Showing 1 - 6 of 6

Files from Peter Adkins

D-Link Cookie Command Execution: Posted Jul 17, 2015; Authored by Michael Messner, Peter Adkins | Site metasploit.com; This Metasploit module exploits an anonymous remote upload and code execution vulnerability on different D-Link devices. The vulnerability is a command injection in the cookie handling process of the lighttpd web server when handling specially crafted cookie values. This Metasploit module has been successfully tested on D-Link DSP-W110A1_FW105B01 in emulated environment.; tags | exploit, remote, web, code execution; SHA-256 | 0775e7d0aff2f6e2825635c995a83bb54708fc9752c08058d2dc8f04aed2e87c; Download | Favorite | View

D-Link DSP-W110 Command Execution / SQL Injection / File Upload: Posted Jun 12, 2015; Authored by Peter Adkins; D-Link DSP-W110 suffers from command execution, remote file upload, and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection, file upload; SHA-256 | 987c2150fb283efdb56ad6e1fe865f4be1e2dd33aa09a56da9ad840d2f12fcee; Download | Favorite | View

D-Link/TRENDnet NCC Service Command Injection: Posted Apr 16, 2015; Authored by Michael Messner, Peter Adkins, Tiago Caetano Henriques | Site metasploit.com; This Metasploit module exploits a remote command injection vulnerability on several routers. The vulnerability exists in the ncc service, while handling ping commands. This Metasploit module has been tested on a DIR-626L emulated environment only. Several D-Link and TRENDnet devices are reported as affected, including: D-Link DIR-626L (Rev A) v1.04b04, D-Link DIR-636L (Rev A) v1.04, D-Link DIR-808L (Rev A) v1.03b05, D-Link DIR-810L (Rev A) v1.01b04, D-Link DIR-810L (Rev B) v2.02b01, D-Link DIR-820L (Rev A) v1.02B10, D-Link DIR-820L (Rev A) v1.05B03, D-Link DIR-820L (Rev B) v2.01b02, D-Link DIR-826L (Rev A) v1.00b23, D-Link DIR-830L (Rev A) v1.00b07, D-Link DIR-836L (Rev A) v1.01b03, and TRENDnet TEW-731BR (Rev 2) v2.01b01; tags | exploit, remote; advisories | CVE-2015-1187; SHA-256 | 35d9cdabfd053fc6c2ff7f2de254f832a73dc49048156c4f453d8ba4b3f21bc9; Download | Favorite | View

D-Link / TRENDnet ncc2 CSRF / Unauthenticated Access: Posted Feb 27, 2015; Authored by Peter Adkins; Multiple D-Link and TRENDnet devices suffer from cross site request forgery and unauthenticated access vulnerabilities. Various proof of concepts included.; tags | exploit, vulnerability, proof of concept, csrf; SHA-256 | d86bc02a0870f2b702d8d6cfe716a8d3945f7125fd82903e1ad431ce4f504b42; Download | Favorite | View

NetGear WNDR Authentication Bypass / Information Disclosure: Posted Feb 13, 2015; Authored by Peter Adkins; A number of NetGear WNDR devices contain an embedded SOAP service that is seemingly for use with the NetGear Genie application. As this SOAP service is implemented by the built-in HTTP / CGI daemon, unauthenticated queries will also be answered over the internet if remote management has been enabled on the device. As a result, affected devices can be interrogated and hijacked with as little as a well placed HTTP query. Proof of concept included.; tags | exploit, remote, web, cgi, proof of concept, bypass, info disclosure; SHA-256 | 34b002a3f907250f8f492040b56ddae24228180c80888d6f1fb7b330a3c1d5ba; Download | Favorite | View

Cisco Nexus OS (NX-OS) Command Injection: Posted Oct 25, 2011; Authored by Peter Adkins; Cisco Nexus OS (NX-OS) suffers from command injection and sanitization issues. Nexus 7000, 5000, 4000, 3000, 2000, and 1000V are all affected. MDS and UCS are also affected. Local access is required.; tags | exploit, local; systems | cisco; advisories | CVE-2011-2569; SHA-256 | 47ed64acbc222f10e010b71d8e52e2cba99ae9f8d77b045062214f7a5253578c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days