Twenty Year Anniversary
Showing 1 - 25 of 145 RSS Feed

Files from mr_me

Email addresssteventhomasseeley at gmail.com
First Active2009-08-18
Last Active2018-12-04
HP Intelligent Management Java Deserialization Remote Code Execution
Posted Dec 4, 2018
Authored by mr_me, Carsten MaartmannMoe | Site metasploit.com

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebDMDebugServlet, which listens on TCP ports 8080 and 8443 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM.

tags | exploit, remote, arbitrary, tcp
advisories | CVE-2017-12557
MD5 | 7f78f8ca23ae637a5eaf4c38011cf48c
Foxit PDF Reader 9.0.1.1049 Pointer Overwrite Use-After-Free
Posted Aug 24, 2018
Authored by mr_me, saelo, Jacob Robles, bit from meepwnn | Site metasploit.com

Foxit PDF Reader version 9.0.1.1049 has a use-after-free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A ROP chain can be constructed that will execute when Foxit Reader performs the UAF.

tags | exploit, vulnerability
advisories | CVE-2018-9948, CVE-2018-9958
MD5 | e97b836581258dc59d81b67b330175e8
Easylogin Pro 1.3.0 Remote Code Execution
Posted Aug 21, 2018
Authored by mr_me

Easylogin Pro version 1.3.0 suffers from an a deserialization issue in Encryptor.php that permits a code execution vulnerability.

tags | exploit, php, code execution
advisories | CVE-2018-15576
MD5 | 03801bbaa56a11377a136ef865c65bf3
Foxit Reader 9.0.1.1049 Remote Code Execution
Posted Jun 25, 2018
Authored by mr_me

Foxit Reader version 9.0.1.1049 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-9948, CVE-2018-9958
MD5 | 18c5cf283845b752e51836f38737a0c2
HPE iMC 7.3 Remote Code Execution
Posted May 18, 2018
Authored by mr_me, trendytofu | Site metasploit.com

This Metasploit module exploits an expression language injection vulnerability, along with an authentication bypass vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04 to achieve remote code execution. The HP iMC server suffers from multiple vulnerabilities allows unauthenticated attacker to execute arbitrary Expression Language via the beanName parameter, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 8080 and 8443 by default. This Metasploit module has been tested successfully on iMC PLAT v7.3(E0504P02) on Windows 2k12r2 x64 (EN).

tags | exploit, remote, arbitrary, tcp, vulnerability, code execution, bypass
systems | windows
advisories | CVE-2017-12500, CVE-2017-8982
MD5 | 409c199dae62513789f6016cba7903bd
Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Remote Code Execution
Posted Jan 28, 2018
Authored by mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
MD5 | f56935b7186a1bb0e06c683d70145e04
Synology Photo Station 6.8.2-3461 Remote Code Execution
Posted Jan 16, 2018
Authored by mr_me

Synology Photo Station versions 6.8.2-3461 and below suffer from a SYNOPHOTO_Flickr_MultiUpload race condition file write remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 002d213668c73ba8abd31e0de406c636
Kingsoft Antivirus / Internet Security 9+ Privilege Escalation
Posted Jan 4, 2018
Authored by mr_me

Kingsoft Antivirus / Internet Security version 9+ suffers from privilege escalation vulnerability.

tags | exploit
MD5 | 4cf2427589e849acac46487ad7c7fe58
Advantech WebAccess 8.2 Stack Buffer Overflow
Posted Dec 13, 2017
Authored by mr_me | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Advantech WebAccess version 8.2. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2017-14016
MD5 | 84628f5a2ed1fc38ada967ebdff3e267
Oracle Java SE Wv8u131 Information Disclosure
Posted Nov 2, 2017
Authored by mr_me

Oracle Java SE installs a protocol handler in the registry as "HKEY_CLASSES_ROOT\jnlp\Shell\Open\Command\Default" 'C:\Program Files\Java\jre1.8.0_131\bin\jp2launcher.exe" -securejws "%1"'. This can allow allow an attacker to launch remote jnlp files with little user interaction. A malicious jnlp file containing a crafted XML XXE attack can be leveraged to disclose files, cause a denial of service or trigger SSRF. Versions v8u131 and below are affected.

tags | exploit, java, remote, denial of service, shell, registry, protocol, info disclosure, xxe
advisories | CVE-2017-10309
MD5 | 1e5c74e4370cfb11bd675efce53eb688
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
Posted Oct 12, 2017
Authored by mr_me, Mehmet Ince | Site metasploit.com

This Metasploit module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. Trend Micro IMSVA product have widget feature which is implemented with PHP. Insecurely configured web server exposes diagnostic.log file, which leads to an extraction of JSESSIONID value from administrator session. Proxy.php files under the mod TMCSS folder takes multiple parameter but the process does not properly validate a user-supplied string before using it to execute a system call. Due to combination of these vulnerabilities, unauthenticated users can execute a terminal command under the context of the web server user.

tags | exploit, web, php, tcp, vulnerability
MD5 | c596a4696eab69db88b173ffa1c4b5fb
Trend Micro OfficeScan Remote Code Execution
Posted Oct 10, 2017
Authored by mr_me, Mehmet Ince | Site metasploit.com

This Metasploit module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. The Trend Micro Officescan product has a widget feature which is implemented with PHP. Talker.php takes ack and hash parameters but doesn't validate these values, which leads to an authentication bypass for the widget. Proxy.php files under the mod TMCSS folder take multiple parameters but the process does not properly validate a user-supplied string before using it to execute a system call. Due to combination of these vulnerabilities, unauthenticated users can execute a terminal command under the context of the web server user.

tags | exploit, web, php, tcp, vulnerability
MD5 | 02f022c47acfeb55ae34578721c1b3be
Jungo DriverWizard WinDriver 12.4.0 Overflow
Posted Sep 12, 2017
Authored by mr_me

Jungo DriverWizard WinDriver versions 12.4.0 and below suffer from a kernel pool overflow vulnerability.

tags | exploit, overflow, kernel
advisories | CVE-2017-14344
MD5 | a86d6b73057080faf790fe404c28e2d0
Jungo DriverWizard WinDrive Overflow
Posted Sep 7, 2017
Authored by mr_me

Jungo DriverWizard WinDrive suffers from a kernel pool overflow vulnerability.

tags | exploit, overflow, kernel
advisories | CVE-2017-14153
MD5 | eb4b94ca20d9b324a50f0d3ed5dbbed4
Jungo DriverWizard WinDrive OOB Write Privilege Escalation
Posted Sep 7, 2017
Authored by mr_me

Jungo DriverWizard WinDriver suffers from a kernel out-of-bounds write privilege escalation vulnerability.

tags | exploit, kernel
advisories | CVE-2017-14075
MD5 | 6edc74e9034a9a04f7346f71a99e0576
Nitro Pro PDF Reader 11.0.3.173 Remote Code Execution
Posted Aug 2, 2017
Authored by mr_me, sinn3r, Brendan Coles | Site metasploit.com

This Metasploit module exploits an unsafe Javascript API implemented in Nitro and Nitro Pro PDF Reader version 11. The saveAs() Javascript API function allows for writing arbitrary files to the file system. Additionally, the launchURL() function allows an attacker to execute local files on the file system and bypass the security dialog Note: This is 100% reliable.

tags | exploit, arbitrary, local, javascript
advisories | CVE-2017-7442
MD5 | 18ea66b3d4ade909dbf22fe503cf7764
Lepide Auditor Suite Remote Code Execution
Posted Jul 5, 2017
Authored by mr_me

Lepide Auditor Suite suffers from a createdb() web console database injection remote code execution vulnerability.

tags | exploit, remote, web, code execution
MD5 | c321780097e33a5c5eef179bd4d418c0
Trend Micro Threat Discovery Appliance 2.6.1062r1 Session Generation Authentication Bypass
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a session generation authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2016-8584
MD5 | 005e0bebe474fcf55e7c7e59c977ddc0
Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Information Disclosure
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi information disclosure vulnerability.

tags | exploit, cgi, info disclosure
advisories | CVE-2016-7547
MD5 | 1adf882631024240e0ddc894cd726f0b
Trend Micro Threat Discovery Appliance 2.6.1062r1 logoff.cgi Directory Traversal
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logoff.cgi directory traversal authentication bypass vulnerability.

tags | exploit, cgi, bypass, file inclusion
advisories | CVE-2016-7552
MD5 | e64dcba98301f1ab384f8984e9224a9b
Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an admin_sys_time.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8585
MD5 | 3cf21d2a823e33a734b8a40da596090a
Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a admin_sys_time.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8585
MD5 | 7f4e75e562a262a818281920334a6854
Trend Micro Threat Discovery Appliance 2.6.1062r1 detected_potential_files.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a detected_potential_files.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8586
MD5 | aa20468f976a8f6eddbfec0fe9caa436
Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8587
MD5 | 60527f7fa635a3aa1bf0b3ea132bd026
Trend Micro Threat Discovery Appliance 2.6.1062r1 hotfix_upload.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a hotfix_upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8588
MD5 | e421113779124b966d2a378961176ec1
Page 1 of 6
Back12345Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    15 Files
  • 14
    Dec 14th
    14 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close