servers at risk of potentially unauthorized operations being performed on the system, locally or remotely. This exploit demonstrates this issue and was tested on Objectivity/DB 10 running on Windows.

tags | exploit
systems | windows
MD5 | b3a1c91160229b1a6518a12d9b050459
Ecava IntegraXor Remote Active-X Buffer Overflow
Posted Dec 18, 2010
Authored by Jeremy Brown

Ecava IntegraXor remote active-x buffer overflow proof of concept exploit that leverages a buffer overflow vulnerability.

tags | exploit, remote, overflow, activex, proof of concept
MD5 | 1988f543836c832b50d2b5ad2c68782e
Page 1 of 4
Back1234Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    2 Files
  • 30
    Nov 30th
    17 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close