exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files from Stefan Viehbock

First Active2011-12-29
Last Active2019-11-26
FortiOS 6.0.6 / FortiClientWindows 6.0.6 / FortiClientMac 6.2.1 XOR Encryption
Posted Nov 26, 2019
Authored by Stefan Viehbock | Site sec-consult.com

Fortinet products, including FortiGate and Forticlient, regularly send information to Fortinet servers using XOR "encryption" with a static key. FortiClientWindows versions 6.0.6 and below, and FortiClientMac versions 6.2.1 and below. After this advisory was released, Fortinet has confirmed that only FortiOS version 6.2.0 includes the patch.

tags | exploit
advisories | CVE-2018-9195
MD5 | 9d942ec809afdd8e4584b2dfc2667c2f
XMeye P2P Cloud Remote Code Execution / Integrity Issues
Posted Oct 10, 2018
Authored by Stefan Viehbock | Site sec-consult.com

XMeye P2P Cloud used with Xiongmai IP Cameras, NVRs and DVRs suffer from predictable Cloud IDs, default admin password, and various other issues that can result in remote code execution.

tags | exploit, remote, code execution
advisories | CVE-2018-17915, CVE-2018-17917, CVE-2018-17919
MD5 | a15fae239526f5d8cd72ff3aed5b1d4c
FortiGate SSL VPN Portal 5.x Cross Site Scripting
Posted Dec 4, 2017
Authored by Stefan Viehbock | Site sec-consult.com

FortiGate SSL VPN Portal versions 5.6.2 and below, 5.4.6 and below, 5.2.12 and below, and 5.0 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-14186
MD5 | 326f6888433930a05fa0eaf4edd6db42
WiMAX CPE Authentication Bypass
Posted Jun 7, 2017
Authored by Stefan Viehbock | Site sec-consult.com

Various WiMAX CPEs are vulnerable to an authentication bypass. An attacker can set arbitrary configuration values without prior authentication. The vulnerability is located in commit2.cgi (implemented in libmtk_httpd_plugin.so).

tags | exploit, arbitrary, cgi
MD5 | cd86304aec43ab3feeb8080444d44eba
Sony IPELA ENGINE IP Cameras Backdoor Accounts
Posted Dec 6, 2016
Authored by Stefan Viehbock | Site sec-consult.com

Sony IPELA ENGINE IP Cameras contain multiple backdoors that, among other functionality, allow an attacker to enable the Telnet/SSH service for remote administration over the network. Other available functionality may have undesired effects to the camera image quality or other camera functionality. After enabling Telnet/SSH, another backdoor allows an attacker to gain access to a Linux shell with root privileges.

tags | exploit, remote, shell, root
systems | linux
MD5 | 4de5c510fc38fb6a30c60e297e892ce3
Aruba Networks / Alcatel-Lucent Private Key Disclosure
Posted Sep 6, 2016
Authored by Stefan Viehbock | Site sec-consult.com

Various Aruba Networks and Alcatel-Lucent products have a private key for a browser-trusted certificate embedded in firmware.

tags | exploit
MD5 | 2bcaeda20daeb354c30c87179b7f74f2
Ubiquiti Networks Hardcoded Keys / Remote Management
Posted Nov 5, 2015
Authored by Stefan Viehbock | Site sec-consult.com

Various Ubiquiti Networks products suffer from having hardcoded keys and also having remote management interfaces enabled that can be leveraged by these credentials.

tags | exploit, remote
MD5 | 798c3baf0730c8d5707356ccbd8c96f9
NetUSB Stack Buffer Overflow
Posted Oct 10, 2015
Authored by Stefan Viehbock | Site sec-consult.com

NetUSB stack buffer overflow denial of service exploit.

tags | exploit, denial of service, overflow
advisories | CVE-2015-3036
MD5 | 208b1ef93b9b7964d1e9e55b7139989e
KCodes NetUSB Buffer Overflow
Posted May 21, 2015
Authored by Stefan Viehbock | Site sec-consult.com

KCodes NetUSB suffers from a kernel stack buffer overflow vulnerability.

tags | advisory, overflow, kernel
advisories | CVE-2015-3036
MD5 | 2c9b512013df0c3329d23013cf4edc6f
TP-LINK Local File Disclosure
Posted Apr 10, 2015
Authored by Stefan Viehbock | Site sec-consult.com

Multiple TP-LINK products suffer from a local file disclosure vulnerability.

tags | exploit, local
advisories | CVE-2015-3035
MD5 | 64365844e37da0b003f56f54e4464af0
Symantec SDCS:SA / SCSP XSS / Bypass / SQL Injection / Disclosure
Posted Jan 22, 2015
Authored by Stefan Viehbock | Site sec-consult.com

Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP) suffer from cross site scripting, remote SQL injection, information disclosure, and policy bypass vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, info disclosure
advisories | CVE-2014-7289, CVE-2014-9224, CVE-2014-9225, CVE-2014-9226
MD5 | ce7ad911e7bff54035b13d0c3f8ae997
VDG Security SENSE 2.3.13 File Disclosure / Bypass / Buffer Overflow
Posted Dec 19, 2014
Authored by Stefan Viehbock | Site sec-consult.com

VDG Security SENSE version 2.3.13 suffers from buffer overflow, authentication bypass, file disclosure, password disclosure, and information leakage vulnerabilities.

tags | exploit, overflow, vulnerability
MD5 | 0157945edec568b0f555ed2eb945c2e4
Symantec Endpoint Protection Manager Remote Command Execution
Posted Feb 26, 2014
Authored by Chris Graham, Stefan Viehbock | Site metasploit.com

This Metasploit module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager versions 11.0, 12.0 and 12.1. When supplying a specially crafted XXE request an attacker can reach SQL injection affected components. As xp_cmdshell is enabled in the included database instance, it's possible to execute arbitrary system commands on the remote system with SYSTEM privileges.

tags | exploit, remote, arbitrary, sql injection, xxe
advisories | CVE-2013-5014, CVE-2013-5015
MD5 | 3d5e8769437aef3160d16a8ac935fe7c
Symantec Messaging Gateway 9.5 Default SSH Password
Posted Sep 6, 2012
Authored by Ben Williams, sinn3r, Stefan Viehbock | Site metasploit.com

This Metasploit module exploits a default misconfiguration flaw on Symantec Messaging Gateway. The 'support' user has a known default password, which can be used to login to the SSH service, and gain privileged access from remote.

tags | exploit, remote
advisories | CVE-2012-3579, OSVDB-85028
MD5 | 863c340d7696860e8e64d03efd4da61e
Symantec Messaging Gateway 9.5.x Support Backdoor
Posted Aug 30, 2012
Authored by Stefan Viehbock | Site sec-consult.com

Symantec Messaging Gateway version 9.5.x suffers from a vendor-supplied backdoor vulnerability. By default the 'support' user is enabled and uses an insecure password. This user is not visible in the web interface and therefore cannot be disabled. As the appliance provides a SSH daemon on all interfaces, this account can be used to gain remote shell access on the device.

tags | advisory, remote, web, shell
MD5 | 2abb36076a2b7977e7a2ddc3ed3ed632
Brute Forcing Wi-Fi Protected Setup
Posted Dec 29, 2011
Authored by Stefan Viehbock

This paper discusses a vulnerability in WPS that allows attackers to recover WPA/WPA2 keys in a matter of hours.

tags | paper, wireless
MD5 | 795e111de4ff159c05752bfb679f8945
Page 1 of 1

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    7 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By