what you don't know can hurt you
Showing 1 - 16 of 16 RSS Feed

Files from Rob Kraus

Email addressrobkraus at solutionary.com
First Active2010-01-26
Last Active2012-08-09
NetDecision 4.2 TFTP Writable Directory Traversal Execution
Posted Aug 9, 2012
Authored by Rob Kraus, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in NetDecision 4.2 TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of user executing the TFTP Server.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2009-1730, OSVDB-54607
MD5 | 50854cb971dc87b2cb4c48dcf38444d5
D-Link DIR-601 Directory Traversal
Posted Jan 25, 2012
Authored by Rob Kraus | Site solutionary.com

D-Link DIR-601 suffers from a tftp related directory traversal vulnerability.

tags | advisory
MD5 | e834eb0071d2f83454670f7ea6966f65
NetSaro Enterprise Messenger Server Code Disclosure
Posted Aug 25, 2011
Authored by Rob Kraus | Site solutionary.com

A vulnerability exists in the NetSaro Enterprise Messenger Server Administration Console allowing a remote attacker to obtain unauthenticated access to the applications source code. Attackers may make HTTP GET requests and append a Null Byte to allow download of the source code for the applications web pages. An attacker does not need to authenticate to obtain access to source code for pages that usually require authentication prior to viewing.

tags | advisory, remote, web
MD5 | 7b49b43698a2dd6a893cb299575f393d
NetSaro Enterprise Messenger Server Plaintext Password Storage
Posted Aug 16, 2011
Authored by Rob Kraus | Site solutionary.com

A vulnerability exists in the NetSaro Enterprise Messenger Server application allowing an attacker to obtain access to plaintext usernames and passwords. The stored passwords are used to authenticate users running the NetSaro Enterprise Client connecting to the server. This is a second level attack that requires access to the password files stored within the application root directory. An attacker who has previously compromised the host operating system or gained direct access to the NetSaro.fdb database file found in the "NetSaro Enterprise ServerDb" directory can obtain the user credentials using readily available tools.

tags | advisory, root
MD5 | 39a2c7ea8cdcd4022bab807d3cda1e2d
NetSaro Enterprise Manager Server Weak Cryptographic Storage
Posted Aug 16, 2011
Authored by Rob Kraus | Site solutionary.com

A vulnerability exists in the NetSaro Enterprise Messenger Server application allowing an attacker to easily decrypt passwords used to authenticate to the application. The application implements Base64 encoding to obfuscate the values of plaintext passwords used for logging into the server administration console. This is a second level attack that requires access to the password files stored within the application root directory. An attacker who has previously compromised the host operating system or achieved direct access to the configuration.xml file found in the "NetSaro Enterprise Server" directory can obtain the encoded user credentials and decrypt them using readily available Base64 decoding tools.

tags | advisory, root
MD5 | e671904d60de6a02295bef5fe8e2846b
Foxit Reader Insecure Library Loading
Posted Jul 21, 2011
Authored by Rob Kraus | Site solutionary.com

Foxit Reader is vulnerable to a insecure library loading vulnerability. The libraries identified as being vulnerable are dwmapi.dll, dwrite.dll and msdrm.dll.

tags | advisory
MD5 | 5f49cb9b9c74f6824f344ca672e0d97b
PDFill PDF Editor 8.0 Insecure Library Loading
Posted Jun 9, 2011
Authored by Rob Kraus | Site solutionary.com

PDFill PDF Editor version 8.0 suffers from an insecure library loading vulnerability.

tags | advisory
MD5 | 706f0d7e7d5c625798c43a9f1540fd4f
CodeMeter WebAdmin 3.30 / 4.30 Cross Site Scripting
Posted Jun 1, 2011
Authored by Rob Kraus | Site solutionary.com

CodeMeter WebAdmin versions 3.30 and 4.30 suffer from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | b834b65b3c48ade728b6feab1dcc9e22
Sonexis ConferenceManager 9.2.11.0 / 9.3.14.0 Cross Site Scripting
Posted Apr 6, 2011
Authored by Rob Kraus | Site solutionary.com

Sonexis ConferenceManager versions 9.2.11.0 and 9.3.14.0 suffer from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
MD5 | 7ce913cfff4bfb0876221f844c1b73a4
Sonexis ConferenceManager 9.3.14.0 SQL Injection
Posted Apr 6, 2011
Authored by Rob Kraus, Paul Petefish | Site solutionary.com

Sonexis ConferenceManager version 9.3.14.0 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
MD5 | 5562ddb1be442c059d610fff73f83ffe
Tembria Server Monitor Weak Cryptographic Password Storage
Posted Feb 15, 2011
Authored by Rob Kraus | Site solutionary.com

A vulnerability exists in the Tembria Server Monitor application allowing an attacker to easily decrypt usernames and passwords used to authenticate to the application. This is a second level attack that requires access to the password files stored within the application directory.

tags | advisory
MD5 | 0f01e6c7de37ce973f94c68b6d6d42a0
Tembria Server Monitor Cross Site Scripting
Posted Feb 15, 2011
Authored by Rob Kraus, Jose R. Hernandez | Site solutionary.com

Tembria Server Monitor suffers from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
MD5 | 5eb079ae5593eae0d344572399df6e4e
ManageEngine EventLog Analyzer 6.1 Cross Site Scripting
Posted Dec 11, 2010
Authored by Rob Kraus, Jose R. Hernandez | Site solutionary.com

ManageEngine EventLog Analyzer version 6.1 suffers from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
MD5 | c4f4a5202a60704a92f1220eb84cff49
Novell Vibe 3 BETA OnPrem Stored Cross Site Scripting
Posted Dec 10, 2010
Authored by Rob Kraus, Paul Petefish | Site solutionary.com

Novell Vibe version 3 BETA OnPrem suffers from a stored cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2010-4322
MD5 | 0adf2e6995648c6c875ed90eec59aec1
ManageEngine EventLog Analyzer 6.1 Denial Of Service
Posted Dec 10, 2010
Authored by Rob Kraus, Jose R. Hernandez | Site solutionary.com

ManageEngine EventLog Analyzer version 6.1 suffers from a syslog related denial of service vulnerability.

tags | advisory, denial of service
MD5 | 50700c4e82b5c4a4d2f4678daeee5fab
Digital Defense VRT Advisory 2009.27
Posted Jan 26, 2010
Authored by Digital Defense, r@b13$, Chris Graham, Rob Kraus

The login page of the F2L-3000 version 4.0.0 is vulnerable to SQL Injection. Exploitation of the vulnerability may allow attackers tobypass authentication and access sensitive information stored on the device.

tags | advisory, sql injection
MD5 | 65fa30f3ed6a05bafcd2835c26e753a1
Page 1 of 1
Back1Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close