exploit the possibilities
Showing 1 - 25 of 112 RSS Feed

Files from Jeremy Brown

Real NameJeremy Brown
Email addressprivate
First Active2008-07-15
Last Active2021-09-20
View User Profile
litefuzz 1.0
Posted Sep 20, 2021
Authored by Jeremy Brown | Site github.com

litefuzz is a multi-platform fuzzer for poking at userland binaries and servers.

tags | tool, fuzzer
systems | unix
MD5 | e20e90558f9c0c1dc16ef9f40dcbe095
Ulfius Web Framework Remote Memory Corruption
Posted Sep 14, 2021
Authored by Jeremy Brown

Ulfius Web Framework suffers from a remote memory corruption vulnerability. When parsing malformed HTTP requests, a heap-related initialization bug is triggered resulting in a crash in the server or potentially remote code execution with privileges of the running process.

tags | exploit, remote, web, code execution
advisories | CVE-2021-40540
MD5 | 1dabe63befe8e565facd80b332f86a58
Shoutcast Server Crash
Posted Aug 23, 2021
Authored by Jeremy Brown

Shoutcast server version suffers from a remote authenticated crash vulnerability.

tags | exploit, remote
MD5 | 3d13169914989d5608d84944219a12bf
Riak Insecure Default Configuration / Remote Command Execution
Posted Aug 4, 2021
Authored by Jeremy Brown

Riak runs as an Erlang service configured with a default cookie of riak that allows for remote command execution if not modified before use.

tags | exploit, remote
MD5 | 15cc4108a20bbd107a3861961401ba62
Okta Access Gateway 2020.5.5 Authenticated Remote Root
Posted Jul 7, 2021
Authored by Jeremy Brown

Okta Access Gateway version 2020.5.5 suffers from multiple authenticated remote root command injection vulnerabilities.

tags | exploit, remote, root, vulnerability
advisories | CVE-2021-28113
MD5 | 117cdacc6c045a9f6239a8f7082bfc82
Docker Dashboard Remote Command Execution
Posted Jul 7, 2021
Authored by Jeremy Brown

Docker Dashboard suffers from a remote command execution vulnerability. The fix is added in commit 79cdc41.

tags | exploit, remote
advisories | CVE-2021-27886
MD5 | 4c29691af5fd9c2080f1f24e78725fe6
HPE RDA-CAS 1.23.826 Denial Of Service
Posted Jun 23, 2021
Authored by Jeremy Brown

HPE RDA-CAS version 1.23.826 remote denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 52393acabc0419fe8daf4eb578d8ab61
Cisco Modeling Labs 2.1.1-b19 Remote Command Execution
Posted Jun 23, 2021
Authored by Jeremy Brown

Cisco Modeling Labs version 2.1.1-b19 remote command execution exploit.

tags | exploit, remote
systems | cisco
advisories | CVE-2021-1531
MD5 | a1d30ba3be5b867dccae401fb8872c58
F5 BIG-IQ VE 8.0.0-2923215 Remote Root
Posted Jun 23, 2021
Authored by Jeremy Brown

F5 BIG-IQ VE version 8.0.0-2923215 post-authentication remote root code execution exploit.

tags | exploit, remote, root, code execution
advisories | CVE-2021-23024
MD5 | a11dfe5c02989bd70fe132ae0aa3fd92
PIMT 1.0
Posted Jan 4, 2021
Authored by Jeremy Brown | Site github.com

PIMT is a Public Infrastructure Monitoring Tool (pronounced PIM-tee). It queries common recon tools for publicly available data regarding particular organizations based on the domains and keywords provided. It is not meant to provide complete coverage for every external asset that belongs to a company as attackers usually do not have this detailed info or mapping either. One can use it to paint some sort of picture of what external attackers may be looking at, the changes occurring over time and insight for how to further harden the perimeter. The key idea being to provide valuable data to red teams as well as addition al monitoring capabilities for defenders.

tags | tool
systems | unix
MD5 | 15640e4fe41be31efdca68b52b77e376
Zoom Meeting Connector Post-Auth Remote Root
Posted Dec 31, 2020
Authored by Jeremy Brown

Zoom version suffers from a Meeting Connector post-authentication remote root code execution vulnerability via the proxy server functionality. The latest Zoom client has this issue patched per Zoom.

tags | exploit, remote, root, code execution
MD5 | 502538df7bfbda265c17c493f89179b7
Openpilot Default SSH Key Scanner
Posted Dec 31, 2020
Authored by Jeremy Brown

Openpilot has a default SSH key that can allow attackers remote access if not changed. This script port scans and attempts to login to Openpilot SSH servers with the default key.

tags | exploit, remote
MD5 | b9e467ddb7a4cfc15deec4d13e92486a
HPE Edgeline Infrastructure Manager Improper Authorization
Posted Dec 29, 2020
Authored by Jeremy Brown

HPE Edgeline Infrastructure Manager suffers from multiple broken authorization flows that allow for administrative function access without authenticating and can allow for arbitrary password changes.

tags | exploit, arbitrary
MD5 | 75012bca2029a5ddfe8ad8255b3f5f1b
Cassandra Web 0.5.0 Remote File Read
Posted Dec 29, 2020
Authored by Jeremy Brown

Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for the server to auth to it and provide the web access, so they are also one thing that can be captured via the arbitrary file read. Version 0.5.0 is affected.

tags | exploit, web, arbitrary
MD5 | 5d45ddf35f9f55300493bfefe8020924
Stratodesk NoTouch Center Privilege Escalation
Posted Dec 21, 2020
Authored by Jeremy Brown

Stratodesk NoTouch Center virtual appliance suffers from a privilege escalation vulnerability. This was addressed in version 4.4.68.

tags | exploit
advisories | CVE-2020-25917
MD5 | f6ac4d9b376df40c169c841245383a04
Erlang Bytecode String Converter
Posted Dec 21, 2020
Authored by Jeremy Brown

estr2bc is a python script to convert arbitrary string input to Erlang bytecode.

tags | tool, arbitrary, python
systems | unix
MD5 | 095fa28eaa19faca6a6c82b238094580
Ajenti 2.1.31 Command Injection
Posted Dec 2, 2019
Authored by Jeremy Brown, Onur ER | Site metasploit.com

This Metasploit module exploits a command injection in Ajenti version 2.1.31. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.

tags | exploit, shell
MD5 | 7c4130c9c91b99ff51567ab20d19ea6e
Podman / Varlink Remote Code Execution
Posted Oct 15, 2019
Authored by Jeremy Brown

Remote exploit for Podman when configured with Varlink that allows for remote command execution, denial of service, directory traversal, and information disclosure vulnerabilities.

tags | exploit, remote, denial of service, vulnerability, info disclosure
MD5 | 877a6bf3a116aaaf342e4d3eba5c9537
Ajenti Remote Command Execution
Posted Oct 11, 2019
Authored by Jeremy Brown

Ajenti suffers from a remote command execution vulnerability.

tags | exploit, remote
MD5 | 132a31448e87adbe514497f20f8d446f
Whale Win32 Attack Surface Toolkit
Posted Dec 7, 2016
Authored by Jeremy Brown

Whale in a win32 attack surface toolkit written in C#. It's capable of monitoring many of different areas of the Windows for new and removed kernel objects, open ports, drivers, services and much more. It also allows a user to test for different bug classes and has found a few interesting issues across the sub-systems.

tags | tool, kernel
systems | windows, 32
MD5 | 7c7cd88d5b54f9d2ccbe3d190ca4c39e
Microsoft Windows 10 x86/x64 WLAN AutoConfig Named Pipe Proof Of Concept
Posted Dec 7, 2016
Authored by Jeremy Brown

Microsoft Windows 10 x86/x64 build 10.0.14393 WLAN autoconfig named pipe denial of service proof of concept exploit.

tags | exploit, denial of service, x86, proof of concept
systems | windows
MD5 | d78a9bd236d6a1942ee373d12364f61f
BlackStratus LOGStorm / Remote Root
Posted Dec 5, 2016
Authored by Jeremy Brown

BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among other things, to assume complete control over the virtual appliance with root privileges. This is possible due to multiple network servers listening for network connections by default, allowing authorization with undocumented credentials supported by appliance's OS, web interface and sql server. Versions and are affected.

tags | exploit, remote, web, root, vulnerability
MD5 | 229e9c7351054e6f28651057eb3cffda
ShakeIt Grammar Mutation Engine Fuzzer
Posted Nov 30, 2015
Authored by Jeremy Brown

ShakeIt is a grammar mutation engine targeting browsers and PDF readers. For a given input, such as a web page or PDF file, and an output location, it will generate N mutated test cases. It was implemented in C#, but can be ported to other languages and is meant to fit within an existing fuzzing framework.

tags | tool, web, fuzzer
MD5 | 54c861884798451395aeaab5988a76c7
Portmanteau Unix Driver IOCTL Security Tool
Posted Nov 5, 2015
Authored by Jeremy Brown

Portmanteau is an experimental unix driver IOCTL security tool that is useful for fuzzing and discovering device driver attack surface.

tags | tool
systems | unix
MD5 | e1ff72313a6273d9d6517fa2acc9504a
Libmimedir VCF Memory Corruption Proof Of Concept
Posted Jun 11, 2015
Authored by Jeremy Brown

Libmimedir suffers from a memory corruption vulnerability. Adding two NULL bytes to the end of a VCF file allows a user to manipulate free() calls which occur during it's lexer's memory clean-up procedure. This could lead to exploitable conditions such as crafting a specific memory chunk to allow for arbitrary code execution.

tags | exploit, arbitrary
advisories | CVE-2015-3205
MD5 | 1df4218448d7ac2e97f07d47f005d627
Page 1 of 5

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By