exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

ActFax 4.31 Local Privilege Escalation
Posted Aug 29, 2012
Authored by Craig Freyman

ActFax version 4.31 local privilege escalation exploit that spawns cmd.exe.

tags | exploit, local
MD5 | ae9567a53527830bd97ba50d5c8c0da8

Related Files

Telus Actiontec T2200H Local Privilege Escalation
Posted Jun 12, 2019
Authored by Andrew Klaus

Telus Actiontec T2200H with firmware T2200H-31.128L.08 suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2019-12789
MD5 | e98dd080d3db4e14385e367484d9e1a8
Telus Actiontec WEB6000Q Serial Number Information Disclosure
Posted Jun 12, 2019
Authored by Andrew Klaus

Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a serial number information disclosure vulnerability. The wireless extenders use DHCP Option 125 to include device details such as model number, manufacturer, and serial number. The WCB6000Q DHCP DISCOVER and REQUEST broadcasts include the device serial number in the DHCP option 125 (subopt 2) field. An attacker on the same Layer 2 network segment as the device, can see all these DHCP requests with a packet capture. Once he or she has this, the device's admin web UI password can be reset using the web UI "forgot password" page to reset to a known value.

tags | exploit, web, info disclosure
MD5 | 98919e01ba7ab243d2822909e16fb308
Telus Actiontec T2200H Serial Number Information Disclosure
Posted Jun 12, 2019
Authored by Andrew Klaus

Telus Actiontec T2200H with firmware T2200H-31.128L.08 suffers from a serial number information disclosure vulnerability. The wireless extenders use DHCP Option 125 to include device details such as model number, manufacturer, and serial number. By forging a special DHCP packet using Option 125, an attacker can obtain the device serial number. Once he or she has this, the device's admin web UI password can be reset using the web UI "forgot password" page to reset to a known value.

tags | exploit, web, info disclosure
MD5 | 42324fc451c05609b2fbdea3411024b0
Telus Actiontec WEB6000Q Denial Of Service
Posted Jun 12, 2019
Authored by Andrew Klaus

Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd webserver. Since there is no watchdog on this daemon, a device reboot is needed to restart the webserver to make any modification to the device.

tags | exploit, denial of service, cgi
MD5 | 61ad8f29ac935743a8389851c8f021d3
Telus Actiontec WEB6000Q Privilege Escalation
Posted Jun 12, 2019
Authored by Andrew Klaus

Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from both local and remote privilege escalation vulnerabilities.

tags | exploit, remote, local, vulnerability
advisories | CVE-2018-15555, CVE-2018-15556, CVE-2018-15557
MD5 | ca74c3825d757d6127b49c81ec399a93
Telus Actiontec T2200H WiFi Credential Disclosure
Posted Jun 12, 2019
Authored by Andrew Klaus

Telus Actiontec T2200H with firmware T2200H-31.128L.08 suffers from a credential disclosure vulnerability. An HTTP interface used by wireless extenders to pull the modem's wifi settings uses DHCP client-provided option values to restrict access to this API. By forging DHCP packets, one can access this interface without any authentication and obtain details such as SSID name, encryption type, and WPA/WEP keys. This can be leveraged if an attacker is on the same Layer 2 network as the modem.

tags | exploit, web, info disclosure
MD5 | 7d7e81d23de02a98e1889f1143a3a092
ActivePDF Toolkit Code Execution
Posted Feb 27, 2018
Authored by Francois Goichon

ActivePDF Toolkit versions prior to 8.1.0 suffer from multiple code execution vulnerabilities.

tags | exploit, vulnerability, code execution
advisories | CVE-2018-7264
MD5 | 63ce9599e9a3f793133d10673c89b97b
Actiontec C1000A Modem Backdoor Account
Posted Nov 7, 2017
Authored by Joseph McDonagh

The Actiontec C1000A modem has a hard-coded backdoor admin account.

tags | exploit
MD5 | 9b26731e44af5a8e6e15a0558e3e6416
Actiontec WCB3000N 0.16.2.5 Privilege Escalation
Posted Nov 7, 2016
Authored by Andrew Klaus

Actiontec WCB3000N with firmware version 0.16.2.5 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 5e0ed3c59094d18541b0dc20edb37d78
Actiontec T2200H Remote Reverse Root Shell
Posted Aug 16, 2016
Authored by Andrew Klaus

Actiontec T2200H allows for command injection that provides a remote root reverse shell.

tags | exploit, remote, shell, root
MD5 | 9489a774d63572ecee9b06a196dac3fd
Active Super Shop 1.0 Cross Site Scripting
Posted Jul 19, 2015
Authored by Angelo Ruwantha

Active Super Shop version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 281713553dcc4ced0d63153eac1909aa
ActualAnalyzer 'ant' Cookie Command Execution
Posted Dec 15, 2014
Authored by Benjamin Harris | Site metasploit.com

This Metasploit module exploits a command execution vulnerability in ActualAnalyzer version 2.81 and prior. The 'aa.php' file allows unauthenticated users to execute arbitrary commands in the 'ant' cookie.

tags | exploit, arbitrary, php
MD5 | 3c92744bfb5c441286f93fcde50d36e3
ActualAnalyzer Remote Command Execution
Posted Aug 28, 2014
Authored by Benjamin Harris

ActualAnalyzer remote command execution exploit that leverages an eval.

tags | exploit, remote
MD5 | 3df62c9ba5621917a524f1632b1ad4b2
Act Insufficient Authorization
Posted Sep 1, 2013
Authored by MustLive

Act conference software suffers from having insufficient authorization checks in place.

tags | advisory
MD5 | a5ac30df9567f9dfa52ebca0bd329037
ActFax 5.01 RAW Server Buffer Overflow
Posted Mar 26, 2013
Authored by corelanc0d3r, Craig Freyman, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW Server can be used to transfer fax messages without any underlying protocols. To note significant fields in the fax being transferred, like the fax number or the recipient, ActFax data fields can be used. This Metasploit module exploits a buffer overflow in the handling of the @F506 fields due to the insecure usage of strcpy. This Metasploit module has been tested successfully on ActFax 5.01 over Windows XP SP3 (English).

tags | exploit, overflow, protocol
systems | windows, xp
advisories | OSVDB-89944
MD5 | cded5f4f56c57b9c3f4c1bb89e73d638
Secunia Security Advisory 52096
Posted Feb 8, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in ActiveFax (ActFax), which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
MD5 | 51c1359ee6c596ca16ceac20e7342e71
ActFax 5.01 RAW Server Buffer Overflow
Posted Feb 6, 2013
Authored by corelanc0d3r, Craig Freyman | Site metasploit.com

This Metasploit module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW Server can be used to transfer fax messages to the fax server without any underlying protocols. To note significant fields in the fax being transfered, like fax number and recipient, you can use ActFax data fields. @F506,@F605, and @F000 are all data fields that are vulnerable. This has been fixed in a beta version which will not be pushed to release until May 2013.

tags | exploit, protocol
MD5 | 4bf23d489c0d688f65c9f79f71d2b939
Action Pack DoS / SQL Injection / Code Execution
Posted Jan 8, 2013
Authored by Jonathan Rudenberg, Ben Murphy, Bryan Helmkamp, Magnus Holm, Charlie Somerville, Aaron Patterson, Darcy Laycock, Benoist Claassen, Felix Wilhelm

There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a denial of service attack on a Rails application.

tags | advisory, denial of service, arbitrary, sql injection, ruby
advisories | CVE-2013-0156
MD5 | 85e44204ba7170674ab3b48f8e9aa554
ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow
Posted Sep 7, 2012
Authored by Craig Freyman, juan vazquez, Brandon Perry | Site metasploit.com

This Metasploit module exploits a vulnerability in ActiveFax Server. The vulnerability is a stack based buffer overflow in the "Import Users from File" function, due to the insecure usage of strcpy while parsing the csv formatted file. The module creates a .exp file that must be imported with ActiveFax Server. The module has been tested successfully on ActFax Server 4.32 over Windows XP SP3 and Windows 7 SP1. In the Windows XP case, when ActFax runs as a service, it will execute as SYSTEM.

tags | exploit, overflow
systems | windows, xp, 7
MD5 | 3d493b320b659b926b9c741afb1512b5
Active Collab "chat module" 2.3.8 Remote PHP Code Injection
Posted May 22, 2012
Authored by mr_me | Site metasploit.com

This Metasploit module exploits an arbitrary code injection vulnerability in the chat module that is part of Active Collab by abusing a preg_replace() using the /e modifier and its replacement string using double quotes. The vulnerable function can be found in activecollab/application/modules/chat/functions/html_to_text.php.

tags | exploit, arbitrary, php
advisories | OSVDB-81966
MD5 | bb5dd6f386c14e61316d4ebca6557bff
Actuality Of SMBRelay In Modern Windows Networks
Posted Apr 28, 2012
Authored by Ares

Whitepaper called Actuality of SMBRelay in Modern Windows Networks.

tags | paper
systems | windows
MD5 | 81653f8d5eb1f2a90fee0f43369d9388
ActivaDigital Cross Site Scripting
Posted Apr 4, 2012
Authored by the_cyber_nuxbie

ActivaDigital suffers from persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 9808bbcc76e375ca070408f6dfa7498a
ActivaDigital SQL Injection
Posted Mar 9, 2012
Authored by the_cyber_nuxbie

ActivaDigital suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 72e690dd7a7117a6517367c57fcd47a3
Actfax FTP Server 4.27 USER Command Stack Buffer Overflow
Posted Jul 31, 2011
Authored by mr_me | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Actfax FTP Server versions 4.27 and earlier. Actfax fails to check input size when parsing 'USER' command. This vulnerability results in arbitrary code execution. This Metasploit module has been designed to bypass DEP under Windows Server 2003 SP2/R2.

tags | exploit, overflow, arbitrary, code execution
systems | windows
advisories | OSVDB-72520
MD5 | 96b332c42a81990ce381082e243afd07
Activart SQL Injection
Posted Jul 7, 2011
Authored by Kalashinkov3

Activart suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 17f873e914b9c954e0626bf7cf9fe193
Page 1 of 4
Back1234Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    14 Files
  • 23
    Oct 23rd
    3 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    33 Files
  • 26
    Oct 26th
    27 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close