what you don't know can hurt you
Showing 1 - 25 of 1,884 RSS Feed

Operating System: Cisco

Cisco Data Center Network Manager 11.2.1 Command Injection
Posted Feb 6, 2020
Authored by mr_me

Cisco Data Center Network Manager version 11.2.1 remote command injection exploit.

tags | exploit, remote
systems | cisco
advisories | CVE-2019-15977, CVE-2019-15978
MD5 | f78d9a450e8dddba0757fc613e10da7a
Cisco Data Center Network Manager 11.2.1 SQL Injection
Posted Feb 6, 2020
Authored by mr_me

Cisco Data Center Network Manager version 11.2.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
systems | cisco
advisories | CVE-2019-15976, CVE-2019-15984
MD5 | e52727f67ec73f54a1870891d9e11891
Cisco Data Center Network Manager 11.2 Remote Code Execution
Posted Feb 6, 2020
Authored by mr_me

Cisco Data Center Network Manager version 11.2 remote code execution exploit.

tags | exploit, remote, code execution
systems | cisco
advisories | CVE-2019-15975
MD5 | ebfd0aee7d0a59ad770e679268463c0e
Cisco Discovery Protocol (CDP) Remote Device Takeover
Posted Feb 5, 2020
Authored by Barak Hadad, Yuval Sarel, Ben Seri | Site armis.com

Armis has discovered five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices.

tags | advisory, remote, vulnerability, protocol
systems | cisco
advisories | CVE-2020-3110, CVE-2020-3111, CVE-2020-3118, CVE-2020-3119, CVE-2020-3120
MD5 | 7757dbb411e6c03282748d0e682b3406
Debian Security Advisory 4607-1
Posted Jan 20, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4607-1 - Lukas Kupczyk reported a vulnerability in the handling of chunked HTTP in openconnect, an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN. A malicious HTTP server (after having accepted its identity certificate), can provide bogus chunk lengths for chunked HTTP encoding and cause a heap-based buffer overflow.

tags | advisory, web, overflow
systems | cisco, linux, debian
advisories | CVE-2019-16239
MD5 | 6cbb058b70a03ea1bda3ffe2cb05aeaa
Cisco DCNM JBoss 10.4 Credential Leakage
Posted Jan 8, 2020
Authored by Harrison Neal

Cisco DCNM JBoss version 10.4 suffers from a credential leakage vulnerability.

tags | exploit, info disclosure
systems | cisco
advisories | CVE-2019-15999
MD5 | f2b2bc3ee27fbddf61de2d091386e2bd
Cisco WLC 2504 8.9 Denial Of Service
Posted Dec 4, 2019
Authored by SecuNinja

Cisco WLC 2504 version 8.9 suffers from a denial of service vulnerability.

tags | exploit, denial of service
systems | cisco
advisories | CVE-2019-15276
MD5 | 9215aa968b49d3b98e32f665f3d9a9ea
Debian Security Advisory 4535-1
Posted Sep 29, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4535-1 - Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | cisco, linux, debian
advisories | CVE-2019-5094
MD5 | 43e0fb16ab09b3a1d1e9431d5401b18a
Generic Zip Slip Traversal
Posted Sep 12, 2019
Authored by sinn3r, Snyk | Site metasploit.com

This is a generic arbitrary file overwrite technique, which typically results in remote command execution. This targets a simple yet widespread vulnerability that has been seen affecting a variety of popular products including HP, Amazon, Apache, Cisco, etc. The idea is that often archive extraction libraries have no mitigations against directory traversal attacks. If an application uses it, there is a risk when opening an archive that is maliciously modified, and results in the embedded payload to be written to an arbitrary location (such as a web root), and results in remote code execution.

tags | exploit, remote, web, arbitrary, root, code execution
systems | cisco
MD5 | ff948c64df1f6f021439eaa12e78eb94
Cisco Content Security Virtual Appliance M380 IronPort Remote Cross Site Host Modification
Posted Sep 9, 2019
Authored by Todor Donev

Cisco Content Security Virtual Appliance M380 IronPort remote cross site host modification demo exploit.

tags | exploit, remote
systems | cisco
MD5 | a98fd2e94251ea2edc1d831fe438607d
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
Posted Sep 4, 2019
Authored by T. Weber | Site sec-consult.com

Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.

tags | exploit, vulnerability
systems | cisco
advisories | CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-1472, CVE-2015-5277, CVE-2015-7547, CVE-2015-8778, CVE-2015-8779, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2016-6301, CVE-2017-1000366, CVE-2017-16544, CVE-2018-20679, CVE-2019-5747
MD5 | c446ad84eeb90a116264677ada159562
Cisco Email Security Virtual Appliance C380 IronPort Header Injection
Posted Sep 4, 2019
Authored by Todor Donev

Cisco Email Security Virtual Appliance C380 IronPort remote host header injection exploit.

tags | exploit, remote
systems | cisco
MD5 | 59fdeb6b686e0eb34a78c58ed8e75d61
Cisco Email Security Virtual Appliance C300V IronPort Header Injection
Posted Sep 4, 2019
Authored by Todor Donev

Cisco Email Security Virtual Appliance C300V IronPort remote host header injection exploit.

tags | exploit, remote
systems | cisco
MD5 | 58c6e4353b033250b2b8241c3f4cd6e3
Cisco Content Security Management Virtual Appliance M600V IronPort Header Injection
Posted Sep 4, 2019
Authored by Todor Donev

Cisco Content Security Management Virtual Appliance M600V IronPort remote host header injection exploit.

tags | exploit, remote
systems | cisco
MD5 | 229be091f2335df90cbf4ec41f426693
Cisco IronPort C350 Header Injection
Posted Sep 3, 2019
Authored by Todor Donev

Cisco IronPort C350 remote host header injection exploit.

tags | exploit, remote
systems | cisco
MD5 | 5d3d449bc480bc3b9513a64b866d4390
Cisco Email Security Virtual Appliance C370 IronPort Header Injection
Posted Sep 3, 2019
Authored by Todor Donev

Cisco Email Security Virtual Appliance C370 IronPort remote host header injection exploit.

tags | exploit, remote
systems | cisco
MD5 | 250531d59b2fbec5011f1896e26b6647
Cisco Email Security Virtual Appliance C600V IronPort Header Injection
Posted Sep 3, 2019
Authored by Todor Donev

Cisco Email Security Virtual Appliance C600V IronPort remote host header injection exploit.

tags | exploit, remote
systems | cisco
MD5 | fb41282af3b637cdf7710214c3675f01
Cisco C690 Email Security Appliance 11.0.2-044 IronPort Header Injection
Posted Sep 3, 2019
Authored by Todor Donev

Cisco C690 Email Security Appliance version 11.0.2-044 IronPort remote host header injection exploit.

tags | exploit, remote
systems | cisco
MD5 | 01e124610488c96055cc20617b17d833
Cisco Email Security Virtual Appliance C100V IronPort Header Injection
Posted Sep 3, 2019
Authored by Todor Donev

Cisco Email Security Virtual Appliance C100V IronPort remote host header injection exploit.

tags | exploit, remote
systems | cisco
MD5 | 483058c8b4dc3d3438f5659205199510
Cisco C170 Email Security Appliance 10.0.3-003 IronPort Header Injection
Posted Sep 3, 2019
Authored by Todor Donev

Cisco C170 Email Security Appliance version 10.0.3-003 IronPort remote host header injection exploit.

tags | exploit, remote
systems | cisco
MD5 | 4cf229797e034faae84bece5e94cfe54
Cisco M1070 Content Security Management Appliance IronPort Header Injection
Posted Sep 3, 2019
Authored by Todor Donev

Cisco M1070 Content Security Management Appliance IronPort remote host header injection exploit.

tags | exploit, remote
systems | cisco
MD5 | ec4e8152d383453c9248650b56aa9185
Cisco UCS Director Unauthenticated Remote Code Execution
Posted Sep 2, 2019
Authored by Pedro Ribeiro | Site metasploit.com

The Cisco UCS Director virtual appliance contains two flaws that can be combined and abused by an attacker to achieve remote code execution as root. The first one, CVE-2019-1937, is an authentication bypass, that allows the attacker to authenticate as an administrator. The second one, CVE-2019-1936, is a command injection in a password change form, that allows the attacker to inject commands that will execute as root. This module combines both vulnerabilities to achieve the unauthenticated command injection as root. It has been tested with Cisco UCS Director virtual machines 6.6.0 and 6.7.0. Note that Cisco also mentions in their advisory that their IMC Supervisor and UCS Director Express are also affected by these vulnerabilities, but this module was not tested with those products.

tags | exploit, remote, root, vulnerability, code execution
systems | cisco
advisories | CVE-2019-1936, CVE-2019-1937
MD5 | a147290750eba4c14c3f5dfe91e25f2a
Cisco UCS Director Default scpuser Password
Posted Sep 2, 2019
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module abuses a known default password on Cisco UCS Director. The 'scpuser' has the password of 'scpuser', and allows an attacker to login to the virtual appliance via SSH. This module has been tested with Cisco UCS Director virtual machines 6.6.0 and 6.7.0. Note that Cisco also mentions in their advisory that their IMC Supervisor and UCS Director Express are also affected by these vulnerabilities, but this module was not tested with those products.

tags | exploit, vulnerability
systems | cisco
advisories | CVE-2019-1935
MD5 | 119059667e4c122ab82b873c814ccde3
Cisco RV110W / RV130(W) / RV215W Remote Command Execution
Posted Sep 2, 2019
Authored by Quentin Kaiser, Yu Zhang, T. Shiomitsu, Haoliang Lu | Site metasploit.com

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected. Note: successful exploitation may not result in a session, and as such, on_new_session will never repair the HTTP server, leading to a denial-of-service condition.

tags | exploit, remote, web, arbitrary
systems | cisco
advisories | CVE-2019-1663
MD5 | f2ecfadb9d5292bc0aad449c38fa7ae1
Cisco IronPort C150 Header Injection
Posted Sep 2, 2019
Authored by Todor Donev

Cisco IronPort C150 suffers from a remote host header injection vulnerability.

tags | exploit, remote
systems | cisco
MD5 | feac5342eb54086bd1e887565be25065
Page 1 of 76
Back12345Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close