exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files from Rob Kraus

Email addressrobkraus at solutionary.com
First Active2010-01-26
Last Active2012-08-09
NetDecision 4.2 TFTP Writable Directory Traversal Execution
Posted Aug 9, 2012
Authored by Rob Kraus, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in NetDecision 4.2 TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of user executing the TFTP Server.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2009-1730, OSVDB-54607
SHA-256 | 0d13cee7943b511e1894639ec337c177f0900b866756b484b6bf6fa8eab38bed
D-Link DIR-601 Directory Traversal
Posted Jan 25, 2012
Authored by Rob Kraus | Site solutionary.com

D-Link DIR-601 suffers from a tftp related directory traversal vulnerability.

tags | advisory
SHA-256 | c2341be3374f364db4886f7f9c73cd038eea6bb969288bf41618374a371eccf2
NetSaro Enterprise Messenger Server Code Disclosure
Posted Aug 25, 2011
Authored by Rob Kraus | Site solutionary.com

A vulnerability exists in the NetSaro Enterprise Messenger Server Administration Console allowing a remote attacker to obtain unauthenticated access to the applications source code. Attackers may make HTTP GET requests and append a Null Byte to allow download of the source code for the applications web pages. An attacker does not need to authenticate to obtain access to source code for pages that usually require authentication prior to viewing.

tags | advisory, remote, web
SHA-256 | 1231ae3590ce9f439d6b83bc44f312d176de967ea3fd246651485e8e72f9d537
NetSaro Enterprise Messenger Server Plaintext Password Storage
Posted Aug 16, 2011
Authored by Rob Kraus | Site solutionary.com

A vulnerability exists in the NetSaro Enterprise Messenger Server application allowing an attacker to obtain access to plaintext usernames and passwords. The stored passwords are used to authenticate users running the NetSaro Enterprise Client connecting to the server. This is a second level attack that requires access to the password files stored within the application root directory. An attacker who has previously compromised the host operating system or gained direct access to the NetSaro.fdb database file found in the "NetSaro Enterprise ServerDb" directory can obtain the user credentials using readily available tools.

tags | advisory, root
SHA-256 | 5cbcfb103f656ef50499195011ab3f297cb4532d146aa664ccd91c09612fe813
NetSaro Enterprise Manager Server Weak Cryptographic Storage
Posted Aug 16, 2011
Authored by Rob Kraus | Site solutionary.com

A vulnerability exists in the NetSaro Enterprise Messenger Server application allowing an attacker to easily decrypt passwords used to authenticate to the application. The application implements Base64 encoding to obfuscate the values of plaintext passwords used for logging into the server administration console. This is a second level attack that requires access to the password files stored within the application root directory. An attacker who has previously compromised the host operating system or achieved direct access to the configuration.xml file found in the "NetSaro Enterprise Server" directory can obtain the encoded user credentials and decrypt them using readily available Base64 decoding tools.

tags | advisory, root
SHA-256 | 1e5e9c85c5226e719db82524ba8e52dd4a1526c77d534b61ca30a522f9e623ab
Foxit Reader Insecure Library Loading
Posted Jul 21, 2011
Authored by Rob Kraus | Site solutionary.com

Foxit Reader is vulnerable to a insecure library loading vulnerability. The libraries identified as being vulnerable are dwmapi.dll, dwrite.dll and msdrm.dll.

tags | advisory
SHA-256 | 047e3c204e5c287be970d65194e080c2be858894ecf54e106bd21d7be1137d5f
PDFill PDF Editor 8.0 Insecure Library Loading
Posted Jun 9, 2011
Authored by Rob Kraus | Site solutionary.com

PDFill PDF Editor version 8.0 suffers from an insecure library loading vulnerability.

tags | advisory
SHA-256 | 86766208a90ef69191d151095e97ebd1cdcdf37a7ef654d94d09c148515f3dec
CodeMeter WebAdmin 3.30 / 4.30 Cross Site Scripting
Posted Jun 1, 2011
Authored by Rob Kraus | Site solutionary.com

CodeMeter WebAdmin versions 3.30 and 4.30 suffer from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 37b2d92023e5ba909975303fa7fb686f9e8f69afae90052f86672f0c13a993cc
Sonexis ConferenceManager 9.2.11.0 / 9.3.14.0 Cross Site Scripting
Posted Apr 6, 2011
Authored by Rob Kraus | Site solutionary.com

Sonexis ConferenceManager versions 9.2.11.0 and 9.3.14.0 suffer from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | de6e4d3b5961ca6b8c0771fb8c0bbb98a1eca1d8a74a30f719e8e3999f27a287
Sonexis ConferenceManager 9.3.14.0 SQL Injection
Posted Apr 6, 2011
Authored by Rob Kraus, Paul Petefish | Site solutionary.com

Sonexis ConferenceManager version 9.3.14.0 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
SHA-256 | 37aba3b355976382ff4224b89f1bb3b7b846ece9b9010e83d7b60d3569629382
Tembria Server Monitor Weak Cryptographic Password Storage
Posted Feb 15, 2011
Authored by Rob Kraus | Site solutionary.com

A vulnerability exists in the Tembria Server Monitor application allowing an attacker to easily decrypt usernames and passwords used to authenticate to the application. This is a second level attack that requires access to the password files stored within the application directory.

tags | advisory
SHA-256 | 163a065cfecd676df474c29e1bd95914935a34327f5d1ac24420581f6c99a5ae
Tembria Server Monitor Cross Site Scripting
Posted Feb 15, 2011
Authored by Rob Kraus, Jose R. Hernandez | Site solutionary.com

Tembria Server Monitor suffers from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | bd43f55446ef0b1ec184ba04169d7ae96d5669d34c462d144c86fcb05e1fc3d3
ManageEngine EventLog Analyzer 6.1 Cross Site Scripting
Posted Dec 11, 2010
Authored by Rob Kraus, Jose R. Hernandez | Site solutionary.com

ManageEngine EventLog Analyzer version 6.1 suffers from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | 7cb6e64c640b4ec8752b210b56496188f79b9a7b16c49c12fea64d2fd0b98a37
Novell Vibe 3 BETA OnPrem Stored Cross Site Scripting
Posted Dec 10, 2010
Authored by Rob Kraus, Paul Petefish | Site solutionary.com

Novell Vibe version 3 BETA OnPrem suffers from a stored cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2010-4322
SHA-256 | 38d0853e67710878d23cc032e0905d8715455a8808a2d048463114929f781f0e
ManageEngine EventLog Analyzer 6.1 Denial Of Service
Posted Dec 10, 2010
Authored by Rob Kraus, Jose R. Hernandez | Site solutionary.com

ManageEngine EventLog Analyzer version 6.1 suffers from a syslog related denial of service vulnerability.

tags | advisory, denial of service
SHA-256 | 9f4921e40b2aa8b7483acda6af72d4fa70c77ca1e595b48731a77471bae50f5a
Digital Defense VRT Advisory 2009.27
Posted Jan 26, 2010
Authored by Digital Defense, r@b13$, Chris Graham, Rob Kraus

The login page of the F2L-3000 version 4.0.0 is vulnerable to SQL Injection. Exploitation of the vulnerability may allow attackers tobypass authentication and access sensitive information stored on the device.

tags | advisory, sql injection
SHA-256 | 0aa31d61a17571c0fb1db50bfa89f614672ac6e1de71f37e6ea906313453af1b
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close