what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2018-07-16

Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Backdoor Jailbreak
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have a web shell application that includes a service called Microhard Sh that is documented only as 'reserved for internal use'. This service can be enabled by an authenticated user within the Services menu in the web admin panel. This can also be enabled via CSRF attack. When the service is enabled, a user 'msshc' is created on the system with password 'msshc' for SSH shell access on port 22. When connected, the user is dropped into a NcFTP jailed environment, that has limited commands for file transfer administration. One of the commands is a custom added 'ping' command that has a command injection vulnerability that allows the attacker to escape the restricted environment and enter into a root shell terminal that can execute commands as the root user. Many versions are affected.

tags | exploit, web, shell, root
SHA-256 | d63f2a50ee02442ef6e23543b82b4fffc2edd25d0a4eb1517ce7302f0685eee2
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Open Redirect
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from an open redirection vulnerability. Many versions are affected.

tags | exploit
SHA-256 | b1c65c098fae18056a37bc3af2bb913a417646dd7ca9e523569cd1287a6f4f60
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Configuration Download
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from a system backup configuration file 'IPn4G.config' in '/' directory or its respective name based on the model name including the similar files in '/www/cgi-bin/system.conf', '/tmp' and the cli.conf in '/etc/m_cli/' can be downloaded by an authenticated attacker in certain circumstances. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access. Many versions are affected.

tags | exploit, cgi
SHA-256 | 3308505cfc0dc6793c720ed8984af9ae73fb959eb91433b4b2602436f3c76825
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Arbitrary File Attacks
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from an issue where due to the hidden and undocumented File Editor (Filesystem Browser) shell script 'system-editor.sh' an attacker can leverage this issue to read, modify or delete arbitrary files on the system. Input passed thru the 'path' and 'savefile', 'edit' and 'delfile' GET and POST parameters is not properly sanitized before being used to modify files. This can be exploited by an authenticated attacker to read or modify arbitrary files on the affected system. Many versions are affected.

tags | exploit, arbitrary, shell
SHA-256 | 77b3776b575148102cde8300432db7b719ab8ae3d84c651075588e8d0e88b7d0
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Hidden Features
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have undocumented and hidden features present via the web management interface. These features allow an authenticated attacker to take full control of the device and/or modify internal OS settings, read arbitrary files or even render the device unusable. Many versions are affected.

tags | exploit, web, arbitrary
SHA-256 | 14e267060987d08b2eb4ea6ee2c76f437562c939bd7ccf4ac98db80cb0273501
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Denial Of Service
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have an undocumented and hidden feature that allows an authenticated attacker to list running processes in the operating system and send arbitrary signals to kill any process running in the background including starting and stopping system services. This impacts availability and can be triggered also by CSRF attacks that requires device restart and/or factory reset to rollback malicious changes. Many versions are affected.

tags | exploit, arbitrary
SHA-256 | ce1880cac4ba27128730d544ef0c0d9d7bdc2bdb0b8c60f34576248a9947e81d
VelotiSmart WiFi B-380 Camera Directory Traversal
Posted Jul 16, 2018
Authored by Miguel Mendez Z

VelotiSmart WiFi B-380 Camera suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-14064
SHA-256 | 7c8101afd8d775089acc8e6126c84b11e5c6a84f781e1d59798fa08edd2c7ce6
Microsoft Security Bulletin Advisory Notification For July, 2018
Posted Jul 16, 2018
Site microsoft.com

This Microsoft advisory notification includes advisories released or updated on July 16, 2018.

tags | advisory
SHA-256 | 7ded65100cbc49a84a2c84c699deb4f66f65e5485d63b5067ad7882788cedacd
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Remote Root
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from multiple authenticated arbitrary remote code execution vulnerabilities with highest privileges. This is due to multiple hidden and undocumented features within the admin interface that allows an attacker to create crontab jobs and/or modify the system startup script that allows execution of arbitrary code as root user. Many versions are affected.

tags | exploit, remote, arbitrary, root, vulnerability, code execution
SHA-256 | 1bdc3208cfd4fef967921a64ef3e023c7d742aac97247a3358a302633480272f
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Default Credentials
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems utilize hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the gateway. Another vulnerability could allow an authenticated attacker to gain root access. The vulnerability is due to default credentials. An attacker could exploit this vulnerability by logging in using the default credentials. Many versions are affected.

tags | exploit, root
systems | linux
SHA-256 | b7feae71293fbd8e1957fcac4e55a97e86bf57aa73f7edb6187c4df486cc849f
Microsoft Security Bulletin CVE Revision Increment For July, 2018
Posted Jul 16, 2018
Site microsoft.com

This Microsoft bulletin summary holds a CVE update for CVE-2018-8319.

tags | advisory
advisories | CVE-2018-8319
SHA-256 | bdedfcd7f2a2bf34347e7ce302dad7674fdea6bc086f54b2ebb6426b3c3d2ec0
Microsoft Windows Enterprise Mode Site List 1/2 XML Injection
Posted Jul 16, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows Enterprise Mode Site List Manager versions 1 and 2 suffer from an XML external entity injection vulnerability.

tags | exploit
systems | windows
SHA-256 | 5ea4ce1803fb58a81a4249efcc762b9ac4cf0a56d2a221f4bec1ed38ef34637d
Microsoft Windows .library-ms Information Disclosure
Posted Jul 16, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Library description files are XML files that define libraries. Libraries aggregate items from local and remote storage locations into a single view in Windows Explorer. Library description files follow the Library Description schema and are saved as *.library-ms files. The .library-ms filetype triggers forced authentication when a user/client accesses a remote share that houses an attacker supplied ".library-ms" file, disclosing credential hashes and other identifiable computer informations.

tags | exploit, remote, local
systems | windows
SHA-256 | 5a487357b727608fcaf8c888682dc65e0c920720125c20e8e1ac074682b2b0ee
Debian Security Advisory 4246-1
Posted Jul 16, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4246-1 - Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discovered that mailman, a web-based mailing list manager, is prone to a cross-site scripting flaw allowing a malicious listowner to inject scripts into the listinfo page, due to not validated input in the host_name field.

tags | advisory, web, xss
systems | linux, debian
advisories | CVE-2018-0618
SHA-256 | aac0eab0ee06185a0d7be5bb790a0fca7aabf4920148da56535d60cc2f9b3e84
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway CSRF
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems allow users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Many versions are affected.

tags | exploit, web
SHA-256 | b36448905fd02a579d3e95d11222a0acd73d3d78165724ea8f016658e0779db0
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway XSS
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems are prone to multiple reflected and stored cross-site scripting vulnerabilities due to a failure to properly sanitize user-supplied input to several parameters that are handled by various servlets. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session. Many versions are affected.

tags | exploit, arbitrary, vulnerability, xss
SHA-256 | 2c2c864e961de08f8e726f2b647913aff2b13bf29b8cce66e3aa650d3bd351e5
Ubuntu Security Notice USN-3717-1
Posted Jul 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3717-1 - Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid object paths. A local attacker could possibly use this issue to cause PolicyKit to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2015-3218, CVE-2015-3255, CVE-2015-4625, CVE-2018-1116
SHA-256 | 7b9aa26f312ac39e4b97279a9cacf1e2c8f625a61c1040cca0bf6077d0dfc716
WordPress Job Manager 4.1.0 Cross Site Scripting
Posted Jul 16, 2018
Authored by Berk Dusunur, Selimcan Ozdemir

WordPress Job Manager plugin version 4.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f8f076c9ee29dfd7a8bebfddc72344d917fecb7008601c3ae2e820ffdff721e9
TP-Link Archer C60 1.0 Code Execution
Posted Jul 16, 2018
Authored by Ismail Tasdelen

TP-Link Archer C60 version 1.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 98587369e0339d67e6f3616f7c08119600cbd0e9a273c56d5ee6dfc91f50a4d6
Linux/ARM Bindshell (tcp/1234) Shellcode
Posted Jul 16, 2018
Authored by odzhancode

104 bytes small Linux/ARM bindshell shellcode that binds to tcp/1234.

tags | tcp, shellcode
systems | linux
SHA-256 | 0579b4a1356eba1d6aa94d318907860e8ae4600aeef2a2a5a04300d3887b0b2c
Linux x86_64 IPv6 Reverse Shell With Password Shellcode
Posted Jul 16, 2018
Authored by Hashim Jawad

Linux/x86_64 reverse shell (IPv6) shellcode with password.

tags | shell, shellcode
systems | linux
SHA-256 | 2774dc4104166064c29f6fcb1bc9b8ed3bd2446cd99c78a62c81078b9e2b12fd
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close