exploit the possibilities
Showing 1 - 25 of 57 RSS Feed

Files

Citrix XenDesktop, XenServer, Receiver 5.6 SP2 Pass-The-Hash
Posted Dec 15, 2011
Authored by vtek63

Citrix XenDesktop, XenServer, Receiver version 5.6 SP2 suffer from a pass-the-hash attack vulnerability due to not using SSL.

tags | exploit
MD5 | dad36359a82bbd34ae50a240d2153210

Related Files

Citrix ADC NetScaler Local File Inclusion
Posted Nov 13, 2020
Authored by Donny Maasland, Ramella Sebastien | Site metasploit.com

This Metasploit module exploits a local file inclusion vulnerability in Citrix ADC Netscaler.

tags | exploit, local, file inclusion
advisories | CVE-2020-8193, CVE-2020-8195, CVE-2020-8196
MD5 | d988d9b9c395233084520c1b63a93177
Red Hat Security Advisory 2020-4136-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4136-01 - Updated to the latest version of the git-python library to no longer cause certain jobs to fail Updated to the latest version of the ovirt.ovirt collection to no longer cause connections to hang when syncing inventory from oVirt/RHV Added a number of optimizations to Ansible Tower's callback receiver to improve the speed of stdout processing for simultaneous playbooks runs Added an optional setting to disable the auto-creation of organizations and teams on successful SAML login Fixed an XSS vulnerability Fixed a slow memory leak in the Daphne process Fixed Automation Analytics data gathering to no longer fail for customers with large datasets Fixed scheduled jobs that run every X minute or hour to no longer fail to run at the proper time Fixed delays in Ansible Tower's task manager when large numbers of simultaneous jobs are scheduled Fixed the performance for playbooks that store large amounts of data using the set_stats module Fixed the awx-manage remove_from_queue tool when used with isolated nodes Fixed an issue that prevented jobs from being properly marked as canceled when Tower is backed up and then restored to another environment. Issues addressed include cross site scripting and memory leak vulnerabilities.

tags | advisory, vulnerability, xss, memory leak, python
systems | linux, redhat
advisories | CVE-2020-14365, CVE-2020-25626
MD5 | 8977804739e07e02ceca0a77e1313fd0
HP ThinPro 6.x / 7.x Citrix Command Injection
Posted Mar 25, 2020
Authored by Eldar Marcussen

HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a Citrix receiver connection wrapper command injection vulnerability.

tags | exploit
advisories | CVE-2019-18909
MD5 | 301879be06768cb2bb289a3ce523bf8d
Ubuntu Security Notice USN-4268-1
Posted Feb 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4268-1 - It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could use this vulnerability to execute arbitrary commands as root.

tags | advisory, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2020-7247
MD5 | 790d961de63720b957664ca4b2256e8b
Citrix XenMobile Server 10.8 XML Injection
Posted Jan 22, 2020
Authored by Jonas Lejon

Citrix XenMobile Server version 10.8 suffers from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2018-10653
MD5 | 98dfa95366d3218a5c4e705da6798a5c
Citrix ADC (NetScaler) Directory Traversal / Remote Code Execution
Posted Jan 14, 2020
Authored by Ramella Sebastien, Project Zero India | Site metasploit.com

This Metasploit module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command payload.

tags | exploit, arbitrary
advisories | CVE-2019-19781
MD5 | 4ddb7070438e963bf4a9bf8ddfe94f31
Citrix Application Delivery Controller / Gateway 10.5 Remote Code Execution
Posted Jan 13, 2020
Authored by Ramella Sebastien | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in Citrix Application Delivery Controller and Gateway version 10.5.

tags | exploit, remote, code execution
advisories | CVE-2019-19781
MD5 | 0521b7bfb5737ab53010085ec74a7034
Citrix Application Delivery Controller / Gateway Remote Code Execution / Traversal
Posted Jan 11, 2020
Authored by David Kennedy, Rob Simon

Citrix Application Delivery Controller and Citrix Gateway directory traversal remote code execution exploit.

tags | exploit, remote, code execution, file inclusion
advisories | CVE-2019-19781
MD5 | 6ccda56008adbf264c48830e112e414f
Citrix Application Delivery Controller / Gateway Remote Code Execution
Posted Jan 11, 2020
Authored by Project Zero India

Citrix Application Delivery Controller and Citrix Gateway remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2019-19781
MD5 | d66a21078f9eb16928f3695e481e9298
Citrix StoreFront Server 7.15 XML Injection
Posted Oct 30, 2019
Authored by Vahagn Vardanya

Citrix StoreFront Server version 7.15 suffers from an XML external entity injection vulnerability.

tags | exploit
MD5 | 6f5c1fba04bb7a0d33f77002aebcad77
ABUS Secvest 3.01.01 Unchecked Message Transmission Error Condition
Posted Jul 27, 2019
Authored by Matthias Deeg, Thomas Detert

Thomas Detert found out that the jamming detection of the ABUS alarm central does not detect short jamming signals that are shorter than normal ABUS RF messages. Thus, an attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion. Version 3.01.01 is affected.

tags | advisory, remote
advisories | CVE-2019-14261
MD5 | 76815f6211ebd7667925f44206c9f69c
Citrix SD-WAN Appliance 10.2.2 Authentication Bypass / Remote Command Execution
Posted Jul 15, 2019
Authored by Chris Lyne

Citrix SD-WAN Appliance version 10.2.2 suffers from authentication bypass and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, bypass
advisories | CVE-2019-12989, CVE-2019-12991
MD5 | 1c552352db4cb01f5841843a21926509
Fujitsu LX901 GK900 Keystroke Injection
Posted Mar 15, 2019
Authored by Matthias Deeg

SySS GmbH found out that the wireless desktop set Fujitsu LX901 is vulnerable to keystroke injection attacks by sending unencrypted data packets with the correct packet format to the receiver (USB dongle).

tags | advisory
MD5 | be5d36b96d4f2705e625f64190c28a98
Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
Posted Oct 23, 2018
Authored by Sergey Gordeychik, Denis Kolegov, Nikita Oleksov, Nikolay Tkachenko, Oleg Broslavsky

The management interfaces of Citrix NetScaler SD-WAN physical appliances and virtual appliances suffer from command injection, information exposure, incorrect access control, IP spoofing, remote SQL injection, and directory traversal vulnerabilities.

tags | advisory, remote, spoof, vulnerability, sql injection, file inclusion
advisories | CVE-2012-2104, CVE-2016-4793, CVE-2018-17444, CVE-2018-17445, CVE-2018-17446, CVE-2018-17447, CVE-2018-17448
MD5 | b27e1af5d9f4b9be4c08566bac90e203
WebRTC FEC Processing Overflow
Posted Jul 31, 2018
Authored by Google Security Research, natashenka

There are several calls to memcpy that can overflow the destination buffer in webrtc::UlpfecReceiverImpl::AddReceivedRedPacket. The method takes a parameter incoming_rtp_packet, which is an RTP packet with a mac length that is defined by the transport (2048 bytes for DTLS in Chrome). This packet is then copied to the received_packet in several locations in the method, depending on packet properties, using the lenth of the incoming_rtp_packet as the copy length. The received_packet is a ForwardErrorCorrection::ReceivedPacket, which has a max size of 1500. Therefore, the memcpy calls in this method can overflow this buffer.

tags | exploit, overflow
MD5 | 066c20eaa37c60242f60e28957ecc367
Chrome V8 JIT NodeProperties::InferReceiverMaps Type Confusion
Posted Apr 21, 2018
Authored by Google Security Research, lokihardt

Chrome V8 JIT suffers from a NodeProperties::InferReceiverMaps type confusion vulnerability.

tags | exploit
MD5 | d8ca369d4de256bff5cc0437ef5167b1
Asterisk Project Security Advisory - AST-2017-012
Posted Dec 14, 2017
Authored by Joshua Colp, Tzafrir Cohen, Vitezslav Novy | Site asterisk.org

Asterisk Project Security Advisory - If a compound RTCP packet is received containing more than one report (for example a Receiver Report and a Sender Report) the RTCP stack will incorrectly store report information outside of allocated memory potentially causing a crash.

tags | advisory
MD5 | d33abf8cba4f7b05dabb7516ee12b675
TempestSDR RTL-SDR Fork
Posted Nov 28, 2017
Authored by rtl-sdr, Martin Marinov | Site github.com

This project is a software toolkit for remotely eavesdropping video monitors using a Software Defined Radio (SDR) receiver. It exploits compromising emanations from cables carrying video signals. Raster video is usually transmitted one line of pixels at a time, encoded as a varying current. This generates an electromagnetic wave that can be picked up by an SDR receiver. The software maps the received field strength of a pixel to a gray-scale shade in real-time. This forms a false colour estimate of the original video signal. The toolkit uses unmodified off-the-shelf hardware which lowers the costs and increases mobility compared to existing solutions. It allows for additional post-processing which improves the signal-to-noise ratio. The attacker does not need to have prior knowledge about the target video display. All parameters such as resolution and refresh rate are estimated with the aid of the software. The software consists of a library written in C, a collection of plug-ins for various Software Define Radio (SDR) front-ends and a Java based Graphical User Interface (GUI). It is a multi-platform application, with all native libraries pre-compiled and packed into a single Java jar file. This forked variant of the original contains an updated Makefile to support Windows with ExtIO interfaces.

tags | tool, java
systems | windows
MD5 | 7268b9390d5f385f817cf0264ef9b197
PTP-RAT Screen Share Proof Of Concept
Posted Nov 9, 2017
Authored by Alan Monie | Site github.com

PTP-RAT is a proof of concept that allows data theft via screen-share protocols. Each screen flash starts with a header. This contains a magic string, "PTP-RAT-CHUNK" followed by a sequence number. When the receiver is activated, it starts taking screenshots at twice the transmission frequency (the Nyquist rate). When it detects a valid header, it decodes the pixel colour information and waits on the next flash. As soon as a valid header is not detected, it reconstructs all the flashes and saves the result to a file. To transfer a file, you run an instance of the Rat locally on your hacktop, and set that up as a receiver. Another instance is run on the remote server and this acts as a sender. You simply click on send file, and select a file to send. The mouse pointer disappears and the screen begins to flash as the file is transmitted via the pixel colour values. At the end of the transfer, a file-save dialog appears on the receiver, and the file is saved.

tags | tool, remote, protocol, rootkit, proof of concept
MD5 | a9f22c83ef28df19417af14c266ee39a
TempestSDR Remote Video Eavesdropping
Posted Sep 29, 2017
Authored by Martin Marinov | Site github.com

This project is a software toolkit for remotely eavesdropping video monitors using a Software Defined Radio (SDR) receiver. It exploits compromising emanations from cables carrying video signals. Raster video is usually transmitted one line of pixels at a time, encoded as a varying current. This generates an electromagnetic wave that can be picked up by an SDR receiver. The software maps the received field strength of a pixel to a gray-scale shade in real-time. This forms a false colour estimate of the original video signal. The toolkit uses unmodified off-the-shelf hardware which lowers the costs and increases mobility compared to existing solutions. It allows for additional post-processing which improves the signal-to-noise ratio. The attacker does not need to have prior knowledge about the target video display. All parameters such as resolution and refresh rate are estimated with the aid of the software. The software consists of a library written in C, a collection of plug-ins for various Software Define Radio (SDR) front-ends and a Java based Graphical User Interface (GUI). It is a multi-platform application, with all native libraries pre-compiled and packed into a single Java jar file.

tags | tool, java
MD5 | f470e63a025546e815f897d18d2e6a62
Citrix SD-WAN 9.1.2.26.561201 Remote Command Injection
Posted Jul 19, 2017
Authored by Russell Sanford

Citrix SD-WAN version 9.1.2.26.561201 logout cookie pre-authentication remote command injection exploit.

tags | exploit, remote
MD5 | ef406c56f17330fc66b94fbd4fbe376a
Qualcomm Assisted-GPS Data Insecure Transmission
Posted Dec 6, 2016
Site wwws.nightwatchcybersecurity.com

Assisted GPS/GNSS data provided by Qualcomm for compatible receivers is often being served over HTTP without SSL. Additionally many of these files do not provide a digital signature to ensure that data was not tampered in transit. This can allow a network-level attacker to mount a MITM attack and modify the data while in transit. While HTTPS and digitally-signed files are both available, they are newer and not widely used yet.

tags | advisory, web
advisories | CVE-2016-5341
MD5 | 98b82d4165ffabe1b7e9b0064330aca1
Citrix Receiver / Receiver Desktop Lock 4.5 Authentication Bypass
Posted Nov 2, 2016
Authored by Rithwik Jayasimha

Citrix Receiver / Receiver Desktop Lock version 4.5 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 69f1c763c70ec616c69b0cf5028835ca
Citrix Netscaler 11.0 Build 64.35 Cross Site Scripting
Posted May 27, 2016
Authored by Dr. Daniel Schliebner

The login page of the Citrix Netscaler Gateway web front-end is vulnerable to a DOM-based cross site scripting (XSS) vulnerability due to improper sanitization of the content of the "NSC_TMAC" cookie.

tags | exploit, web, xss
advisories | CVE-2016-4945
MD5 | 7fd954e4ba1557ede715df01dfcc253f
innovaphone IP222 11r2 sr9 Download Denial Of Service
Posted Mar 24, 2016
Authored by Sven Freund

At startup the innovaphone IP222 sends an HTTP request for a special PNG file to the involved server system. After the download has finished, the image is displayed on the phone by selecting the receiver screen in the menu. Providing a large image file (6.9 MB) within the download process and selecting the receiver screen on the phone will lead to a crash of the application and cause a denial of service condition. Remote code execution via this security vulnerability may also be possible, but was not confirmed by the SySS GmbH.

tags | exploit, remote, web, denial of service, code execution
MD5 | badbdfb0296507727dfaf5488f0ac0fe
Page 1 of 3
Back123Next

File Archive:

November 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    19 Files
  • 2
    Nov 2nd
    25 Files
  • 3
    Nov 3rd
    8 Files
  • 4
    Nov 4th
    7 Files
  • 5
    Nov 5th
    24 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    106 Files
  • 11
    Nov 11th
    19 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    12 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    12 Files
  • 19
    Nov 19th
    4 Files
  • 20
    Nov 20th
    2 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    14 Files
  • 24
    Nov 24th
    19 Files
  • 25
    Nov 25th
    4 Files
  • 26
    Nov 26th
    1 Files
  • 27
    Nov 27th
    4 Files
  • 28
    Nov 28th
    1 Files
  • 29
    Nov 29th
    11 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close