Twenty Year Anniversary
Showing 1 - 25 of 56 RSS Feed

Files from Matthew Bergin

Email addressmbergin at grapeking.com
First Active2009-11-06
Last Active2018-07-07
HP VAN SDN Controller Root Command Injection
Posted Jul 7, 2018
Authored by Matthew Bergin, wvu | Site metasploit.com

This Metasploit module exploits a hardcoded service token or default credentials in HPE VAN SDN Controller versions 2.7.18.0503 and below to execute a payload as root. A root command injection was discovered in the uninstall action's name parameter, obviating the need to use sudo for privilege escalation. If the service token option TOKEN is blank, USERNAME and PASSWORD will be used for authentication. An additional login request will be sent.

tags | exploit, root
MD5 | eec355d89388bd58e1fea9ab22452024
HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root
Posted Jun 26, 2018
Authored by Matthew Bergin | Site korelogic.com

HP Enterprise VAN SDN Controller version 2.7.18.0503 suffers from an unauthenticated remote root vulnerability. A hard-coded service token can be used to bypass authentication. Built-in functionality can be exploited to deploy and execute a malicious deb file containing a backdoor. A weak sudoers configuration can then be abused to escalate privileges to root. A second issue can be used to deny use of the appliance by continually rebooting it.

tags | exploit, remote, root
MD5 | bf9904ea89edad3e901e6b2663316e90
Sophos UTM 9 loginuser Privilege Escalation
Posted Mar 2, 2018
Authored by Matthew Bergin | Site korelogic.com

Sophos UTM 9 version 9.410 suffers from a loginuser privilege escalation vulnerability.

tags | exploit
MD5 | 394214076f55f7e3c334fbf415512590
Trend Micro IMSVA Management Portal 9.1.0.1600 Authentication Bypass
Posted Feb 9, 2018
Authored by Matthew Bergin | Site korelogic.com

Trend Micro IMSVA Management Portal version 9.1.0.1600 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | d82d45e882b2eb1faa1bb688364f31a9
NetEx HyperIP 6.1.0 Local File Inclusion
Posted Feb 9, 2018
Authored by Matthew Bergin | Site korelogic.com

NetEx HyperIP version 6.1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | dc0775578f64cf741c26e424c44b03f5
NetEx HyperIP 6.1.0 Privilege Escalation
Posted Feb 9, 2018
Authored by Matthew Bergin | Site korelogic.com

NetEx HyperIP version 6.1.0 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | fee902572b3925955cbd9d64820c62f9
NetEx HyperIP 6.1.0 Post-Auth Command Execution
Posted Feb 9, 2018
Authored by Matthew Bergin | Site korelogic.com

NetEx HyperIP version 6.1.0 suffers from a post-authentication command execution vulnerability.

tags | exploit
MD5 | 80d93fa64c37b062c3c6cc3a74d00cdf
NetEx HyperIP 6.1.0 Authentication Bypass
Posted Feb 9, 2018
Authored by Matthew Bergin | Site korelogic.com

NetEx HyperIP version 6.1.0 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 277d52048cffd60814568116ed7bd4b4
Sophos Web Gateway 4.4.1 Cross Site Scripting
Posted Jan 26, 2018
Authored by Matthew Bergin | Site korelogic.com

Sophos Web Gateway version 4.4.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, web, xss
MD5 | 45f65498ed379818369f240076c5d2c3
Sophos UTM 9 Management Appplication Local File Inclusion
Posted Oct 25, 2017
Authored by Matthew Bergin | Site korelogic.com

Sophos UTM 9 suffers from a local file inclusion vulnerability. Version 9.410 is affected.

tags | exploit, local, file inclusion
MD5 | 9dd2a9188e82f74e56570b54972a43c5
Sophos UTM 9 loginuser Privilege Escalation Via Insecure Directory Permissions
Posted Oct 25, 2017
Authored by Matthew Bergin | Site korelogic.com

Sophos UTM 9 suffers from a loginuser privilege escalation vulnerability via insecure directory permissions. Version 9.410 is affected.

tags | exploit
MD5 | 56206e25a52b7c734995d01109f5f28c
Sonicwall WXA5000 1.3.2-10-30 Console Jail Escape / Privilege Escalation
Posted Oct 25, 2017
Authored by Matthew Bergin | Site korelogic.com

Sonicwall WXA5000 version 1.3.2-10-30 suffers from console jail escape and privilege escalation vulnerabilities.

tags | exploit, vulnerability
MD5 | 96ae20044a39b528b9cd3c1fe1e9bab9
Infoblox NetMRI VM-AD30-5C6CE Factory Reset Persistence
Posted Oct 25, 2017
Authored by Matthew Bergin | Site korelogic.com

Infoblox NetMRI version VM-AD30-5C6CE suffers from an administration shell factory reset persistence vulnerability.

tags | exploit, shell
MD5 | 3d645a515c1de250781ae9cab7fd9d5c
Infoblox NetMRI 7.1.4 Shell Escape / Privilege Escalation
Posted Oct 25, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

Infoblox NetMRI versions 7.1.2 through 7.1.4 suffer from administration shell escape and privilege escalation vulnerabilities.

tags | exploit, shell, vulnerability
MD5 | b723ed326bd04aa156050b80d0b7a39f
Solarwinds LEM 6.3.1 Hardcoded Credentials
Posted Jul 7, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has hard-coded credentials.

tags | exploit
MD5 | ea71b65684154ffd99e1bd069f695c0a
Barracuda WAF V360 Firmware 8.0.1.014 Support Tunnel Hijack
Posted Jul 7, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

Barracuda WAF V360 with firmware 8.0.1.014 suffers from a support tunnel hijacking vulnerability.

tags | exploit
MD5 | 25834f424ff04c0e96e8ca47d4c3bc69
Barracuda WAF V360 Firmware 8.0.1.014 Username / Session ID Leak
Posted Jul 6, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

The Barracuda WAF management application transmits the current user and session identifier over HTTP GET. Firmware version 8.0.1.014 is affected.

tags | exploit, web
MD5 | 6a4ac3abbfee6355517319f7d35839ce
Barracuda WAF V360 Firmware 8.0.1.014 Grub Password Complexity
Posted Jul 6, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

The grub password for all Barracuda WAF V360 virtual appliances is four characters in length and, as a result, may be trivially easy to crack. Firmware version 8.0.1.014 is affected.

tags | exploit
MD5 | 457c2a997735435dfef8ab76ca6ff141
Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure
Posted Jul 6, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development tools were discovered on the affected partitions. Some of these contained sensitive information such as authentication credentials used by internal developers. Firmware version 8.0.1.014 is affected.

tags | exploit, web
MD5 | 294601501b6c14d834d8d86848392759
Barracuda WAF V360 Firmware 8.0.1.014 Early Boot Root Shell
Posted Jul 6, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

Firmware reversing of the Barracuda Web Application Firewall uncovered debug features that should have been removed on the production images. Appending a debugging statement onto a grub configuration line leads to an early boot root shell. Firmware version 8.0.1.014 is affected.

tags | exploit, web, shell, root
MD5 | f6f41f262997fb113e39f15d6d42c39c
Solarwinds LEM 6.3.1 Hardcoded Credentials
Posted Apr 24, 2017
Authored by Matthew Bergin | Site korelogic.com

The Postgres database on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has default hardcoded credentials. While some security measures were taken to ensure that network connectivity to the Postgres database wouldn't be possible using IPv4, the same measures were not taken for IPv6.

tags | exploit
MD5 | 4e7e118ac368bf03b24ea4b720727c1b
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file system into the editor. An attacker can abuse this to read arbitrary files within the allowed permissions.

tags | exploit, arbitrary, shell, local
MD5 | f78a6aa709d515f34ff4063017a41667
Solarwinds LEM 6.3.1 Shell Escape Command Injection
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

Insufficient input validation in the management interface can be leveraged in order to execute arbitrary commands. This can lead to (root) shell access to the underlying operating system on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.

tags | exploit, arbitrary, shell, root
MD5 | c05724ef34080811a5c98ed6a6d254cf
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

An attacker can abuse functionality provided by a script which may be run with root privilege in order to elevate privilege on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.

tags | exploit, root
MD5 | 373e116e19d72c8737a256839ddaab81
Solarwinds LEM 6.3.1 Sudo Privilege Escalation
Posted Apr 24, 2017
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

Due to lax filesystem permissions, an attacker can take control of a hardcoded sudo path in order to execute commands as a privileged user on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.

tags | exploit
MD5 | 1275e7426a10e7559160b95e00abed97
Page 1 of 3
Back123Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    11 Files
  • 21
    Jul 21st
    1 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close