exploit the possibilities
Showing 1 - 25 of 109 RSS Feed

Files from Jeremy Brown

Real NameJeremy Brown
Email addressprivate
Websitewww.patchtuesday.org
First Active2008-07-15
Last Active2021-08-04
View User Profile
Riak Insecure Default Configuration / Remote Command Execution
Posted Aug 4, 2021
Authored by Jeremy Brown

Riak runs as an Erlang service configured with a default cookie of riak that allows for remote command execution if not modified before use.

tags | exploit, remote
MD5 | 15cc4108a20bbd107a3861961401ba62
Okta Access Gateway 2020.5.5 Authenticated Remote Root
Posted Jul 7, 2021
Authored by Jeremy Brown

Okta Access Gateway version 2020.5.5 suffers from multiple authenticated remote root command injection vulnerabilities.

tags | exploit, remote, root, vulnerability
advisories | CVE-2021-28113
MD5 | 117cdacc6c045a9f6239a8f7082bfc82
Docker Dashboard Remote Command Execution
Posted Jul 7, 2021
Authored by Jeremy Brown

Docker Dashboard suffers from a remote command execution vulnerability. The fix is added in commit 79cdc41.

tags | exploit, remote
advisories | CVE-2021-27886
MD5 | 4c29691af5fd9c2080f1f24e78725fe6
HPE RDA-CAS 1.23.826 Denial Of Service
Posted Jun 23, 2021
Authored by Jeremy Brown

HPE RDA-CAS version 1.23.826 remote denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 52393acabc0419fe8daf4eb578d8ab61
Cisco Modeling Labs 2.1.1-b19 Remote Command Execution
Posted Jun 23, 2021
Authored by Jeremy Brown

Cisco Modeling Labs version 2.1.1-b19 remote command execution exploit.

tags | exploit, remote
systems | cisco
advisories | CVE-2021-1531
MD5 | a1d30ba3be5b867dccae401fb8872c58
F5 BIG-IQ VE 8.0.0-2923215 Remote Root
Posted Jun 23, 2021
Authored by Jeremy Brown

F5 BIG-IQ VE version 8.0.0-2923215 post-authentication remote root code execution exploit.

tags | exploit, remote, root, code execution
advisories | CVE-2021-23024
MD5 | a11dfe5c02989bd70fe132ae0aa3fd92
PIMT 1.0
Posted Jan 4, 2021
Authored by Jeremy Brown | Site github.com

PIMT is a Public Infrastructure Monitoring Tool (pronounced PIM-tee). It queries common recon tools for publicly available data regarding particular organizations based on the domains and keywords provided. It is not meant to provide complete coverage for every external asset that belongs to a company as attackers usually do not have this detailed info or mapping either. One can use it to paint some sort of picture of what external attackers may be looking at, the changes occurring over time and insight for how to further harden the perimeter. The key idea being to provide valuable data to red teams as well as addition al monitoring capabilities for defenders.

tags | tool
systems | unix
MD5 | 15640e4fe41be31efdca68b52b77e376
Zoom 4.6.239.20200613 Meeting Connector Post-Auth Remote Root
Posted Dec 31, 2020
Authored by Jeremy Brown

Zoom version 4.6.239.20200613 suffers from a Meeting Connector post-authentication remote root code execution vulnerability via the proxy server functionality. The latest Zoom client has this issue patched per Zoom.

tags | exploit, remote, root, code execution
MD5 | 502538df7bfbda265c17c493f89179b7
Openpilot Default SSH Key Scanner
Posted Dec 31, 2020
Authored by Jeremy Brown

Openpilot has a default SSH key that can allow attackers remote access if not changed. This script port scans and attempts to login to Openpilot SSH servers with the default key.

tags | exploit, remote
MD5 | b9e467ddb7a4cfc15deec4d13e92486a
HPE Edgeline Infrastructure Manager Improper Authorization
Posted Dec 29, 2020
Authored by Jeremy Brown

HPE Edgeline Infrastructure Manager suffers from multiple broken authorization flows that allow for administrative function access without authenticating and can allow for arbitrary password changes.

tags | exploit, arbitrary
MD5 | 75012bca2029a5ddfe8ad8255b3f5f1b
Cassandra Web 0.5.0 Remote File Read
Posted Dec 29, 2020
Authored by Jeremy Brown

Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for the server to auth to it and provide the web access, so they are also one thing that can be captured via the arbitrary file read. Version 0.5.0 is affected.

tags | exploit, web, arbitrary
MD5 | 5d45ddf35f9f55300493bfefe8020924
Stratodesk NoTouch Center Privilege Escalation
Posted Dec 21, 2020
Authored by Jeremy Brown

Stratodesk NoTouch Center virtual appliance suffers from a privilege escalation vulnerability. This was addressed in version 4.4.68.

tags | exploit
advisories | CVE-2020-25917
MD5 | f6ac4d9b376df40c169c841245383a04
Erlang Bytecode String Converter
Posted Dec 21, 2020
Authored by Jeremy Brown

estr2bc is a python script to convert arbitrary string input to Erlang bytecode.

tags | tool, arbitrary, python
systems | unix
MD5 | 095fa28eaa19faca6a6c82b238094580
Ajenti 2.1.31 Command Injection
Posted Dec 2, 2019
Authored by Jeremy Brown, Onur ER | Site metasploit.com

This Metasploit module exploits a command injection in Ajenti version 2.1.31. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.

tags | exploit, shell
MD5 | 7c4130c9c91b99ff51567ab20d19ea6e
Podman / Varlink Remote Code Execution
Posted Oct 15, 2019
Authored by Jeremy Brown

Remote exploit for Podman when configured with Varlink that allows for remote command execution, denial of service, directory traversal, and information disclosure vulnerabilities.

tags | exploit, remote, denial of service, vulnerability, info disclosure
MD5 | 877a6bf3a116aaaf342e4d3eba5c9537
Ajenti Remote Command Execution
Posted Oct 11, 2019
Authored by Jeremy Brown

Ajenti suffers from a remote command execution vulnerability.

tags | exploit, remote
MD5 | 132a31448e87adbe514497f20f8d446f
Whale Win32 Attack Surface Toolkit
Posted Dec 7, 2016
Authored by Jeremy Brown

Whale in a win32 attack surface toolkit written in C#. It's capable of monitoring many of different areas of the Windows for new and removed kernel objects, open ports, drivers, services and much more. It also allows a user to test for different bug classes and has found a few interesting issues across the sub-systems.

tags | tool, kernel
systems | windows, 32
MD5 | 7c7cd88d5b54f9d2ccbe3d190ca4c39e
Microsoft Windows 10 x86/x64 WLAN AutoConfig Named Pipe Proof Of Concept
Posted Dec 7, 2016
Authored by Jeremy Brown

Microsoft Windows 10 x86/x64 build 10.0.14393 WLAN autoconfig named pipe denial of service proof of concept exploit.

tags | exploit, denial of service, x86, proof of concept
systems | windows
MD5 | d78a9bd236d6a1942ee373d12364f61f
BlackStratus LOGStorm 4.5.1.35 / 4.5.1.96 Remote Root
Posted Dec 5, 2016
Authored by Jeremy Brown

BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among other things, to assume complete control over the virtual appliance with root privileges. This is possible due to multiple network servers listening for network connections by default, allowing authorization with undocumented credentials supported by appliance's OS, web interface and sql server. Versions 4.5.1.35 and 4.5.1.96 are affected.

tags | exploit, remote, web, root, vulnerability
MD5 | 229e9c7351054e6f28651057eb3cffda
ShakeIt Grammar Mutation Engine Fuzzer
Posted Nov 30, 2015
Authored by Jeremy Brown

ShakeIt is a grammar mutation engine targeting browsers and PDF readers. For a given input, such as a web page or PDF file, and an output location, it will generate N mutated test cases. It was implemented in C#, but can be ported to other languages and is meant to fit within an existing fuzzing framework.

tags | tool, web, fuzzer
MD5 | 54c861884798451395aeaab5988a76c7
Portmanteau Unix Driver IOCTL Security Tool
Posted Nov 5, 2015
Authored by Jeremy Brown

Portmanteau is an experimental unix driver IOCTL security tool that is useful for fuzzing and discovering device driver attack surface.

tags | tool
systems | unix
MD5 | e1ff72313a6273d9d6517fa2acc9504a
Libmimedir VCF Memory Corruption Proof Of Concept
Posted Jun 11, 2015
Authored by Jeremy Brown

Libmimedir suffers from a memory corruption vulnerability. Adding two NULL bytes to the end of a VCF file allows a user to manipulate free() calls which occur during it's lexer's memory clean-up procedure. This could lead to exploitable conditions such as crafting a specific memory chunk to allow for arbitrary code execution.

tags | exploit, arbitrary
advisories | CVE-2015-3205
MD5 | 1df4218448d7ac2e97f07d47f005d627
Seagate Central Remote Root
Posted Jun 4, 2015
Authored by Jeremy Brown

Seagate Central by default has a passwordless root account (and no option to change it). This exploit logs into the ftp server and uploads a php shell to the webroot. From there, the uploaded shell can execute commands with root privileges as lighttpd.

tags | exploit, shell, root, php
MD5 | 2a6158d11c1b40429f00b3cddeb09daf
Seagate Central Remote Facebook Access Token
Posted Jun 4, 2015
Authored by Jeremy Brown

Seagate Central stores linked Facebook account access tokens in /etc/archive_accounts.ser and this exploit takes advantage of two bugs - Passwordless root login via FTP to retrieve archive_accounts.ser file which contains access tokens and reuses the unencrypted and unprotected (-rw-r--r--) access tokens for a chosen scope to return data.

tags | exploit, root
MD5 | 7cd4d2e2bae235e1c45b77da702e1e5f
Comodo GeekBuddy Local Privilege Escalation
Posted May 20, 2015
Authored by Jeremy Brown

Comodo GeekBuddy, which is bundled with Comodo Anti-Virus, Comodo Firewall, and Comodo Internet Security, runs a passwordless, background VNC server and listens for incoming connections. This can allow for at least local privilege escalation on several platforms. It also may be remotely exploitable via CSRF-like attacks utilizing a modified web-based VNC client (eg. a Java VNC client).

tags | exploit, java, web, local, virus
MD5 | 9fc05c99e3ced7baa78fc5b8a35e8e13
Page 1 of 5
Back12345Next

File Archive:

August 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    1 Files
  • 2
    Aug 2nd
    7 Files
  • 3
    Aug 3rd
    5 Files
  • 4
    Aug 4th
    7 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close