Email address | private |
---|---|
First Active | 2013-07-12 |
Last Active | 2014-06-06 |
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. This script tests for that vulnerability.
f59eadbc19854f9ff9a362ab226550f4d66039b6eae733379588772f630f3b87
This Metasploit module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and 4.1.11. The vulnerability exists on the web fronted, specifically on the np_handler.pl component, due to the insecure usage of the eval() perl function. This Metasploit module has been tested successfully on a NETGEAR ReadyNAS 4.2.23 Firmware emulated environment, not on real hardware.
bde67c6d5bd2eaadf289392fe66c898b1b40583f113cc479740f75c0912c0b93
Proof of concept exploit that demonstrates remote command execution on Netgear ReadyNAS.
7ae30b42d1addf06dce009c2571e44ead9195cf7589aebbb33dbd101756f76dd
Tripwire Security Advisory 2013-001 - Netgear ReadyNAS suffers from command injection and cross site request forgery vulnerabilities.
b3eefdfb27dbf2c8f6fecde888ea1eb5e5c4319117d673b20584fe6385aacbae
The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.
44b428488518ed2abeee03160462e56c8203577c382cafa8ace86476e15928be
The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.
5fdabb65539c0e2248afcba9871e415908777fb0b2f288107530f6a551406d99
This archive holds proof of concept code for cross site request forgery, memory dump, and wifi credential disclosure vulnerabilities in Loftek Nexus 543 IP cameras.
d8d9a9612f6d40cf5a8de4bce2dac3ab2ab4a787138a95efeac38d560c8a7206
Included in this archive is a presentation of Android Weblogin: Google's Skeleton Key along with various proof of concept code from the talk presented at DefCon 21.
917ef9c7b31e3a0e0835376c951d3aec56779e5a92b79073ee01261b4a737f47
MiniDLNA versions prior to 1.1.0 suffer from heap-based buffer overflow and remote SQL injection vulnerabilities.
e7d1ebafa357dc3be45f9cf26f26f66c2a057c0cc51364b9154c4436a393da48
SilverStripe CMS decidedly to quietly fix multiple persistent cross site scripting vulnerabilities without informing the public. Fail.
ba424faa00595576e5473a7a215b946162b069fd5671798ba3d039f2833caee3
Linksys WRT110 suffers from root shell command injection and cross site request forgery vulnerabilities.
850308c35db1a6b6413065eb09749bb1a66bb16d4e5f80c535788b446adada12