exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2020-11-20

Barco wePresent Insecure Firmware Image
Posted Nov 20, 2020
Authored by Matthew Bergin, Jim Becher | Site korelogic.com

Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have firmware that does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images.

tags | exploit
advisories | CVE-2020-28332
SHA-256 | ce155e50978552faf0e472116a9c5ce4f975a3420fd6632369708f93d1554c2a
Barco wePresent Global Hardcoded Root SSH Password
Posted Nov 20, 2020
Authored by Jim Becher | Site korelogic.com

Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have a hardcoded root password hash included in the firmware image.

tags | exploit, root
advisories | CVE-2020-28334
SHA-256 | 75cc1a2f773099f090db6e25b10a5322af43049d1ef7d2035e513c189b3011ed
Barco wePresent Undocumented SSH Interface
Posted Nov 20, 2020
Authored by Jim Becher | Site korelogic.com

Barco wePresent WiPG-1600W version 2.5.1.8 has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.

tags | exploit, web
advisories | CVE-2020-28331
SHA-256 | a366665beb0a2a41a9a77ce23a19d8837b9d6bfef4a80c4bbf011cf9589c7bc4
Barco wePresent Authentication Bypass
Posted Nov 20, 2020
Authored by Jim Becher | Site korelogic.com

The Barco wePresent WiPG-1600W version 2.5.1.8 web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web proxy logs and browser history. An attacker that is able to capture the "SEID" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials.

tags | exploit, web
advisories | CVE-2020-28333
SHA-256 | 77ed3fcf16f9ea1209c2673adba8c737e13b77a283c9ea2dfab06836d2aa7dde
Barco wePresent Admin Credential Exposure
Posted Nov 20, 2020
Authored by Jim Becher | Site korelogic.com

An attacker armed with hardcoded API credentials from KL-001-2020-004 (CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp for Barco wePresent WiPG-1600W version 2.5.1.8.

tags | exploit, web, tcp
advisories | CVE-2020-28329, CVE-2020-28330
SHA-256 | d17ea5576bc764da9307b56d3e500fe6c4d6a46a6d607ac07eeebd256034d86c
Barco wePresent Hardcoded API Credentials
Posted Nov 20, 2020
Authored by Jim Becher | Site korelogic.com

Barco wePresent device firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Versions affected include 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19.

tags | exploit
advisories | CVE-2020-28329
SHA-256 | 22801e1943167d9cae8f39b9e75645ceb62540439a7d2d3cf58ea0fee603d235
Vtiger CRM 7.0 Cross Site Scripting
Posted Nov 20, 2020
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Vtiger CRM version 7.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b6606ef09af1c9523d1149be28331dbea51e97efd4902acd769b67310ccac2c5
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
Posted Nov 20, 2020
Authored by Pedro Ribeiro, Radek Domanski | Site metasploit.com

This Metasploit module exploits a series of vulnerabilities to achieve unauthenticated remote code execution on the Rockwell FactoryTalk View SE SCADA product as the IIS user. The attack relies on the chaining of five separate vulnerabilities. The first vulnerability is an unauthenticated project copy request, the second is a directory traversal, and the third is a race condition. In order to achieve full remote code execution on all targets, two information leak vulnerabilities are also abused. This exploit was used by the Flashback team (Pedro Ribeiro + Radek Domanski) in Pwn2Own Miami 2020 to win the EWS category.

tags | exploit, remote, vulnerability, code execution
advisories | CVE-2020-12027, CVE-2020-12028, CVE-2020-12029
SHA-256 | b5c77494a3939a1827cb333698735a7315890ad559b41cca1a66fcbd96bc0b9e
IBM Tivoli Storage Manager 5.2.0.1 Buffer Overflow
Posted Nov 20, 2020
Authored by Paolo Stagno

IBM Tivoli Storage Manager version 5.2.0.1 suffers from a command line administrative interface buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | d91298d7cdf3ea61c60282fd007270f738d9bc1b835db1fe81301d040f3df2bf
Boxoft Convert Master 1.3.0 Local Buffer Overflow
Posted Nov 20, 2020
Authored by Achilles

Boxoft Convert Master version 1.3.0 SEH local buffer overflow exploit.

tags | exploit, overflow, local
SHA-256 | 47080b28a8e6f189781fc5c7cf47144a2979d43b700a2d3c2a02da8c54e85bcd
Wonder CMS 3.1.3 Cross Site Scripting
Posted Nov 20, 2020
Authored by Hemant Patidar

Wonder CMS version 3.1.3 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ccccd9ed98df37b0b7a126ce3016965c698022509b6de871a00456304fad8878
NetSurveillance Unauthorized Password Change
Posted Nov 20, 2020
Authored by AsCiI

NetSurveillance version 4.02.R11.00000140.10001.131900.00000 allows for an unauthenticated password change when no default security questions are set.

tags | exploit
SHA-256 | fd6228be6ec00b50ecd7051a15b7ee6d6dab5137e53bd49f35b84c6cdb78e569
Zortam MP3 Media Studio 27.60 Remote Code Execution
Posted Nov 20, 2020
Authored by Vincent Wolterman

Zortam MP3 Media Studio version 27.60 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | 0c44dc348d50e18cbc6ca452a51654910cc7056e24192001ae9b51ca1edf22a1
Free MP3 CD Ripper 2.8 Buffer Overflow
Posted Nov 20, 2020
Authored by ZwX, Gionathan Reale | Site metasploit.com

This Metasploit module exploits a buffer overflow in Free MP3 CD Ripper versions 2.6 and 2.8. By constructing a specially crafted WMA WAV M3U ACC FLAC file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode.

tags | exploit, overflow, shellcode
advisories | CVE-2019-9767
SHA-256 | 2fc82acea7b95409d6f96c56885e269103215f19b294a61787c2ac74dca93a0f
Ubuntu Security Notice USN-4637-2
Posted Nov 20, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4637-2 - USN-4637-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 16.04 LTS. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across origins, bypass security restrictions, conduct phishing attacks, conduct cross-site scripting attacks, bypass Content Security Policy restrictions, conduct DNS rebinding attacks, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2020-16012, CVE-2020-26956, CVE-2020-26961, CVE-2020-26967
SHA-256 | 4f713adabc152105077747045996121534ba7401875c9364bf618c591b2cdb5c
Ubuntu Security Notice USN-4639-1
Posted Nov 20, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4639-1 - It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. It was discovered that phpMyAdmin incorrectly handled user input. An attacker could possibly use this for an XSS attack. It was discovered that phpMyAdmin mishandled certain input. An attacker could use this vulnerability to execute a cross-site scripting attack via a crafted URL. Various other issues were also addressed.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2018-19968, CVE-2018-19970, CVE-2018-7260, CVE-2019-11768, CVE-2019-12616, CVE-2019-6799, CVE-2020-10802, CVE-2020-10803, CVE-2020-26934, CVE-2020-26935, CVE-2020-5504
SHA-256 | 0779e7fa341ac78947934c261f4952b8924a503204b0c78b2229b84b8e1cf6f8
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close