exploit the possibilities
Showing 1 - 25 of 27 RSS Feed

Files from Roberto Paleari

Email addressroberto at greyhats.it
First Active2011-05-17
Last Active2017-10-25
Netgear DGN1000 Setup.cgi Remote Command Execution
Posted Oct 25, 2017
Authored by Roberto Paleari | Site metasploit.com

This Metasploit module exploits an unauthenticated OS command execution vulnerability in the setup.cgi file in Netgear DGN1000 firmware versions up to 1.1.00.48, and DGN2000v1 models.

tags | exploit, cgi
MD5 | ca19c9ae7f1297c6b3244ef66e8bdb35
OS X 10.10 Bluetooth TransferACLPacketToHW Crash Proof Of Concept
Posted Jan 14, 2015
Authored by Roberto Paleari, Aristide Fattori

OS X 10.10 Bluetooth TransferACLPacketToHW crash denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
systems | apple, osx
MD5 | b28b89f26716b773453022ae7d120040
OS X 10.10 Bluetooth BluetoothHCIChangeLocalName Crash Proof Of Concept
Posted Jan 14, 2015
Authored by Roberto Paleari, Aristide Fattori

OS X 10.10 Bluetooth BluetoothHCIChangeLocalName crash denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
systems | apple, osx
MD5 | 0b6ab5736daeb91b4ab4c833f93e3251
OS X 10.10 Bluetooth DispatchHCIWriteStoredLinkKey Crash Proof Of Concept
Posted Jan 14, 2015
Authored by Roberto Paleari, Aristide Fattori

OS X 10.10 Bluetooth DispatchHCIWriteStoredLinkKey crash denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
systems | apple, osx
MD5 | 3736f50cacae65e4e143100016962951
OS X 10.10 Bluetooth DispatchHCICreateConnection Crash Proof Of Concept
Posted Jan 14, 2015
Authored by Roberto Paleari, Aristide Fattori

OS X 10.10 Bluetooth DispatchHCICreateConnection crash denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
systems | apple, osx
MD5 | 3533c4f20123f34f29b2e7242dcb7404
Mac OS X Mavericks IOBluetoothHCIUserClient Privilege Escalation
Posted Nov 3, 2014
Authored by Roberto Paleari, Aristide Fattori

This proof of concept exploits a missing sign check in IOBluetoothHCIUserClient::SimpleDispatchWL() on Mac OS X Mavericks.

tags | exploit, proof of concept
systems | apple, osx
MD5 | e5b206d87c9ccb563fc84bccb0d2df66
Techboard/Syac Backdoor Access
Posted Jul 7, 2014
Authored by Roberto Paleari, Luca Giancane

Techboard/Syac DigiEye 3G devices suffer from a backdoor access vulnerability.

tags | advisory
MD5 | f45510cb98d7b54ec52f0117d29f6fc1
D-Link authentication.cgi Buffer Overflow
Posted Jun 24, 2014
Authored by Craig Heffner, Roberto Paleari | Site metasploit.com

This Metasploit module exploits an remote buffer overflow vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the authentication.cgi with long password values. The vulnerability can be exploitable without authentication. This Metasploit module has been tested successfully on D-Link firmware DIR645A1_FW103B11. Other firmwares such as the DIR865LA1_FW101b06 and DIR845LA1_FW100b20 are also vulnerable.

tags | exploit, remote, web, overflow, cgi
advisories | OSVDB-95951
MD5 | e86843e76fd74450b6a58bebe5f22c7f
D-Link hedwig.cgi Buffer Overflow in Cookie Header
Posted Jun 24, 2014
Authored by Craig Heffner, Roberto Paleari | Site metasploit.com

This Metasploit module exploits an anonymous remote code execution vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the hedwig.cgi with long value cookies. This Metasploit module has been tested successfully on D-Link DIR300v2.14, DIR600 and the DIR645A1_FW103B11 firmware.

tags | exploit, remote, web, cgi, code execution
advisories | OSVDB-95950
MD5 | f42a41ed103516610ddf009f7f6aba79
Sitecom WLR-4000 / WLR-4001 Weak Encryption / Predictable WPA Key
Posted Apr 24, 2014
Authored by Roberto Paleari, Alessandro Di Pinto

Sitecom WLR-4000 and WLR-4004 both v1 001 suffer from weak firmware encryption and have a predictable WPA key.

tags | advisory
MD5 | 20d289e7118d80e4b2d302813a139c47
Sitecom N300 / N600 Access Bypass
Posted Aug 19, 2013
Authored by Roberto Paleari, Alessandro Di Pinto

Sitecom N300 and N600 devices suffer from multiple issues that allow for access bypass. These include an undocumented telnet service, weak WPA2 password generation, and hard-coded credentials.

tags | exploit, bypass
MD5 | e5c1ad2ae8ab2031a7607eca1478c472
Huawei B153 3G/UMTS Router WPS Weakness
Posted Aug 6, 2013
Authored by Roberto Paleari, Alessandro Di Pinto

The Huawei B153 3G/UMTS router suffers from a WPS weakness that allows for authentication bypass.

tags | advisory
MD5 | 86b3b9d185e91d0ea29c5a4ccd47a24e
D-Link DIR-645 Buffer Overflow / Cross Site Scripting
Posted Aug 2, 2013
Authored by Roberto Paleari

D-Link DIR-645 devices suffer from buffer overflow and cross site scripting vulnerabilities.

tags | exploit, overflow, vulnerability, xss
MD5 | 38e7a18c34392ffd2cf78fc889e126df
3S Vision / Asante Voyager / ALinking Hardcoded Accounts
Posted Jul 11, 2013
Authored by Roberto Paleari

Multiple cameras suffer from having hardcoded backdoor accounts allowing for authentication bypass and code execution. Included are various 3S Vision, Asante Voyager, and ALinking cameras.

tags | exploit, code execution, bypass
MD5 | efd03fd950e672a04f7ab936cbae9555
Netgear DGN Authentication Bypass / Command Execution
Posted Jun 3, 2013
Authored by Roberto Paleari

Netgear DGN1000 with firmware version prior to 1.1.00.48 and Netgear DGN2200 version 1 suffer from authentication bypass and command execution vulnerabilities.

tags | exploit, vulnerability, bypass
MD5 | e998700ff9d13aad687168abc14751dc
Huawei SNMPv3 Buffer Overflow
Posted May 6, 2013
Authored by Roberto Paleari

The Huawei AR1220 SNMPv3 service suffers from multiple buffer overflow vulnerabilities. Proof of concept code included.

tags | exploit, overflow, vulnerability, proof of concept
MD5 | 86436e62359602a15af7fee2e49ba701
Sitecom WLM-3500 Backdoor Accounts
Posted Apr 17, 2013
Authored by Roberto Paleari

Sitecom WLM-3500 routers contain an undocumented access backdoor that can be abused to bypass existing authentication mechanisms.

tags | exploit
MD5 | 6014d16e70c824da6e2c7ea844dd8977
Netgear WNR1000 Authentication Bypass
Posted Mar 30, 2013
Authored by Roberto Paleari

Netgear WNR1000 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 1da8155c7c2e479cd819b6144972d9d0
D-Link DIR-645 Authentication Bypass
Posted Feb 28, 2013
Authored by Roberto Paleari

D-Link DIR-645 devices suffer from a direct access authentication bypass vulnerability.

tags | exploit, bypass
MD5 | d7b5095d749258932d4e7f5c6ea41d4d
D-Link DCS Cameras Authentication Bypass / Command Execution
Posted Jan 30, 2013
Authored by Roberto Paleari

D-Link DCS Cameras suffer from authentication bypass and remote command execution vulnerabilities due to a remote information disclosure of the configuration.

tags | exploit, remote, vulnerability, bypass, info disclosure
MD5 | 642656ca4ec5d96fced2505285154136
Huawei Weak Password Encryption
Posted Nov 13, 2012
Authored by Roberto Paleari, Ivan Speziale

Various Huawei products use DES without any salt to encrypt passwords. Included vulnerable are the Huawei Quidway series and Huawei CX600.

tags | advisory
MD5 | 54b7c7c6ad4ab4794f84139284813563
BigPond 3G21WB Hardcoded Credentials / Command Injection
Posted Oct 12, 2012
Authored by Roberto Paleari

BigPond version 3G21WB suffers from hard-coded credentials and command injection vulnerabilities.

tags | exploit, vulnerability
MD5 | 9cbd70f601cd8300741d880cede1fe6d
Ezylog Photovoltaic Management SQL Injection / Command Injection
Posted Sep 11, 2012
Authored by Roberto Paleari, Ivan Speziale

Ezylog Photovoltaic Management Server suffers from remote SQL injection, broken session management, hard-coded credential, and command injection vulnerabilities. The vendor has ignored the researcher.

tags | exploit, remote, vulnerability, sql injection
MD5 | 44976115ea80d4563b2b03498ed76678
D-Link ShareCenter Remote Code Execution
Posted Feb 8, 2012
Authored by Roberto Paleari

This advisory expands on a previously known authentication bypass issue in D-Link ShareCenter products. It documents how the vulnerability can also be leveraged to execute arbitrary commands.

tags | exploit, arbitrary
MD5 | 06fa0d9c39511097e8437a93c0612c60
ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 Administrative Access
Posted Oct 12, 2011
Authored by Roberto Paleari

ZOHO ManageEngine ADSelfService Plus version 4.5 Build 4521 suffers from an authentication bypass vulnerability.

tags | exploit, add administrator, bypass
advisories | CVE-2011-3485
MD5 | abcd383152e6364b34f539834b8b96b6
Page 1 of 2
Back12Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    6 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close