Showing 1 - 7 of 7

Files from Ken Pyle

First Active	2019-06-14
Last Active	2023-04-06

Cisco / Dell / Netgear Information Disclosure / Hash Decrypter: Posted Apr 6, 2023; Authored by Ken Pyle; Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB suffer from an information leakage vulnerability.; tags | exploit, info disclosure; systems | cisco; advisories | CVE-2019-15993, CVE-2020-5330; SHA-256 | b8a45b8069a5a5129862e21629b12e2ac7fea0a964921f4c4676a3ebbf3a17c8; Download | Favorite | View

DASDEC Cross Site Scripting / HTML Injection: Posted Jul 21, 2022; Authored by Ken Pyle; The Monroe Electronics / Digital Alert Systems OneNet SE DASDEC Emergency Alert System Appliance suffers from cross site scripting and html injection vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | 82f6d98418853066b6a98235aa9b2f3a0913d729dcbf7cc7b1e70d395b6a8bad; Download | Favorite | View

Exploiting Persistent XSS And Unsanitized Injection Vectors For Layer 2 Bypass And COOLHANDLUKE Protocol Creation: Posted May 26, 2022; Authored by Ken Pyle | Site cybir.com; This whitepaper demonstrates leveraging cross site scripting and polyglot exploitation in an exploit called COOLHANDLUKE to violate network segmentation / layer 2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HPE Procurve, Aruba Networks, Cisco, Dell, and Netgear products.; tags | paper, protocol, xss; systems | cisco; SHA-256 | 1ec58f30e8a0a21c51d095c930eb3fc00827e2d07118a62f2dd3d6f7154a73ce; Download | Favorite | View

Exploiting Persistent XSS And Unsanitized Injection Vectors For DIRECTIVEFOUR Protocol Creation / IP Router-Less Tunneling: Posted May 26, 2022; Authored by Ken Pyle | Site cybir.com; In this whitepaper, the author demonstrates abusing persistent cross site scripting and polyglot payloads can allow for robust protocol creation similar to COOLHANDLUKE and allows an attacker to exfiltrate, encapsulate, and tunnel their malicious traffic between IPv4 and IPv6 networks without a router. The author calls the technique and protocol "DIRECTIVEFOUR". This issue affects Cisco SMB and Sx Series switches.; tags | paper, protocol, xss; SHA-256 | 4b5d4d8cfa4b802b87cad15d22893764dd635937e23e58bc76e7fa4673c00370; Download | Favorite | View

GeoVision Geowebserver 5.3.3 LFI / XSS / CSRF / Code Execution: Posted Aug 17, 2021; Authored by Ken Pyle; GeoVision Geowebserver versions 5.3.3 and below suffer from code execution, cross site request forgery, cross site scripting, html injection, and local file inclusion vulnerabilities.; tags | exploit, local, vulnerability, code execution, xss, file inclusion, csrf; SHA-256 | 8ccb4bb1b96f86b0ef24cd5e1b36f037c42c2f00bb5ec9a80fedbe4537f7a7ab; Download | Favorite | View

JNLP Injection To Multi-OS Code Execution: Posted Jun 25, 2021; Authored by Ken Pyle; Whitepaper discussing BIZARRELOVETRIANGLE and FULLCLIP - JNLP parameter injection attacks to remote, persistent, multi-os code execution.; tags | paper, remote, code execution; SHA-256 | 0544f59a1e884ac5e4753711797fde21b5db764b310bbdc41f2106aa58ffdef4; Download | Favorite | View

Dell EMC Avamar ADMe Web UI 1.0.50 / 1.0.51 Local File Inclusion: Posted Jun 14, 2019; Authored by Dell Product Security Incident Response Team, Ken Pyle | Site dellemc.com; Dell EMC Avamar ADMe Web Interface is affected by a local file inclusion vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application. Versions 1.0.50 and 1.0.51 are affected.; tags | advisory, web, arbitrary, local, file inclusion; advisories | CVE-2019-3737; SHA-256 | 7acfa0ed5a7472704419b66813b778ef436398a2db8ae457ca89f746c7f72462; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days