Exploit the possiblities
Showing 1 - 25 of 47 RSS Feed

Files from Matthew Bergin

Email addressmbergin at grapeking.com
First Active2009-11-06
Last Active2017-10-25
Sophos UTM 9 Management Appplication Local File Inclusion
Posted Oct 25, 2017
Authored by Matthew Bergin | Site korelogic.com

Sophos UTM 9 suffers from a local file inclusion vulnerability. Version 9.410 is affected.

tags | exploit, local, file inclusion
MD5 | 9dd2a9188e82f74e56570b54972a43c5
Sophos UTM 9 loginuser Privilege Escalation Via Insecure Directory Permissions
Posted Oct 25, 2017
Authored by Matthew Bergin | Site korelogic.com

Sophos UTM 9 suffers from a loginuser privilege escalation vulnerability via insecure directory permissions. Version 9.410 is affected.

tags | exploit
MD5 | 56206e25a52b7c734995d01109f5f28c
Sonicwall WXA5000 1.3.2-10-30 Console Jail Escape / Privilege Escalation
Posted Oct 25, 2017
Authored by Matthew Bergin | Site korelogic.com

Sonicwall WXA5000 version 1.3.2-10-30 suffers from console jail escape and privilege escalation vulnerabilities.

tags | exploit, vulnerability
MD5 | 96ae20044a39b528b9cd3c1fe1e9bab9
Infoblox NetMRI VM-AD30-5C6CE Factory Reset Persistence
Posted Oct 25, 2017
Authored by Matthew Bergin | Site korelogic.com

Infoblox NetMRI version VM-AD30-5C6CE suffers from an administration shell factory reset persistence vulnerability.

tags | exploit, shell
MD5 | 3d645a515c1de250781ae9cab7fd9d5c
Infoblox NetMRI 7.1.4 Shell Escape / Privilege Escalation
Posted Oct 25, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

Infoblox NetMRI versions 7.1.2 through 7.1.4 suffer from administration shell escape and privilege escalation vulnerabilities.

tags | exploit, shell, vulnerability
MD5 | b723ed326bd04aa156050b80d0b7a39f
Solarwinds LEM 6.3.1 Hardcoded Credentials
Posted Jul 7, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has hard-coded credentials.

tags | exploit
MD5 | ea71b65684154ffd99e1bd069f695c0a
Barracuda WAF V360 Firmware 8.0.1.014 Support Tunnel Hijack
Posted Jul 7, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

Barracuda WAF V360 with firmware 8.0.1.014 suffers from a support tunnel hijacking vulnerability.

tags | exploit
MD5 | 25834f424ff04c0e96e8ca47d4c3bc69
Barracuda WAF V360 Firmware 8.0.1.014 Username / Session ID Leak
Posted Jul 6, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

The Barracuda WAF management application transmits the current user and session identifier over HTTP GET. Firmware version 8.0.1.014 is affected.

tags | exploit, web
MD5 | 6a4ac3abbfee6355517319f7d35839ce
Barracuda WAF V360 Firmware 8.0.1.014 Grub Password Complexity
Posted Jul 6, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

The grub password for all Barracuda WAF V360 virtual appliances is four characters in length and, as a result, may be trivially easy to crack. Firmware version 8.0.1.014 is affected.

tags | exploit
MD5 | 457c2a997735435dfef8ab76ca6ff141
Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure
Posted Jul 6, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development tools were discovered on the affected partitions. Some of these contained sensitive information such as authentication credentials used by internal developers. Firmware version 8.0.1.014 is affected.

tags | exploit, web
MD5 | 294601501b6c14d834d8d86848392759
Barracuda WAF V360 Firmware 8.0.1.014 Early Boot Root Shell
Posted Jul 6, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

Firmware reversing of the Barracuda Web Application Firewall uncovered debug features that should have been removed on the production images. Appending a debugging statement onto a grub configuration line leads to an early boot root shell. Firmware version 8.0.1.014 is affected.

tags | exploit, web, shell, root
MD5 | f6f41f262997fb113e39f15d6d42c39c
Solarwinds LEM 6.3.1 Hardcoded Credentials
Posted Apr 24, 2017
Authored by Matthew Bergin | Site korelogic.com

The Postgres database on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has default hardcoded credentials. While some security measures were taken to ensure that network connectivity to the Postgres database wouldn't be possible using IPv4, the same measures were not taken for IPv6.

tags | exploit
MD5 | 4e7e118ac368bf03b24ea4b720727c1b
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file system into the editor. An attacker can abuse this to read arbitrary files within the allowed permissions.

tags | exploit, arbitrary, shell, local
MD5 | f78a6aa709d515f34ff4063017a41667
Solarwinds LEM 6.3.1 Shell Escape Command Injection
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

Insufficient input validation in the management interface can be leveraged in order to execute arbitrary commands. This can lead to (root) shell access to the underlying operating system on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.

tags | exploit, arbitrary, shell, root
MD5 | c05724ef34080811a5c98ed6a6d254cf
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

An attacker can abuse functionality provided by a script which may be run with root privilege in order to elevate privilege on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.

tags | exploit, root
MD5 | 373e116e19d72c8737a256839ddaab81
Solarwinds LEM 6.3.1 Sudo Privilege Escalation
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

Due to lax filesystem permissions, an attacker can take control of a hardcoded sudo path in order to execute commands as a privileged user on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.

tags | exploit
MD5 | 1275e7426a10e7559160b95e00abed97
WatchGuard XTMv 11.12 Build 516911 Cross Site Request Forgery
Posted Mar 12, 2017
Authored by Matthew Bergin | Site korelogic.com

WatchGuard XTMv version 11.12 Build 516911 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | ad7deb56831c221610e30f465a942fa5
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root
Posted Feb 16, 2017
Authored by Matthew Bergin | Site korelogic.com

Trendmicro InterScan version 6.5-SP2_Build_Linux_1548 suffers from a remote root access vulnerability.

tags | exploit, remote, root
MD5 | 78d90f8da9ba9aef6eae0a2854a637cf
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation
Posted Feb 16, 2017
Authored by Matthew Bergin | Site korelogic.com

Trendmicro InterScan version 6.5-SP2_Build_Linux_1548 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2016-9315
MD5 | 5ce914e3260572b2195980677814d9fa
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write
Posted Feb 16, 2017
Authored by Matthew Bergin | Site korelogic.com

Trendmicro InterScan version 6.5-SP2_Build_Linux_1548 suffers from an arbitrary file write vulnerability that can lead to remote command execution.

tags | exploit, remote, arbitrary
MD5 | ee9caf9d54f0336f057d6c6b85138d1a
Sophos Web Appliance 4.2.1.3 Remote Code Execution
Posted Nov 4, 2016
Authored by Matthew Bergin | Site korelogic.com

Sophos Web Appliance version 4.2.1.3 suffers from a remote code execution vulnerability.

tags | exploit, remote, web, code execution
MD5 | 3adb9ce7b7b5f3fb4aeaaae502265d2c
Sophos Web Appliance 4.2.1.3 Privilege Escalation
Posted Nov 4, 2016
Authored by Matthew Bergin | Site korelogic.com

Sophos Web Appliance version 4.2.1.3 suffers from a privilege escalation vulnerability. An unprivileged user can obtain an MD5 hash of the administrator password which can then be used to discover the plain-text password.

tags | exploit, web
MD5 | 1b7c27e92b126973c1d376581151952c
Cisco Firepower Threat Management Console Local File Inclusion
Posted Oct 5, 2016
Authored by Matthew Bergin | Site korelogic.com

Cisco Firepower Threat Management Console suffers from a local file inclusion vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.

tags | exploit, local, file inclusion
systems | cisco, linux
advisories | CVE-2016-6435
MD5 | f66c142008bc325652e1cfe8d2c5ea73
Cisco Firepower Threat Management Command Execution
Posted Oct 5, 2016
Authored by Matthew Bergin | Site korelogic.com

Cisco Firepower Threat Management Console suffers from a remote command execution vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.

tags | exploit, remote
systems | cisco, linux
advisories | CVE-2016-6433
MD5 | b3a07df7474fe7e9d75439898695272a
Cisco Firepower Threat Management Console Denial Of Service
Posted Oct 5, 2016
Authored by Matthew Bergin | Site korelogic.com

Cisco Firepower Threat Management Console suffers from a denial of service vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.

tags | exploit, denial of service
systems | cisco, linux
MD5 | 55b7b9e8a15c6a1f671e6bcf0ad3c869
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close