THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
1a28f064763f9144f8ec574416a56ef51c0ab1ae2276e35a89ceed4f594ec5d2Cisco UCS Manager version 2.2(1d) remote command execution exploit. An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.
f3fab9befb8e7cbad15afa31a69504a465f274122e534cebcbde38a7d8f6288eCisco RV110W version 1.2.1.7 vpn_account denial of service proof of concept exploit.
d17a98598deaf9e49e4b5b6d4987373b9fff15aa4200a8930baafc922e80ba62Cisco ASA version 9.14.1.10 and FTD version 6.6.0.1 path traversal exploit. Original discovery of this vulnerability is attributed to 3ndG4me in October of 2020.
dfe0fcf7f0c733ce87bf53173ca792e20086cc5828ba3e9907aa3993b08bf8feCisco 7937G suffers from denial of service and privilege escalation vulnerabilities.
1a85b1824e9e138ebbade8a3b9f4aa8efdff5e15d8a48bb3135fca92e2eff047Cisco ASA and FTD version 9.6.4.42 suffer from a path traversal vulnerability.
dbeb67abac718b9d4521c2ea7ce46740e7ea1eaa75cf4abed2e9f85cfff2fec7The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.9.00086 is vulnerable to a DLL hijacking and allows local attackers to execute code on the affected machine with with system level privileges. Both attacks consist in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service.
74ae12d312c6c46fa9f122b2a106d803de515d0b707dfe34720c066dd56a2680Two denial of service exploits for Cisco 7937G versions SIP-1-4-5-7 and below.
6329ae271427ebdd4aca842b16c5bf3f67949255d490ea35dafca48866d48d98Cisco 7947G versions SIP-1-4-5-7 and below privilege escalation exploit.
34708347a6cf94b31172406fb4db70445cf77dffd562fe392a73bb2f32ce2da0This exploit is an all-in-one tool that leverages vulnerabilities described in CVE-2020-16139, CVE-2020-16138, and CVE-2020-16137 against Cisco 7937G devices versions SIP-1-4-5-7 and below.
7724dcf86fe3eda058a8dbe264a07cb05296015350554358dc98f2cdd4cc6be1THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
ce08a5148c0ae5ff4b0a4af2f7f15c5946bc939a57eae1bbb6dda19f34410273Cisco Adaptive Security Appliance Software version 9.7 unauthenticated arbitrary file deletion exploit.
9bff9df7bc31ade0ee6b87d153b448191f71eeb26ef4d1d4589e805582f16722This Python script checks whether the target server is vulnerable to CVE-2020-3452, a vulnerability in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) products that can allow for remote file disclosure.
f3d076dbbf728c5d5918c4039d0eaa629b5d9f90b1358b60f76542b5b020352cThe installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service. This service will then launch the vulnerable installer component (vpndownloader), which copies itself to an arbitrary location before being executed with system privileges. Since vpndownloader is also vulnerable to DLL hijacking, a specially crafted DLL (dbghelp.dll) is created at the same location vpndownloader will be copied to get code execution with system privileges. This exploit has been successfully tested against Cisco AnyConnect Secure Mobility Client versions 4.5.04029, 4.5.05030 and 4.7.04056 on Windows 10 version 1909 (x64) and Windows 7 SP1 (x86).
b6d44c2b494378ff342fef57be9d4be4564327103eadabb01ff166ae6dae9bffThis Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director versions prior to 6.7.4.0 to leak the administrator's REST API key and execute a Cloupia script containing an arbitrary root command. Note that the primary functionality of this module is to leverage the Cloupia script interpreter to execute code. This functionality is part of the application's intended operation and considered a "foreverday." The authentication bypass and directory traversals only get us there. If you already have an API key, you may set it in the API_KEY option. The LEAK_FILE option may be set if you wish to leak the API key from a different absolute path, but normally this isn't advisable. Tested on Cisco's VMware distribution of 6.7.3.0.
e1a3270999313093f5713647237e1d7494e0c1bc022d9a26053bf23d8ac80fe3Cisco Digital Network Architecture Center version 1.3.1.4 suffers from a persistent cross site scripting vulnerability.
b79e78cd34f779177fdeb2527036085286faae53fc72ed9b3b21853e608b7b38Cisco AnyConnect Secure Mobility Client for Windows version 4.8.01090 suffer from a privilege escalation vulnerability due to insecure handling of path names.
8ee614424eee5c4644b331ca89e2c2afc6470c9c8941cb5e0f7d3280686ef76cCisco IP Phone version 11.7 denial of service proof of concept exploit.
91023709bd06cb09c03533c7926183d762565f1ac3417ed227ca0ea133cc7045Cisco Unified Contact Center Express suffers from a privilege escalation vulnerability.
3b4a032f286a08e996bc7bfa0eaa2fdd87978080ffb2a1d130af4339afc53464Cisco Data Center Network Manager version 11.2.1 remote command injection exploit.
1dc9300d9c7a69f0cd8ed3652186c6007a1037f37260630af559930e809062ceCisco Data Center Network Manager version 11.2.1 suffers from a remote SQL injection vulnerability.
437d8b420db1eec19289d0c053fae436486c42eacf69e291ee0cf8ca705ad269Cisco Data Center Network Manager version 11.2 remote code execution exploit.
74fa98093de0741d04ea7ad307c9b37d10281f82652869e8958f8e6740e6396cArmis has discovered five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices.
5e3050fbeb1f22ebf589d261aab1741e8ff40e062b5d1b2a93dee1b7c870f8c4Debian Linux Security Advisory 4607-1 - Lukas Kupczyk reported a vulnerability in the handling of chunked HTTP in openconnect, an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN. A malicious HTTP server (after having accepted its identity certificate), can provide bogus chunk lengths for chunked HTTP encoding and cause a heap-based buffer overflow.
4f4e3fff7bd0509ce1ac161fec38bfda002f9e838f665c2090308e3d7194c086Cisco DCNM JBoss version 10.4 suffers from a credential leakage vulnerability.
2e290ed0460d004995aa5c6beda5de80054af8fec723414b381b7f8d67e3a1a2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed