exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

QNAP QTS 4.2.1 Build 20160601 Arbitrary File Overwrite
Posted Aug 18, 2016
Authored by Sebastian Nerz | Site syss.de

QNAP QTS version 4.2.1 Build 20160601 suffers from an arbitrary file overwrite vulnerability.

tags | exploit, arbitrary
SHA-256 | 1b6b302fa261390c5f0c6aa9787378c2eaa3685d815a17a90ab3bfb40b207096

Related Files

Ubuntu Security Notice USN-5241-1
Posted Jan 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5241-1 - It was discovered that QtSvg incorrectly handled certain malformed SVG images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause QtSvg to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-19869
SHA-256 | 32d6d60a122670053f2e460a06106159ff6aabe1544ead509400874e9613b9da
QNAP QTS And Photo Station 6.0.3 Remote Command Execution
Posted May 28, 2020
Authored by Yunus YILDIRIM

QNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2019-7192, CVE-2019-7193, CVE-2019-7194, CVE-2019-7195
SHA-256 | 604298053dafd0abe28f387617874da35d43eb2b5d986c0ce5674a7007367477
MATESO GmbH Password Safe And Repository Enterprise 7.4.4 Build 2247 Credential Management
Posted Apr 11, 2017
Authored by Matthias Deeg | Site syss.de

MATESO GmbH Password Safe and Repository Enterprise 7.4.4 build 2247 suffers from poor credential management using unsalted MD5 hashes.

tags | exploit
SHA-256 | 5105c7b2f62190c0c64b2e7931b0d6a3d0fb7d876c939151bd3f4bae8acd7cdb
MATESO GmbH Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection
Posted Apr 11, 2017
Authored by Matthias Deeg | Site syss.de

MATESO GmbH Password Safe and Repository Enterprise version 7.4.4 build 2247 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9046651535626d2b33a64b0d5d4c33312e2e5842f722ec1cffb1649ca49e6f7b
QNAP QTS Remote Command Injection
Posted Apr 6, 2017
Authored by Harry Sintonen

QNAP QTS suffers from multiple command injection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2017-6359, CVE-2017-6360, CVE-2017-6361
SHA-256 | 343c3dd2c8af1703505203d51d06fca1f4b6fd98b7dbcb44ab5aad7c30af0005
QNAP QTS Privilege Escalation / Information Disclosure
Posted Mar 23, 2017
Authored by Pasquale Florillo, Guido Oricchio

QNAP QTS versions prior to 4.2.4 suffer from a sensitive data exposure vulnerability that allows for privilege escalation.

tags | exploit
advisories | CVE-2017-5227
SHA-256 | 3d248b7122dde92c3c6cff49c15a639517a9a2504a008042fa15212812bc6b27
QNAP QTS 4.2.x XSS / Command Injection / Transport Issues
Posted Feb 15, 2017
Authored by Harry Sintonen

QNAP QTS firmware contain missing transport layer security, improper certificate validation, command injection, cross site scripting, and information disclosure vulnerabilities that can be exploited to gain remote command execution to the devices or to perform arbitrary administrative functions, and to gain unauthorized access to user's myQNAPcloud credentials.

tags | exploit, remote, arbitrary, vulnerability, xss, info disclosure
SHA-256 | 2338d54a3f3425f4ef6945698a4d1e0725c1aeb60607671654d4a0472c4453d7
Microsoft Wireless Desktop 2000 Cryptography Issues
Posted Oct 11, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

Microsoft Wireless Desktop 2000 version A suffers from cryptographic issues and replay attacks.

tags | advisory
SHA-256 | 5b91e6090047fef94d34dd0fd973cc4e86a6c54ee1ac8d86d8a8818ca9bfdeca
Microsoft Wireless Desktop 2000 Insufficent Protection
Posted Oct 10, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

Microsoft Wireless Desktop 2000 version A suffers from insufficient protection of code (firmware) and data (cryptographic key).

tags | advisory
SHA-256 | a2e84bef4f1b103936ce31df00ad89196bd85c85162d189f4577c1a150082ee0
QNAP QTS 4.2.1 Build 20160601 Command Injection
Posted Aug 19, 2016
Authored by Sebastian Nerz | Site syss.de

QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.

tags | exploit
SHA-256 | cb5c2ee3db6c55c22f86862e5b72bd113f7ae769e329bc847caa576516a573f1
QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Cross Site Scripting
Posted Aug 19, 2016
Authored by Sebastian Nerz | Site syss.de

QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 27689d9fdae27206f86fb67c52b512a57abc9dffe9f0f4d19e8aa363d3efdb19
QNAP QTS 4.2.1 Build 20160601 Cross Site Scripting
Posted Aug 19, 2016
Authored by Sebastian Nerz | Site syss.de

QNAP QTS version 4.2.1 Build 20160601 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 559a2c873cc88588570a681aea2d06fbbb6046cd8fdf54b9dbfec6256c89dda1
QNAP QTS 4.2.1 Build 20160601 Lang Parameter Command Injection
Posted Aug 18, 2016
Authored by Sebastian Nerz | Site syss.de

QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.

tags | exploit
SHA-256 | 448d8a4712caf953aec99fadb1be4168c93a5e989fce7c009cd8577b1290902f
QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Cross Site Scripting
Posted Aug 18, 2016
Authored by Sebastian Nerz | Site syss.de

QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 96a4d53ecd91f1a17608c43886a495fcf40a7eca582c4989e48e047118b247ce
QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Command Injection
Posted Aug 18, 2016
Authored by Sebastian Nerz | Site syss.de

QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from an OS command injection vulnerability.

tags | exploit
SHA-256 | 892e6af51235735fae4ad4873dc7e3cc493bcb86a765cb905cdf1117cf7df8a9
QNAP QTS 4.2.1 Build 20160601 imbgName Parameter Command Injection
Posted Aug 18, 2016
Authored by Sebastian Nerz | Site syss.de

QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.

tags | exploit
SHA-256 | e766f0f6ff858161e23849a3310ffff9e284a377d2850c7d0aacd1f4541b45de
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Crypto Issues / Replay Attacks
Posted Jul 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and replay attack vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 3737c6b837cb5779da05eb65eeceaa868fb36d30c20fac2a630e28c5168f4313
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Keystroke Injection
Posted Jul 29, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and keystroke injection vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 8d783cf17d0aeb744bc415fcc3f5209b17a3b0f1fec084fd4a66af59968c352f
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Insufficient Protections
Posted Jul 29, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from insufficient protection of code (firmware) and data (cryptographic key).

tags | exploit
SHA-256 | f1ff00bde501a530edae9d601cb3986ee2e1274ad3e4408f7af68bf525e7d5f6
pgpdump 0.29 Endless Loop
Posted Apr 18, 2016
Authored by Klaus Eisentraut | Site syss.de

pgpdump version 0.29 suffers from an endless loop parsing issue that can lead to a denial of service.

tags | exploit, denial of service
advisories | CVE-2016-4021
SHA-256 | ca2cebf5bbc203a10cddb4380a1efb60238193332dfe72831f57c0aef4db21f2
innovaphone IP222 11r2 sr9 Brute Force
Posted Mar 24, 2016
Authored by Sven Freund | Site syss.de

The innovaphone IP222 provides a password protected administration interface, which can be accessed via a web browser. Although the basic authentication was disabled and instead the digest authentication is used, it is still possible to perform brute-force attacks against the password authentication process.

tags | exploit, web
SHA-256 | 5a2d36d564fe004b8101678bcdc007666e0547fe8e23b7a50847efbc69680872
innovaphone IP222 11r2 sr9 Download Denial Of Service
Posted Mar 24, 2016
Authored by Sven Freund | Site syss.de

At startup the innovaphone IP222 sends an HTTP request for a special PNG file to the involved server system. After the download has finished, the image is displayed on the phone by selecting the receiver screen in the menu. Providing a large image file (6.9 MB) within the download process and selecting the receiver screen on the phone will lead to a crash of the application and cause a denial of service condition. Remote code execution via this security vulnerability may also be possible, but was not confirmed by the SySS GmbH.

tags | exploit, remote, web, denial of service, code execution
SHA-256 | 082b8f3575ba36bdc1044ed8d817104a1afb0c9d70e9163c8f9dfb60e5762b1a
innovaphone IP222 UDP Denial Of Service
Posted Mar 24, 2016
Authored by Sven Freund | Site syss.de

The innovaphone IP222 offers different protocols, like H.323 or SIP, to fulfil the various requirements. The discovered vulnerability was found in the protocol SIP/UDP. Therefore a specially crafted SIP request to the open 5060/UDP port causes a denial of service condition by crashing the innovaphone IP222 phone immediately. Remote code execution via this security vulnerability may also be possible, but was not confirmed by the SySS GmbH.

tags | exploit, remote, denial of service, udp, code execution, protocol
SHA-256 | cfc0d7614928d7e4d648a995ef8fdeb119a75e0ac44cc1cd7ece00e5e46a6931
innovaphone IP222 / IP232 Denial Of Service
Posted Mar 5, 2016
Authored by Alexander Brachmann | Site syss.de

innovaphone versions IP222 and IP232 suffer from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | 82d16c58171e185f50439ca2a3e3a97783090e29049d727064dcd3b319f9348e
Sophos UTM 525 Full Guard Cross Site Scripting
Posted Mar 1, 2016
Authored by Dr. Adrian Vollmer | Site syss.de

Inserting an HTML 'script' tag into the URL of a web site protected by Sophos UTM 525 yields an error page which contains the 'script' tag unfiltered. Executing malicious JavaScript code in the victim's browser is therefore straightforward.

tags | exploit, web, javascript
SHA-256 | 1eceff53bf6b122d6139c8726d40ddfbec1d153d9f984494053dc00259fcd5f7
Page 1 of 4
Back1234Next

File Archive:

May 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    16 Files
  • 3
    May 3rd
    38 Files
  • 4
    May 4th
    15 Files
  • 5
    May 5th
    35 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    8 Files
  • 9
    May 9th
    65 Files
  • 10
    May 10th
    19 Files
  • 11
    May 11th
    27 Files
  • 12
    May 12th
    8 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    1 Files
  • 15
    May 15th
    19 Files
  • 16
    May 16th
    66 Files
  • 17
    May 17th
    28 Files
  • 18
    May 18th
    32 Files
  • 19
    May 19th
    13 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    23 Files
  • 23
    May 23rd
    15 Files
  • 24
    May 24th
    49 Files
  • 25
    May 25th
    20 Files
  • 26
    May 26th
    13 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close