exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files from Craig Young

Email addressprivate
First Active2013-07-12
Last Active2014-06-06
View User Profile
OpenSSL CVE-2014-0224 Detection Script
Posted Jun 6, 2014
Authored by Craig Young | Site tripwire.com

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. This script tests for that vulnerability.

tags | tool, scanner
systems | unix
advisories | CVE-2014-0224
SHA-256 | f59eadbc19854f9ff9a362ab226550f4d66039b6eae733379588772f630f3b87
NETGEAR ReadyNAS Perl Code Evaluation
Posted Nov 25, 2013
Authored by H D Moore, juan vazquez, Craig Young | Site metasploit.com

This Metasploit module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and 4.1.11. The vulnerability exists on the web fronted, specifically on the np_handler.pl component, due to the insecure usage of the eval() perl function. This Metasploit module has been tested successfully on a NETGEAR ReadyNAS 4.2.23 Firmware emulated environment, not on real hardware.

tags | exploit, web, perl
advisories | CVE-2013-2751, OSVDB-98826
SHA-256 | bde67c6d5bd2eaadf289392fe66c898b1b40583f113cc479740f75c0912c0b93
Netgear ReadyNAS Remote Command Execution
Posted Oct 28, 2013
Authored by anonymous, Craig Young

Proof of concept exploit that demonstrates remote command execution on Netgear ReadyNAS.

tags | exploit, remote, proof of concept
SHA-256 | 7ae30b42d1addf06dce009c2571e44ead9195cf7589aebbb33dbd101756f76dd
Netgear ReadyNAS Complete System Takeover
Posted Oct 23, 2013
Authored by Craig Young | Site tripwire.com

Tripwire Security Advisory 2013-001 - Netgear ReadyNAS suffers from command injection and cross site request forgery vulnerabilities.

tags | advisory, vulnerability, csrf
advisories | CVE-2013-2751, CVE-2013-2752
SHA-256 | b3eefdfb27dbf2c8f6fecde888ea1eb5e5c4319117d673b20584fe6385aacbae
Linksys WRT110 Remote Command Execution
Posted Oct 8, 2013
Authored by juan vazquez, Craig Young, joev | Site metasploit.com

The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.

tags | exploit, web
advisories | CVE-2013-3568
SHA-256 | 44b428488518ed2abeee03160462e56c8203577c382cafa8ace86476e15928be
Linksys WRT110 Remote Command Execution
Posted Sep 20, 2013
Authored by Craig Young | Site metasploit.com

The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.

tags | exploit, web
advisories | CVE-2013-3568
SHA-256 | 5fdabb65539c0e2248afcba9871e415908777fb0b2f288107530f6a551406d99
Loftek CSRF / Memory Dump / Credential Disclosure
Posted Aug 23, 2013
Authored by Craig Young

This archive holds proof of concept code for cross site request forgery, memory dump, and wifi credential disclosure vulnerabilities in Loftek Nexus 543 IP cameras.

tags | exploit, vulnerability, proof of concept, csrf
systems | linux
advisories | CVE-2013-3311, CVE-2013-3312, CVE-2013-3313, CVE-2013-3314
SHA-256 | d8d9a9612f6d40cf5a8de4bce2dac3ab2ab4a787138a95efeac38d560c8a7206
Android Weblogin: Google's Skeleton Key
Posted Aug 8, 2013
Authored by Craig Young

Included in this archive is a presentation of Android Weblogin: Google's Skeleton Key along with various proof of concept code from the talk presented at DefCon 21.

tags | exploit, proof of concept
systems | linux
SHA-256 | 917ef9c7b31e3a0e0835376c951d3aec56779e5a92b79073ee01261b4a737f47
MiniDLNA SQL Injection / Buffer Overflow
Posted Jul 17, 2013
Authored by Craig Young

MiniDLNA versions prior to 1.1.0 suffer from heap-based buffer overflow and remote SQL injection vulnerabilities.

tags | advisory, remote, overflow, vulnerability, sql injection
advisories | CVE-2013-2738, CVE-2013-2739, CVE-2013-2745
SHA-256 | e7d1ebafa357dc3be45f9cf26f26f66c2a057c0cc51364b9154c4436a393da48
SilverStripe CMS Cross Site Scripting
Posted Jul 15, 2013
Authored by Craig Young

SilverStripe CMS decidedly to quietly fix multiple persistent cross site scripting vulnerabilities without informing the public. Fail.

tags | advisory, vulnerability, xss
advisories | CVE-2012-6458
SHA-256 | ba424faa00595576e5473a7a215b946162b069fd5671798ba3d039f2833caee3
Linksys WRT110 Command Injection / CSRF
Posted Jul 12, 2013
Authored by Craig Young

Linksys WRT110 suffers from root shell command injection and cross site request forgery vulnerabilities.

tags | advisory, shell, root, vulnerability, csrf
advisories | CVE-2013-3568
SHA-256 | 850308c35db1a6b6413065eb09749bb1a66bb16d4e5f80c535788b446adada12
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close