exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files from Stefan Viehbock

First Active2011-12-29
Last Active2022-02-17
Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control
Posted Feb 17, 2022
Authored by Stefan Viehbock, T. Weber, Gerhard Hechenberger, Steffen Robertz | Site sec-consult.com

Multiple Zyxel devices suffer from buffer overflow, local file disclosure, unsafe storage of sensitive data, command injection, broken access control, symbolic link processing, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, overflow, local, vulnerability, xss, csrf
SHA-256 | 0ba1f45b7a5254a119e2a3aeddf4279392e2e0120fe45790d15563c4eadf7fd2
Schneider Electric EVlink Charging Stations Authentication Bypass / Code Execution
Posted Jul 14, 2021
Authored by Stefan Viehbock | Site sec-consult.com

Multiple Schneider Electric EVlink Charging Stations suffers from authentication bypass and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution
advisories | CVE-2021-22707, CVE-2021-22708
SHA-256 | 261e0a7af24605abbcb498cca0acda8b6897b40daab2471d8fafde95edc1b848
BMD BMDWeb 2.0 Cross Site Scripting
Posted Apr 22, 2021
Authored by Stefan Viehbock | Site sec-consult.com

BMD BMDWeb 2.0 versions prior to 24.01.21 suffer from persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 499c18c38e8687b39167ce9265f6c4cdf83a764a4642327eea6fa7a0feb38768
FortiOS 6.0.6 / FortiClientWindows 6.0.6 / FortiClientMac 6.2.1 XOR Encryption
Posted Nov 26, 2019
Authored by Stefan Viehbock | Site sec-consult.com

Fortinet products, including FortiGate and Forticlient, regularly send information to Fortinet servers using XOR "encryption" with a static key. FortiClientWindows versions 6.0.6 and below, and FortiClientMac versions 6.2.1 and below. After this advisory was released, Fortinet has confirmed that only FortiOS version 6.2.0 includes the patch.

tags | exploit
advisories | CVE-2018-9195
SHA-256 | 8dc47eb79b4cc21fe29d2fa486d30fd36bd9bb27983db8a7c9f4ea84620972f0
XMeye P2P Cloud Remote Code Execution / Integrity Issues
Posted Oct 10, 2018
Authored by Stefan Viehbock | Site sec-consult.com

XMeye P2P Cloud used with Xiongmai IP Cameras, NVRs and DVRs suffer from predictable Cloud IDs, default admin password, and various other issues that can result in remote code execution.

tags | exploit, remote, code execution
advisories | CVE-2018-17915, CVE-2018-17917, CVE-2018-17919
SHA-256 | 91c7dfdf6aeb957aa46e50283fc95205a17b991e8e99993f7b09e7fd6a521bdb
FortiGate SSL VPN Portal 5.x Cross Site Scripting
Posted Dec 4, 2017
Authored by Stefan Viehbock | Site sec-consult.com

FortiGate SSL VPN Portal versions 5.6.2 and below, 5.4.6 and below, 5.2.12 and below, and 5.0 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-14186
SHA-256 | b2d5f1ba485a9729c93cfe8c29db752eb3863fb1cf9c67796c558e28b07dd9e9
WiMAX CPE Authentication Bypass
Posted Jun 7, 2017
Authored by Stefan Viehbock | Site sec-consult.com

Various WiMAX CPEs are vulnerable to an authentication bypass. An attacker can set arbitrary configuration values without prior authentication. The vulnerability is located in commit2.cgi (implemented in libmtk_httpd_plugin.so).

tags | exploit, arbitrary, cgi
SHA-256 | 1c406ac717264e13cef5f2341197c0e2013b4a9fe6fe7c509442d497b4bb32b7
Sony IPELA ENGINE IP Cameras Backdoor Accounts
Posted Dec 6, 2016
Authored by Stefan Viehbock | Site sec-consult.com

Sony IPELA ENGINE IP Cameras contain multiple backdoors that, among other functionality, allow an attacker to enable the Telnet/SSH service for remote administration over the network. Other available functionality may have undesired effects to the camera image quality or other camera functionality. After enabling Telnet/SSH, another backdoor allows an attacker to gain access to a Linux shell with root privileges.

tags | exploit, remote, shell, root
systems | linux
SHA-256 | 22e3af92e387283941072a466bbafa59aa472e2642354166a328c50464384720
Aruba Networks / Alcatel-Lucent Private Key Disclosure
Posted Sep 6, 2016
Authored by Stefan Viehbock | Site sec-consult.com

Various Aruba Networks and Alcatel-Lucent products have a private key for a browser-trusted certificate embedded in firmware.

tags | exploit
SHA-256 | 06c335f955be1dbd40f9923d7ef00304736343ab2994d27937a6c171714debbf
Ubiquiti Networks Hardcoded Keys / Remote Management
Posted Nov 5, 2015
Authored by Stefan Viehbock | Site sec-consult.com

Various Ubiquiti Networks products suffer from having hardcoded keys and also having remote management interfaces enabled that can be leveraged by these credentials.

tags | exploit, remote
SHA-256 | 92721278eb65c5e1f8f671b891d965595191b866fed7ef14a87bd372a6353da0
NetUSB Stack Buffer Overflow
Posted Oct 10, 2015
Authored by Stefan Viehbock | Site sec-consult.com

NetUSB stack buffer overflow denial of service exploit.

tags | exploit, denial of service, overflow
advisories | CVE-2015-3036
SHA-256 | 5442a486e9656c62a01cfaf5fcfda32c973d961030d9fd315377e310ff046fcc
KCodes NetUSB Buffer Overflow
Posted May 21, 2015
Authored by Stefan Viehbock | Site sec-consult.com

KCodes NetUSB suffers from a kernel stack buffer overflow vulnerability.

tags | advisory, overflow, kernel
advisories | CVE-2015-3036
SHA-256 | 23355f32384caa77fd5215fcd1180af3983315488b8385634c6831717e64c2fd
TP-LINK Local File Disclosure
Posted Apr 10, 2015
Authored by Stefan Viehbock | Site sec-consult.com

Multiple TP-LINK products suffer from a local file disclosure vulnerability.

tags | exploit, local
advisories | CVE-2015-3035
SHA-256 | 77dc5766ead42d5a0627853f735788b13644c3d13432f56e13c5ebedd4253fa3
Symantec SDCS:SA / SCSP XSS / Bypass / SQL Injection / Disclosure
Posted Jan 22, 2015
Authored by Stefan Viehbock | Site sec-consult.com

Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP) suffer from cross site scripting, remote SQL injection, information disclosure, and policy bypass vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, info disclosure
advisories | CVE-2014-7289, CVE-2014-9224, CVE-2014-9225, CVE-2014-9226
SHA-256 | c2294e75032fb839b9cb87eecedc88efda3874129c4fc1fbc3e1c516eb643ca7
VDG Security SENSE 2.3.13 File Disclosure / Bypass / Buffer Overflow
Posted Dec 19, 2014
Authored by Stefan Viehbock | Site sec-consult.com

VDG Security SENSE version 2.3.13 suffers from buffer overflow, authentication bypass, file disclosure, password disclosure, and information leakage vulnerabilities.

tags | exploit, overflow, vulnerability
SHA-256 | ac434a1ed45818872cf0689b9c03f2efbd4c708358bf3dc82697edeb0a4ddbf6
Symantec Endpoint Protection Manager Remote Command Execution
Posted Feb 26, 2014
Authored by Chris Graham, Stefan Viehbock | Site metasploit.com

This Metasploit module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager versions 11.0, 12.0 and 12.1. When supplying a specially crafted XXE request an attacker can reach SQL injection affected components. As xp_cmdshell is enabled in the included database instance, it's possible to execute arbitrary system commands on the remote system with SYSTEM privileges.

tags | exploit, remote, arbitrary, sql injection, xxe
advisories | CVE-2013-5014, CVE-2013-5015
SHA-256 | ef19d7abd0e99695337b2df4433d4785cfa21593bd61b704d3aa78a9d8ce5183
Symantec Messaging Gateway 9.5 Default SSH Password
Posted Sep 6, 2012
Authored by Ben Williams, sinn3r, Stefan Viehbock | Site metasploit.com

This Metasploit module exploits a default misconfiguration flaw on Symantec Messaging Gateway. The 'support' user has a known default password, which can be used to login to the SSH service, and gain privileged access from remote.

tags | exploit, remote
advisories | CVE-2012-3579, OSVDB-85028
SHA-256 | a43d27bd69dd1a7e1c0fff3b8a4a24b14573fc751ae1415faf70bc5354e57f89
Symantec Messaging Gateway 9.5.x Support Backdoor
Posted Aug 30, 2012
Authored by Stefan Viehbock | Site sec-consult.com

Symantec Messaging Gateway version 9.5.x suffers from a vendor-supplied backdoor vulnerability. By default the 'support' user is enabled and uses an insecure password. This user is not visible in the web interface and therefore cannot be disabled. As the appliance provides a SSH daemon on all interfaces, this account can be used to gain remote shell access on the device.

tags | advisory, remote, web, shell
SHA-256 | d327098479a9098d90ac2ea33a247a5c26c17c8e26b8959dee707097e490d059
Brute Forcing Wi-Fi Protected Setup
Posted Dec 29, 2011
Authored by Stefan Viehbock

This paper discusses a vulnerability in WPS that allows attackers to recover WPA/WPA2 keys in a matter of hours.

tags | paper, wireless
SHA-256 | 3459acb0683358926b929b6818957b6738776254a54447d79a99c502aad973c3
Page 1 of 1

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By