what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

D-Link ADSL Router DSL-2750U IN_1.02 Remote File Disclosure
Posted Nov 8, 2016
Authored by Todor Donev

D-Link ADSL router DSL-2750U with firmware version IN_1.02 suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 0e9f686623d0693839f1d3eb50b72896

Related Files

Dlink DSL2750U Command Injection
Posted Jun 22, 2021
Authored by Mohammed Hadi

Dlink DSL2750U suffers from a reboot command injection vulnerability.

tags | exploit
MD5 | e52a267317400d55b811baf68a56c96e
DLINK DWL-2600 Authenticated Remote Command Injection
Posted Mar 28, 2020
Authored by Raki Ben Hamouda, Nick Starke | Site metasploit.com

This Metasploit module exploits some DLINK Access Points that are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin.

tags | exploit, web
advisories | CVE-2019-20499
MD5 | 058fc813826b27ba952231f09a327f06
Ubuntu Security Notice USN-4294-1
Posted Mar 2, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4294-1 - It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An unprivileged local attacker could read the first line of any file on the filesystem.

tags | advisory, remote, arbitrary, shell, local, root
systems | linux, ubuntu
advisories | CVE-2020-8793, CVE-2020-8794
MD5 | 4dae00ef525530e6ea55476c447cd9fd
Dlink DCS-1130 Command Injection / CSRF / Stack Overflow
Posted Jun 7, 2019
Authored by Mandar Satam

Dlink DCS-1130 suffers from command injection, cross site request forgery, stack overflow, and various other vulnerabilities.

tags | exploit, overflow, vulnerability, csrf
advisories | CVE-2017-8404, CVE-2017-8405, CVE-2017-8406, CVE-2017-8407, CVE-2017-8408, CVE-2017-8409, CVE-2017-8410, CVE-2017-8411, CVE-2017-8412, CVE-2017-8413, CVE-2017-8414, CVE-2017-8415, CVE-2017-8416, CVE-2017-8417
MD5 | 2740a7ddd36c75b0b15552c41ce5fa00
Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
Posted Sep 22, 2018
Authored by Jacob Robles, bwatters-r7, SandboxEscaper, asoto-r7 | Site metasploit.com

On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to .job files located in c:\windows\tasks because the scheduler does not use impersonation when checking this location. Since users can create files in the c:\windows\tasks folder, a hardlink can be created to a file the user has read access to. After creating a hardlink, the vulnerability can be triggered to set the DACL on the linked file. WARNING: The PrintConfig.dll (%windir%\system32\driverstor\filerepository\prnms003*) on the target host will be overwritten when the exploit runs. This Metasploit module has been tested against Windows 10 Pro x64.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2018-8440
MD5 | 75182edcb972e293d73fef17dd332fcc
Ecessa ShieldLink SL175EHQ 10.7.4 Add Superuser Cross Site Request Forgery
Posted Jun 25, 2018
Authored by LiquidWorm | Site zeroscience.mk

Ecessa ShieldLink SL175EHQ version 10.7.4 suffers from an add superuser cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 8a8c1de2a67b10c2994223ebb10d07b6
systemd Local Privilege Escalation
Posted Jan 31, 2018
Authored by Michael Orlitzky

systemd (systemd-tmpfiles) versions prior to 236 suffer from an fs.protected_hardlinks=0 local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2017-18078
MD5 | 28b82df7153ff8f785b06fc4f6265f23
Ubuntu Security Notice USN-3534-1
Posted Jan 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3534-1 - It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. A memory leak was discovered in the _dl_init_paths function in the GNU C library dynamic loader. A local attacker could potentially exploit this with a specially crafted value in the LD_HWCAP_MASK environment variable, in combination with CVE-2017-1000409 and another vulnerability on a system with hardlink protections disabled, in order to gain administrative privileges. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local, memory leak
systems | linux, ubuntu
advisories | CVE-2017-1000408, CVE-2017-1000409, CVE-2017-15670, CVE-2017-15804, CVE-2017-16997, CVE-2017-17426, CVE-2018-1000001
MD5 | 4d8f3d9f108dacae4f21c559451d5fd0
Ubuntu Security Notice USN-3225-1
Posted Mar 10, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3225-1 - It was discovered that libarchive incorrectly handled hardlink entries when extracting archives. A remote attacker could possibly use this issue to overwrite arbitrary files. Christian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered that libarchive incorrectly handled filename lengths when writing ISO9660 archives. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-5418, CVE-2016-6250, CVE-2016-7166, CVE-2016-8687, CVE-2016-8688, CVE-2016-8689, CVE-2017-5601
MD5 | ceb27b9d487cbc12ed4c396119dc9994
Dlink DIR Routers Unauthenticated HNAP Login Stack Buffer Overflow
Posted Nov 21, 2016
Authored by Pedro Ribeiro | Site metasploit.com

Several Dlink routers contain a pre-authentication stack buffer overflow vulnerability, which is exposed on the LAN interface on port 80. This vulnerability affects the HNAP SOAP protocol, which accepts arbitrarily long strings into certain XML parameters and then copies them into the stack. This exploit has been tested on the real devices DIR-818LW and 868L (rev. B), and it was tested using emulation on the DIR-822, 823, 880, 885, 890 and 895. Others might be affected, and this vulnerability is present in both MIPS and ARM devices. The MIPS devices are powered by Lextra RLX processors, which are crippled MIPS cores lacking a few load and store instructions. Because of this the payloads have to be sent unencoded, which can cause them to fail, although the bind shell seems to work well. For the ARM devices, the inline reverse tcp seems to work best. Check the reference links to see the vulnerable firmware versions.

tags | exploit, overflow, shell, tcp, protocol
advisories | CVE-2016-6563
MD5 | dd3ba90a3c8d9aee1a73c5d68572d159
Red Hat Security Advisory 2016-1850-01
Posted Sep 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1850-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.

tags | advisory, arbitrary, python
systems | linux, redhat
advisories | CVE-2015-8920, CVE-2015-8921, CVE-2015-8932, CVE-2016-4809, CVE-2016-5418, CVE-2016-5844, CVE-2016-7166
MD5 | 02e572b757677a32648780076e5e319e
Red Hat Security Advisory 2016-1844-01
Posted Sep 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1844-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.

tags | advisory, arbitrary, python
systems | linux, redhat
advisories | CVE-2015-8916, CVE-2015-8917, CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930, CVE-2015-8931, CVE-2015-8932, CVE-2015-8934, CVE-2016-1541, CVE-2016-4300, CVE-2016-4302, CVE-2016-4809, CVE-2016-5418, CVE-2016-5844, CVE-2016-6250, CVE-2016-7166
MD5 | 10ea330f0d966c32d82a952ea7fb4c0f
Red Hat Security Advisory 2016-1852-01
Posted Sep 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1852-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-5418
MD5 | 411d9962577de9a20947f80760e1fc0f
Microsoft Windows Hardlink Permission Issue
Posted Nov 17, 2015
Authored by Google Security Research, forshaw

On Microsoft Windows you can create NTFS hardlinks without needing write permissions on the target file.

tags | advisory
systems | linux, windows
advisories | CVE-2015-6113
MD5 | 6075d3d3870b6e4c1f75b3c3c5e80210
MacOS X 10.11 Hardlink Resource Exhaustion
Posted Oct 26, 2015
Authored by Maksymilian Arciemowicz

MacOS X 10.11 suffers from a hardlink bomb issue that causes resource exhaustion.

tags | exploit, denial of service
advisories | CVE-2010-0105, CVE-2013-6799, CVE-2014-4433, CVE-2014-4434
MD5 | 8c5414e45c6ca9b641f094c5a3f77d90
Qualys Security Advisory - OpenSMTPD Audit Report
Posted Oct 4, 2015
Authored by Qualys Security Advisory

Qualys discovered various vulnerabilities in OpenSMTPD. These include, but are not limited to, denial of service, buffer overflow, hardlink attack and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
MD5 | 20c4ffd499c1a6466cfce72f6b1c0a80
Mozilla Maintenance Service Log File Overwrite Elevation Of Privilege
Posted Aug 21, 2015
Authored by Google Security Research, forshaw

The maintenance service creates a log file in a user writable location. It's possible to change the log file to a hardlink to another file to cause file corruption or elevation of privilege.

tags | exploit
systems | linux
advisories | CVE-2015-4481
MD5 | db59d45a788db12a7a62da9cbfd6011b
D-Link DSL-2780B DLink_1.01.14 Unauthenticated Remote DNS Change
Posted Jun 7, 2015
Authored by Todor Donev

D-Link DSL-2780B DLink_1.01.14 suffers from an unauthenticated remote DNS change vulnerability.

tags | exploit, remote
MD5 | 0424f970d8d2843ab170f6bb0932539f
OS X 10.10 Bluetooth DispatchHCIWriteStoredLinkKey Crash Proof Of Concept
Posted Jan 14, 2015
Authored by Roberto Paleari, Aristide Fattori

OS X 10.10 Bluetooth DispatchHCIWriteStoredLinkKey crash denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
systems | apple, osx
MD5 | 3736f50cacae65e4e143100016962951
D-Link DIR-605L Captcha Handling Buffer Overflow
Posted Oct 22, 2013
Authored by Craig Heffner, juan vazquez | Site metasploit.com

This Metasploit module exploits an anonymous remote code execution on D-Link DIR-605L routers. The vulnerability exists while handling user supplied captcha information, and is due to the insecure usage of sprintf on the getAuthCode() function. This Metasploit module has been tested successfully on DLink DIR-605L Firmware 1.13 under a QEMU environment.

tags | exploit, remote, code execution
advisories | OSVDB-86824
MD5 | 0547694f381c1caecddb6f60063679db
FreeBSD Security Advisory - nullfs(5) links
Posted Sep 10, 2013
Authored by Konstantin Belousov | Site security.freebsd.org

FreeBSD Security Advisory - The nullfs(5) filesystem allows all or a part of an already mounted filesystem to be made available in a different part of the global filesystem namespace. It is commonly used to make a set of files available to multiple chroot(2) or jail(2) environments without replicating the files in each environment. A common idiom, described in the FreeBSD Handbook, is to mount one subtree of a filesystem read-only within a jail's filesystem namespace, and mount a different subtree of the same filesystem read-write. The nullfs(5) implementation of the VOP_LINK(9) VFS operation does not check whether the source and target of the link are both in the same nullfs instance. It is therefore possible to create a hardlink from a location in one nullfs instance to a file in another, as long as the underlying (source) filesystem is the same. If multiple nullfs views into the same filesystem are mounted in different locations, a user with read access to one of these views and write access to another will be able to create a hard link from the latter to a file in the former, even though they are, from the user's perspective, different filesystems. The user may thereby gain write access to files which are nominally on a read-only filesystem.

tags | advisory
systems | freebsd
advisories | CVE-2013-5710
MD5 | fe3496a802ef303a50977b9200e73a80
DLink DIR-645 / DIR-815 diagnostic.php Command Execution
Posted Apr 11, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Some DLink Routers are vulnerable to OS Command injection in the web interface. On DIR-645 versions prior 1.03 authentication isn't needed to exploit it. On version 1.03 authentication is needed in order to trigger the vulnerability, which has been fixed definitely on version 1.04. Other DLink products, like DIR-300 rev B and DIR-600, are also affected by this vulnerability. Not every device includes wget which we need for deploying our payload. On such devices you could use the cmd generic payload and try to start telnetd or execute other commands. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. This Metasploit module has been tested successfully on DIR-645 prior to 1.03, where authentication isn't needed in order to exploit the vulnerability.

tags | exploit, web
advisories | OSVDB-92144
MD5 | 5cf63bf4dd5a9527008c1c0fea74bf16
D-Link DIR-600 / DIR-300 Command Execution / Bypass / Disclosure
Posted Feb 5, 2013
Authored by Michael Messner

D-Link DIR-600 and DIR-300 suffer insecure cryptographic storage, remote command execution, information disclosure, and insecure password changing vulnerabilities.

tags | exploit, remote, vulnerability, info disclosure
MD5 | 78daa29ea35caa4fad0041283ae8b890
D-Link DIR-300 Cross Site Scripting
Posted Feb 4, 2013
Authored by Karn Ganeshen

D-Link DIR-300 suffers from an administratively inflicted cross site scripting vulnerability.

tags | exploit, xss
MD5 | be827f86e352d2cf672824d09efa3cfa
D-Link DCS Cameras Authentication Bypass / Command Execution
Posted Jan 30, 2013
Authored by Roberto Paleari

D-Link DCS Cameras suffer from authentication bypass and remote command execution vulnerabilities due to a remote information disclosure of the configuration.

tags | exploit, remote, vulnerability, bypass, info disclosure
MD5 | 642656ca4ec5d96fced2505285154136
Page 1 of 4
Back1234Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close