exploit the possibilities
Showing 1 - 25 of 31 RSS Feed

Files Date: 2021-03-19

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers an insufficient session expiration. This occurs when the web application permits an attacker to reuse old session credentials or session IDs for authorization. Insufficient session expiration increases the device's exposure to attacks that can steal or reuse user's session identifiers.

tags | exploit, web
SHA-256 | 0c41b0e418db6cc3fce61cd5b95edcec7bd24c9c50d23011b09d080bdd1e22af
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Privilege Escalation
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from a privilege escalation vulnerability. The non-privileged default user (user:user123) can elevate his/her privileges by sending a HTTP GET request to the configuration export endpoint and disclose the admin password. Once authenticated as admin, an attacker will be granted access to the additional and privileged pages.

tags | exploit, web
SHA-256 | ac657c7a920abc9292d94f15c71e9ea580b9222af282ef5304979b66ed446773
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Configuration Download
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 is susceptible to an unauthenticated configuration disclosure when direct object reference is made to the export_settings.cgi file using an HTTP GET request. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.

tags | exploit, web, cgi
SHA-256 | 603965054eb95da0577b3266629d2f47e3091bf6d4d5db74af928a5dc068442f
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Device Reboot
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 allows unauthenticated attackers to restart the device with an HTTP GET request to /goform/RestartDevice page.

tags | exploit, web
SHA-256 | 004ac443ef3437a7dc29dd40e264756e3f0c35852ab627528f60fae29ab56c98
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Factory Reset
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 allows unauthenticated attackers to visit the unprotected /goform/LoadDefaultSettings endpoint and reset the device to its factory default settings. Once the GET request is made, the device will reboot with its default settings allowing the attacker to bypass authentication and take full control of the system.

tags | exploit
SHA-256 | 3156b5880f18090db2cb6967bfda33c291e74fcbb4644825d31a6a7dfc004ac5
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Log Disclosure
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 has an unprotected web management server that is vulnerable to sensitive information disclosure vulnerability. An unauthenticated attacker can visit the syslog page and disclose the webserver's log file containing system information running on the device.

tags | exploit, web, info disclosure
SHA-256 | 958deee99bc7702bdefacdd8e76f855a06c557df09b4f20f289c8fa141562a8e
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insecure Direct Object Reference
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from an insecure direct object reference vulnerability.

tags | exploit
SHA-256 | 482b29e97ee4ccf4b8dc4e5040476664b4f3b97ca5897f736e1d3996a4ff86dc
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Remote Code Execution
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 has several backdoors and hidden pages that allow for remote code execution, overwriting of the bootrom, and enabling debug mode.

tags | exploit, remote, code execution
SHA-256 | 9e5c4d9e5a68baf4b8009ac9f6cdf69d972d6968d94358877a76aad28b0c3a26
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Weak Default WiFi Password Algorithm
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 generates its SSID and password based on the WAN MAC address.

tags | exploit
SHA-256 | 4e69427bcce8662fc36c8b7b37b27b7d855a9ed957d32eec33f827ef7036e3a8
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Hard-Coded Credentails / Shell Access
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 utilizes hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the router.

tags | exploit
systems | linux
SHA-256 | d71480ffcd0ea393d093598a1fb0293c504c2831049982e7b945a93c48d78c4e
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authentication Bypass
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from an authentication bypass vulnerability. An unauthenticated attacker can disclose sensitive and clear-text information resulting in authentication bypass by downloading the configuration of the device and revealing the admin password.

tags | exploit, bypass
SHA-256 | 73a44e688725b9ff0a6abb769d144776d60b2d0df7ed23e37df9c6d6e287e278
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pingAddr HTTP POST parameter bypassing the injection protection filter.

tags | exploit, web, arbitrary, shell
SHA-256 | d2bfe72177362172a25975038e95f6f160f7bd9fdd925bd9901330b19327c20e
Win32k ConsoleControl Offset Confusion
Posted Mar 19, 2021
Authored by Spencer McIntyre, BITTER APT, LiHao, KaLendsi, MaDongZe, TuXiaoYi, JinQuan | Site metasploit.com

A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to achieve an out of bounds write operation, eventually leading to privilege escalation.

tags | exploit
advisories | CVE-2021-1732
SHA-256 | ed073b3c17d4f49ffa13834abab3bf326257f8e012a4c37b26486bc312e9e80d
VMware View Planner 4.6 Remote Code Execution
Posted Mar 19, 2021
Authored by wvu, Grant Willcox, Mikhail Klyuchnikov | Site metasploit.com

This Metasploit module exploits an unauthenticated log file upload within the log_upload_wsgi.py file of VMWare View Planner 4.6 prior to 4.6 Security Patch 1. Successful exploitation will result in remote code execution as the apache user inside the appacheServer Docker container.

tags | exploit, remote, code execution, file upload
advisories | CVE-2021-21978
SHA-256 | 379b0cbe47bd964e0aa4ad293ae73ca2ada00daefc19072ca7c7c1d184c798cd
SOYAL 701Client 9.0.1 Insecure Permissions
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

SOYAL 701Client version 9.0.1 suffers from an insecure permissions vulnerability.

tags | exploit
SHA-256 | 98c780d8c151eac1f051e4d317f17b2296da9de1759ad6d0d93bec928bcc775c
SOYAL 701Server 9.0.1 Insecure Permissions
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

SOYAL 701Server version 9.0.1 suffers from an insecure permissions vulnerability.

tags | exploit
SHA-256 | 171228adc800c601677edb1f2cba5f4d1ce16c24bc4b7eea04f91c819b71a21d
SOYAL Biometric Access Control System 5.0 Cross Site Request Forgery
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

SOYAL Biometric Access Control System version 5.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 93e556f6e1d9d2300afc6b657f1c1067ff56c303dec1b576e8ad9bba10eaa74c
SOYAL Biometric Access Control System 5.0 Weak Default Credentials
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

The web control panel SOYAL Biometric Access Control System version 5.0 uses a weak set of default administrative credentials (no password) that can be easily guessed in remote password attacks.

tags | exploit, remote, web
SHA-256 | cf5ffc7de99376f5a3ece84fc81ec2a036e2f2d26fee7ffd41cc3181fbb1e3c7
SOYAL Biometric Access Control System 5.0 Master Code Disclosure
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

The controller in SOYAL Biometric Access Control System version 5.0 suffers from a cleartext transmission of sensitive information. This allows interception of the HTTP traffic and disclose the Master code and the Arming code via a man-in-the-middle attack. An attacker can obtain these codes to enter into the controller's Programming mode and bypass physical security controls in place.

tags | exploit, web
SHA-256 | 6f0eb9f532a18e1eeef54655c0a63c7701e9269776744ed835a8c1c721f5b664
VestaCP 0.9.8 Command Injection
Posted Mar 19, 2021
Authored by numan turle

VestaCP version 0.9.8 suffers from a command injection vulnerability.

tags | exploit
SHA-256 | 938b6d6c27f61c9809c0637869f486e2fe7cb522a5ec286367a8f2f9bb53eebb
Eclipse Mosquitto MQTT Broker 2.0.9 Unquoted Service Path
Posted Mar 19, 2021
Authored by Riadh Bouchahoua

Eclipse Mosquitto MQTT broker version 2.0.9 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | efc7cf6ebc4c5db860556ccce0cc12bb6ea219600a360c7c7bf534ac801d97eb
Profiling System For Human Resource Management 1.0 Remote Code Execution
Posted Mar 19, 2021
Authored by Christian Vierschilling

Profiling System for Human Resource Management version 1.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 9c756599edc69f8682b0752bc95b0fb6e0dcbeeca4b9ab9487c21e63a1dbee3f
Ubuntu Security Notice USN-4882-1
Posted Mar 19, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4882-1 - It was discovered that the Ruby JSON gem incorrectly handled certain JSON files. If a user or automated system were tricked into parsing a specially crafted JSON file, a remote attacker could use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Ruby incorrectly handled certain socket memory operations. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2020-10663, CVE-2020-10933, CVE-2020-25613
SHA-256 | 283a88217feec850de336cca9e09f282e9c9a4430901603c938294b461152b82
Boonex Dolphin 7.4.2 Cross Site Scripting
Posted Mar 19, 2021
Authored by Piyush Patil

Boonex Dolphin version 7.4.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3aba4256e8f453adda70e767a176f3f85d033b5f0e8c81fda1e98d36564435c4
Red Hat Security Advisory 2021-0940-01
Posted Mar 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0940-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-29661
SHA-256 | e4eafc7f5a94df38fbe7e1a726f909953539595501cab7782a4bb7e073355a5a
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close