THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
7a2f54980ce44aff0cc047fb75751dbaCisco Adaptive Security Appliance Software version 9.7 unauthenticated arbitrary file deletion exploit.
2053bb9eac204ac9b709cb174adc0f1dThis Python script checks whether the target server is vulnerable to CVE-2020-3452, a vulnerability in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) products that can allow for remote file disclosure.
ce6d90fc11286f40ae29b48e9bcc545dThe installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service. This service will then launch the vulnerable installer component (vpndownloader), which copies itself to an arbitrary location before being executed with system privileges. Since vpndownloader is also vulnerable to DLL hijacking, a specially crafted DLL (dbghelp.dll) is created at the same location vpndownloader will be copied to get code execution with system privileges. This exploit has been successfully tested against Cisco AnyConnect Secure Mobility Client versions 4.5.04029, 4.5.05030 and 4.7.04056 on Windows 10 version 1909 (x64) and Windows 7 SP1 (x86).
0ce466f922be78b19e5b1169c13ef711This Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director versions prior to 6.7.4.0 to leak the administrator's REST API key and execute a Cloupia script containing an arbitrary root command. Note that the primary functionality of this module is to leverage the Cloupia script interpreter to execute code. This functionality is part of the application's intended operation and considered a "foreverday." The authentication bypass and directory traversals only get us there. If you already have an API key, you may set it in the API_KEY option. The LEAK_FILE option may be set if you wish to leak the API key from a different absolute path, but normally this isn't advisable. Tested on Cisco's VMware distribution of 6.7.3.0.
a3283617421910d08a845659be600c53Cisco Digital Network Architecture Center version 1.3.1.4 suffers from a persistent cross site scripting vulnerability.
feb8e9e65a6290bd7cb40a92790b9e16Cisco AnyConnect Secure Mobility Client for Windows version 4.8.01090 suffer from a privilege escalation vulnerability due to insecure handling of path names.
e5a3959bc7c5608c73bf90960397d443Cisco IP Phone version 11.7 denial of service proof of concept exploit.
9ae93c7c36b4741bda68dc135166ed33Cisco Unified Contact Center Express suffers from a privilege escalation vulnerability.
614b86f032bbc9466892166a5a1742b9Cisco Data Center Network Manager version 11.2.1 remote command injection exploit.
f78d9a450e8dddba0757fc613e10da7aCisco Data Center Network Manager version 11.2.1 suffers from a remote SQL injection vulnerability.
e52727f67ec73f54a1870891d9e11891Cisco Data Center Network Manager version 11.2 remote code execution exploit.
ebfd0aee7d0a59ad770e679268463c0eArmis has discovered five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices.
7757dbb411e6c03282748d0e682b3406Debian Linux Security Advisory 4607-1 - Lukas Kupczyk reported a vulnerability in the handling of chunked HTTP in openconnect, an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN. A malicious HTTP server (after having accepted its identity certificate), can provide bogus chunk lengths for chunked HTTP encoding and cause a heap-based buffer overflow.
6cbb058b70a03ea1bda3ffe2cb05aeaaCisco DCNM JBoss version 10.4 suffers from a credential leakage vulnerability.
f2b2bc3ee27fbddf61de2d091386e2bdCisco WLC 2504 version 8.9 suffers from a denial of service vulnerability.
9215aa968b49d3b98e32f665f3d9a9eaDebian Linux Security Advisory 4535-1 - Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code.
43e0fb16ab09b3a1d1e9431d5401b18aThis is a generic arbitrary file overwrite technique, which typically results in remote command execution. This targets a simple yet widespread vulnerability that has been seen affecting a variety of popular products including HP, Amazon, Apache, Cisco, etc. The idea is that often archive extraction libraries have no mitigations against directory traversal attacks. If an application uses it, there is a risk when opening an archive that is maliciously modified, and results in the embedded payload to be written to an arbitrary location (such as a web root), and results in remote code execution.
ff948c64df1f6f021439eaa12e78eb94Cisco Content Security Virtual Appliance M380 IronPort remote cross site host modification demo exploit.
a98fd2e94251ea2edc1d831fe438607dMany Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.
c446ad84eeb90a116264677ada159562Cisco Email Security Virtual Appliance C380 IronPort remote host header injection exploit.
59fdeb6b686e0eb34a78c58ed8e75d61Cisco Email Security Virtual Appliance C300V IronPort remote host header injection exploit.
58c6e4353b033250b2b8241c3f4cd6e3Cisco Content Security Management Virtual Appliance M600V IronPort remote host header injection exploit.
229be091f2335df90cbf4ec41f426693Cisco IronPort C350 remote host header injection exploit.
5d3d449bc480bc3b9513a64b866d4390Cisco Email Security Virtual Appliance C370 IronPort remote host header injection exploit.
250531d59b2fbec5011f1896e26b6647
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed