Showing 51 - 75 of 80

Files from Karn Ganeshen

Email address	karnganeshen at gmail.com
First Active	2010-02-05
Last Active	2024-09-01

Papouch Backdoor Account / CSRF / Missing Authentication: Posted Jun 16, 2016; Authored by Karn Ganeshen; Papouch TME ethernet thermometer and TME multi: Temperature and humidity via ethernet both suffer from cross site request forgery, hardcoded backdoor super user accounts, and missing access controls.; tags | exploit, csrf; SHA-256 | f0ee50dfb9961307792f4a00e338a077ffcc384ad59b75c9c48148eb47af0af9; Download | Favorite | View

HP StoreEver MSL6480 Tape Library 4.10 Weak Credentials / CSRF / Access Control: Posted Jun 16, 2016; Authored by Karn Ganeshen; HP StoreEver MSL6480 Tape Library version 4.10 suffers from cross site request forgery, weak default credentials, and access control vulnerabilities.; tags | exploit, vulnerability, csrf; SHA-256 | 8f08337957222b11d4c4a443649d9ff928174b1dd9235eb25bb284e0dc7cb01d; Download | Favorite | View

Meteocontrol WEBLog Password Extractor: Posted May 17, 2016; Authored by Karn Ganeshen | Site metasploit.com; This Metasploit module exploits an authentication bypass vulnerability in Meteocontrol WEBLog (all models). This vulnerability allows extracting Administrator password for the device management portal.; tags | exploit, bypass; advisories | CVE-2016-2296; SHA-256 | b5a443a5fc418686d9d3ce0d8492afebd3f170b8a108d1cefb5fed42ef7ba2c7; Download | Favorite | View

Moxa MiiNePort Weak Credential Management / CSRF: Posted May 3, 2016; Authored by Karn Ganeshen; Moxa MiiNePort suffers from cross site request forgery, weak credential management, and sensitive information protection vulnerabilities.; tags | advisory, vulnerability, csrf; advisories | CVE-2016-2285, CVE-2016-2286, CVE-2016-2295; SHA-256 | 7ed488745e4d059d12d5ec837be93fd1917ea75cdbe335cca37b64e00022a474; Download | Favorite | View

Schneider Electric Building Operation Automation Server 1.6.1.5000 Escalation / Command Execution: Posted Mar 4, 2016; Authored by Karn Ganeshen; Schneider Electric Building Operation Automation Server version 1.6.1.5000 suffers from OS command injection, weak credential management, and privilege escalation vulnerabilities.; tags | exploit, vulnerability; SHA-256 | f4f4f183bd0512baf741708e2db936118942d5fd0e8f508b8e54c0c983fad7d4; Download | Favorite | View

WAGO IO PLC 758-870 / 750-849 Credential Management / Privilege Separation: Posted Mar 4, 2016; Authored by Karn Ganeshen; WAGO IO PLC versions 758-870 and 750-849 suffer from weak credential management, lack of privilege separation, insecure ftp configuration, and weak filesystem permissions.; tags | exploit, info disclosure; advisories | CVE-2015-6472, CVE-2015-6473; SHA-256 | 265cf836fd5bdb1c9a761033ead4a4c5910c3662908c88aa5076eb097dc54122; Download | Favorite | View

GE Industrial Solutions UPS SNMP Adapter Command Injection: Posted Feb 4, 2016; Authored by Karn Ganeshen; GE Industrial Solutions UPS SNMP adapter suffers from command injection and clear-text storage of sensitive information.; tags | exploit; advisories | CVE-2016-0861, CVE-2016-0862; SHA-256 | 6461ea7f02e3828661f5f2c2334de5bdf1c58395f13ec5505a1d5449063ddf8a; Download | Favorite | View

D-Link DVG-N5402SP Path Traversal / Information Disclosure: Posted Feb 3, 2016; Authored by Karn Ganeshen; D-Link DVG-N5402SP suffers from path traversal, weak credential management, and information leakage vulnerabilities.; tags | exploit, vulnerability, file inclusion, info disclosure; advisories | CVE-2015-7245, CVE-2015-7246, CVE-2015-7247; SHA-256 | bc547aa0033ab82aa8fde53becfd4db4431c4707fc91ae4fc5ab5866a936dbad; Download | Favorite | View

SeaWell Networks Spectrum SDC 02.05.00 Traversal / Privilege Escalation: Posted Jan 18, 2016; Authored by Karn Ganeshen; SeaWell Networks Spectrum SDC version 02.05.00 suffers from weak default credentials, path traversal, and privilege escalation vulnerabilities.; tags | exploit, vulnerability, file inclusion; advisories | CVE-2015-8282, CVE-2015-8283, CVE-2015-8284; SHA-256 | 30b657b4143b625b275e364b5659fdb1d286a1649a39e9a64179c87750872c6c; Download | Favorite | View

eWON XSS / CSRF / Session Management / RBAC Issues: Posted Dec 24, 2015; Authored by Karn Ganeshen; eWON routers with firmware versions prior to 10.1s0* suffer from cross site request forgery, session management, RBAC control, and cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss, csrf; advisories | CVE-2015-7925, CVE-2015-7926, CVE-2015-7927, CVE-2015-7928, CVE-2015-7929; SHA-256 | db44f5340110e31d8969ebbbea39b66476ba340c324579db4a0c8e86da5eb756; Download | Favorite | View

Nordex Control 2 (NC2) SCADA 16 Cross Site Scripting: Posted Dec 24, 2015; Authored by Karn Ganeshen; Nordex Control 2 (NC2) SCADA version 16 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2015-6477; SHA-256 | e4b3732da6a42937ee4a23ae9d5562bb1a69144c16f5139060d53c7ef8a341f4; Download | Favorite | View

XZERES 442SR Wind Turbine Cross Site Scripting: Posted Dec 24, 2015; Authored by Karn Ganeshen; XZERES 442SR wind turbine suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 1328aca548475d9704158e50bb0cf1d133388c98974314b228e040c479815ad9; Download | Favorite | View

LG Nortel Disclosure / Insecure Configuration / DoS: Posted Dec 9, 2015; Authored by Karn Ganeshen; LG Nortel ADSL modems with software version 3.04L.02V.sip._LE9500.dspApp3341A2pB022f.d19e suffer from authorization flaws, information disclosure, insecure configuration, and denial of service vulnerabilities.; tags | exploit, denial of service, vulnerability, info disclosure; SHA-256 | 07c137c52ba038e547265ff65850d81997d590daad3e58b85cea0d0e33cf7bb3; Download | Favorite | View

Brocade Fabric OS 6.3.1b Weak System Configuration: Posted Nov 30, 2015; Authored by Karn Ganeshen; Brocade Fabric OS version 6.3.1b suffers from multiple weak system configuration issues that can result in system compromise. You actually have to go out of your way to break basic Linux security this badly.; tags | exploit, info disclosure; systems | linux; SHA-256 | 86551b3c0d17766625527eb34a6c14cce252c358fd6840a5969038b4022df058; Download | Favorite | View

ZTE ADSL ZXV10 W300 Authorization / Disclosure / Backdoor: Posted Nov 20, 2015; Authored by Karn Ganeshen; ZTE ADSL ZXV10 W300 modems suffer from insufficient authorization controls, information disclosure, and a backdoor account feature.; tags | exploit, info disclosure; advisories | CVE-2015-7257, CVE-2015-7258, CVE-2015-7259; SHA-256 | f638139811112ec6d7f34ff1e8acef146adf3549a65b832da61f1755c75c498d; Download | Favorite | View

ZTE ZXHN H108N R1A / ZXV10 W300 Traversal / Disclosure / Authorization: Posted Nov 20, 2015; Authored by Karn Ganeshen; ZTE ZXHN H108N R1A and ZXV10 W300 routers suffer from path traversal, information disclosure, improper authorization, and hard-coded credential vulnerabilities.; tags | exploit, vulnerability, file inclusion, info disclosure; advisories | CVE-2015-7248, CVE-2015-7249, CVE-2015-7250, CVE-2015-7251, CVE-2015-7252; SHA-256 | 2735f65d35edc3931a3eae6069d85013b997afb9f924b5865ac99b6d29c02f0f; Download | Favorite | View

Cambium ePMP 1000 Command Injection / Privilege Escalation: Posted Nov 20, 2015; Authored by Karn Ganeshen; Cambium ePMP 1000 suffers from a remote OS command injection and privilege escalation vulnerabilities.; tags | exploit, remote, vulnerability; SHA-256 | f3f71e560f8ee614e20bf5956339837e20028c8d5053172f3eb99639d547b9e1; Download | Favorite | View

ZTE ADSL Authorization Bypass / Information Disclosure: Posted Nov 14, 2015; Authored by Karn Ganeshen; ZTE ADSL modems suffer from authorization bypass and information disclosure vulnerabilities.; tags | exploit, vulnerability, bypass, info disclosure; advisories | CVE-2015-7257, CVE-2015-7258, CVE-2015-7259; SHA-256 | c8cc58a9774ae52bb5d5fb84d55e5fcdfa1127e663889f344fa1a78b2eb1f858; Download | Favorite | View

netis RealTek 2.1.1 Backdoor Accounts / RBAC Failure / CSRF: Posted Oct 15, 2015; Authored by Karn Ganeshen; netis RealTek routers with firmware version 2.1.1 suffer from cross site request forgery, backdoor accounts, and weak RBAC control vulnerabilities.; tags | exploit, vulnerability, csrf; SHA-256 | 1405872cbefb8ad0515fc44e8e0836e72d1d1fa985cac7c55007bb96d1c5ab5a; Download | Favorite | View

PROLiNK H5004NK Backdoor Accounts / RBAC Failure / CSRF: Posted Oct 15, 2015; Authored by Karn Ganeshen; PROLiNK H5004NK ADSL routers with firmware version R76S Slt 4WNE1 6.1R suffer from cross site request forgery, backdoor accounts, and weak RBAC control vulnerabilities.; tags | exploit, vulnerability, csrf; SHA-256 | bdc0083d8c236287aee441dabe95d1060e8583de5c8dd2092287038176f12c8e; Download | Favorite | View

ZyXEL PMG5318-B20A OS Command Injection: Posted Oct 14, 2015; Authored by Karn Ganeshen; ZyXEL PMG5318-B20A suffers from a command injection vulnerability via the ping function.; tags | exploit; advisories | CVE-2015-6018; SHA-256 | 94cea261bcbad285c0fb3b4900f3ab8150b00219d6b41f9594444e04f13fdfd8; Download | Favorite | View

Netgear Voice Gateway 2.3.0.23_2.3.23 XSS / Code Execution: Posted Oct 13, 2015; Authored by Karn Ganeshen; Netgear Voice Gateway with firmware version 2.3.0.23_2.3.23 suffers from command injection, insecurely configured passwords, and cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | d00b6ccc7243ec76c13b6752206ecb24b7616afd8ccc5b5e94771fa108ece86e; Download | Favorite | View

F5 BigIP 10.2.4 Build 595.0 HF3 Path Traversal: Posted Oct 12, 2015; Authored by Karn Ganeshen; F5 BigIP version 10.2.4 Build 595.0 Hotfix HF3 suffers from a path traversal vulnerability.; tags | exploit, file inclusion; advisories | CVE-2015-4040; SHA-256 | ab0a3042d4334bb2c87d36fda9fec448e92ffbf6fe5472e790e037e320a7c8a7; Download | Favorite | View

PIXORD Vehicle 3G Wi-Fi Router Command Injection / Information Disclosure: Posted Oct 2, 2015; Authored by Karn Ganeshen; PIXORD Vehicle 3G Wi-Fi Router suffers from OS command injection, information disclosure, and various other vulnerabilities.; tags | exploit, info disclosure; SHA-256 | 03ad30f1f842d6ddf4697f5efd5ca3278bb8272bd2d539ab9c4945bec0b34bfa; Download | Favorite | View

D-Link DIR-300 Cross Site Scripting: Posted Feb 4, 2013; Authored by Karn Ganeshen; D-Link DIR-300 suffers from an administratively inflicted cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 43ead2a034ace5b0279515fb18d840f04a18174a3904b1181ab7f3d9d99a30a3; Download | Favorite | View

Page 3 of 4 Back 1 2 3 4 Next

Top Authors In Last 30 Days

Red Hat 275 files
indoushka 177 files
Jay Turla 150 files
Ubuntu 77 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Gentoo 25 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,125)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,592)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,327)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,893)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,867)
UNIX (9,458)
UnixWare (188)
Windows (6,772)
Other

Files from Karn Ganeshen

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems