exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

Barracuda WAF V360 Firmware 8.0.1.014 Support Tunnel Hijack
Posted Jul 7, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

Barracuda WAF V360 with firmware 8.0.1.014 suffers from a support tunnel hijacking vulnerability.

tags | exploit
SHA-256 | b5f3e2e56c5e431a0f7904096cd26eb5b819f5e04765f0ca18b7e34eeb0f1740

Related Files

Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root
Posted Feb 16, 2017
Authored by Matthew Bergin | Site korelogic.com

Trendmicro InterScan version 6.5-SP2_Build_Linux_1548 suffers from a remote root access vulnerability.

tags | exploit, remote, root
SHA-256 | 8207670b7b23f48f93f2a7d157326bcd7fa8384a29863a9824938cd6f5929a09
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation
Posted Feb 16, 2017
Authored by Matthew Bergin | Site korelogic.com

Trendmicro InterScan version 6.5-SP2_Build_Linux_1548 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2016-9315
SHA-256 | d466b761795d8d3086d31d2d398c036a70a01e03515283ad16085a4bf3fe529f
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write
Posted Feb 16, 2017
Authored by Matthew Bergin | Site korelogic.com

Trendmicro InterScan version 6.5-SP2_Build_Linux_1548 suffers from an arbitrary file write vulnerability that can lead to remote command execution.

tags | exploit, remote, arbitrary
SHA-256 | 26ab7b4f02561adad2e13b1c460f10e7406f2bed3b1a400caf9cd13b6a2cc8da
Sophos Web Appliance 4.2.1.3 Remote Code Execution
Posted Nov 4, 2016
Authored by Matthew Bergin | Site korelogic.com

Sophos Web Appliance version 4.2.1.3 suffers from a remote code execution vulnerability.

tags | exploit, remote, web, code execution
SHA-256 | 63701a9eb15e305ac51389eaeadb3b1a48ad8b7a79c8e2be9b6f3fa830db7304
Sophos Web Appliance 4.2.1.3 Privilege Escalation
Posted Nov 4, 2016
Authored by Matthew Bergin | Site korelogic.com

Sophos Web Appliance version 4.2.1.3 suffers from a privilege escalation vulnerability. An unprivileged user can obtain an MD5 hash of the administrator password which can then be used to discover the plain-text password.

tags | exploit, web
SHA-256 | 6c3a7db5cb2b8006c493d363dd8ec25ba892a528fb9c8d8faf875f49faee60aa
Cisco Firepower Threat Management Console Local File Inclusion
Posted Oct 5, 2016
Authored by Matthew Bergin | Site korelogic.com

Cisco Firepower Threat Management Console suffers from a local file inclusion vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.

tags | exploit, local, file inclusion
systems | cisco, linux
advisories | CVE-2016-6435
SHA-256 | 3bb68d70578902fa49aa28ddac5c00c057ccf7040672b0e7d40d0048e61e4fee
Cisco Firepower Threat Management Command Execution
Posted Oct 5, 2016
Authored by Matthew Bergin | Site korelogic.com

Cisco Firepower Threat Management Console suffers from a remote command execution vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.

tags | exploit, remote
systems | cisco, linux
advisories | CVE-2016-6433
SHA-256 | 478bf4dcc23d2ef96d26269234864bc75b3152960f1f077a183667abd3cd5cd2
Cisco Firepower Threat Management Console Denial Of Service
Posted Oct 5, 2016
Authored by Matthew Bergin | Site korelogic.com

Cisco Firepower Threat Management Console suffers from a denial of service vulnerability. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.

tags | exploit, denial of service
systems | cisco, linux
SHA-256 | 93b912c298ea153c2c41d2e2762896ea94b468117fac32c32eaf77e232760a41
Cisco Firepower Threat Management Console Hard-Coded MySQL Credentials
Posted Oct 5, 2016
Authored by Matthew Bergin | Site korelogic.com

Cisco Firepower Threat Management Console has hard-coded MySQL credentials in use. Cisco Fire Linux OS 6.0.1 (build 37/build 1213) is affected.

tags | exploit
systems | cisco, linux
advisories | CVE-2016-6434
SHA-256 | 340707f4d5b3dac91cc48f0c12337c760677cc76dc14f6c4697885df69e314c1
SQLite Tempdir Selection
Posted Jul 1, 2016
Authored by Hank Leininger | Site korelogic.com

Usually processes writing to temporary directories do not need to perform readdir() because they control the filenames they create, so setting /tmp/ , /var/tmp/ , etc. to be mode 1733 is a not uncommon UNIX hardening practice. Affected versions of SQLite reject potential tempdir locations if they are not readable, falling back to '.'. Thus, SQLite will favor e.g. using cwd for tempfiles on such a system, even if cwd is an unsafe location. Notably, SQLite also checks the permissions of '.', but ignores the results of that check. All versions of SQLite prior to 3.13.0 are affected.

tags | exploit
systems | unix
SHA-256 | 762be39effea94233c24738dcf6d499f38f825f4b7984d06ada2c300f0ae4c55
Ubiquiti Administration Portal CSRF / Remote Command Execution
Posted Jun 29, 2016
Authored by Matthew Bergin | Site korelogic.com

The Ubiquiti AirGateway, AirFiber, and mFi platforms feature remote administration via an authenticated web-based portal. Lack of CSRF protection in the Remote Administration Portal, and unsafe passing of user input to operating system commands executed with root privileges, can be abused in a way that enables remote command execution.

tags | exploit, remote, web, root
SHA-256 | 90378a8805d8e7a9d70f57b6789f59dbe576e315ddf496817ce14425c0361204
Arris DG1670A Cable Modem Remote Command Execution
Posted Feb 13, 2016
Authored by Hank Leininger, Matthew Bergin | Site korelogic.com

The Arris DG1670A leverages a combination of technologies to deliver the product functionality. Combining several of these technologies in an unanticipated way will allow an attacker to execute arbitrary commands on the underlying operating system as the most privileged user.

tags | exploit, arbitrary
SHA-256 | f9f07867f80d6ed81875b0f0f3426862a601d2df3911aea7d48a11a170f6c39b
Dell Authentication Driver Uncontrolled Write
Posted Dec 18, 2015
Authored by Matthew Bergin

The Dell Pre-Boot Authentication Driver (PBADRV.sys) contains a vulnerability that can be leveraged to enable an attacker to write arbitrary code. The 'OutputAddress' from the IOCTL call is not validated before it attempts to write to memory. The content of the write is a four-byte hex value that is always greater than that of the kernel base address. Using multiple writes, it may be possible to overwrite the first entry of HalDispatchTable in a way that the entry would point to a user-land address. An attacker need only allocate shellcode at said address and call the ntdll!NtQueryIntervalProfile() function.

tags | exploit, arbitrary, kernel, shellcode
advisories | CVE-2015-6856
SHA-256 | 4c39d7663202b0e6a4d111b2cedc2d39282bb058581eda40719607e5ea6add5a
Seagate GoFlex Satellite Remote Telnet Default Password
Posted Dec 18, 2015
Authored by Matthew Bergin

Seagate GoFlex Satellite Mobile Wireless Storage devices contain a hardcoded backdoor account. An attacker could use this account to remotely tamper with the underlying operating system when Telnet is enabled.

tags | exploit
advisories | CVE-2015-2874
SHA-256 | 5c61cfee09fbb37a6bafacad5f5ac3b5b476c894b553933c75614523958a3ff4
Linksys EA6100 Wireless Router Authentication Bypass
Posted Dec 4, 2015
Authored by Matthew Bergin

Linksys EA6100 Wireless Router suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | a8b20e7d7ed604facccbb2ae990af80afdd4329520a1b779fb7446ad55de4272
VBox Satellite Express Arbitrary Write Privilege Escalation
Posted Sep 19, 2015
Authored by Matthew Bergin

A vulnerability within the ndvbs module allows an attacker to inject memory they control into an arbitrary location they define. This vulnerability can be used to overwrite function pointers in HalDispatchTable resulting in an elevation of privilege. suffers from code execution, and local file inclusion vulnerabilities.

tags | exploit, arbitrary, local, vulnerability, code execution, file inclusion
advisories | CVE-2015-6923
SHA-256 | f56522b7ad8171646ac1c3eea8d0052f0c4e3db5b5c86c6dd3e9b9fae91e3b70
XGI Windows VGA Display Manager Privilege Escalation
Posted Sep 2, 2015
Authored by Matthew Bergin

A vulnerability within the xrvkp module allows an attacker to inject memory they control into an arbitrary location they define. This vulnerability can be used to overwrite function pointers in HalDispatchTable resulting in an elevation of privilege.

tags | advisory, arbitrary
advisories | CVE-2015-5466
SHA-256 | 77a97ac2af8e5d412b8fd4eb9a999feef3db9cd52adba3ce10f5fa61cc3aa2ae
SiS Windows VGA Display Manager Privilege Escalation
Posted Sep 2, 2015
Authored by Matthew Bergin

Vulnerabilities within the srvkp module allows an attacker to inject memory they control into an arbitrary location they define or cause memory corruption. IOCTL request codes 0x96002400 and 0x96002404 have been demonstrated to trigger these vulnerabilities. These vulnerabilities can be used to obtain control of code flow in a privileged process and ultimately be used to escalate the privilege of an attacker. Version affected is 6.14.10.3930.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2015-5465
SHA-256 | a2a0c9af7028c25243f0a56d26ca9915265d443f37f6c6fd0844ddb64354f2ce
Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation
Posted Jan 29, 2015
Authored by Matthew Bergin

The tcpip.sys driver fails to sufficiently validate memory objects used during the processing of a user-provided IOCTL. By crafting an input buffer that will be passed to the Tcp device through the NtDeviceIoControlFile() function, it is possible to trigger a vulnerability that would allow an attacker to elevate privileges. Proof of concept exploit included.

tags | exploit, tcp, proof of concept
systems | windows
advisories | CVE-2014-4076
SHA-256 | 9d61f1a5823955c19741ad2d57e256f3641cf2f035e04e442eac8b77fd3054ea
VMWare vmx86.sys Arbitrary Kernel Read
Posted Nov 5, 2014
Authored by Matthew Bergin

A vulnerability within the vmx86 driver allows an attacker to specify a memory address within the kernel and have the memory stored at that address be returned to the attacker. VMWare Workstation version 10.0.0.40273 is affected.

tags | exploit, kernel
SHA-256 | bf4905c643bfb35f7aa1fcf8969c9ca0cce46972723b84fbd81cf253c06f8385
Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
Posted Jul 21, 2014
Authored by Matthew Bergin

A vulnerability within the MQAC module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Microsoft MQ Access Control version 5.1.0.1110 on XP SP3 is affected.

tags | exploit, arbitrary
advisories | CVE-2014-4971
SHA-256 | ac6de6f3a8cc010f9936f8753463cdbb1d352b1255340abf3d899a75f1c67f7b
Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
Posted Jul 21, 2014
Authored by Matthew Bergin

A vulnerability within the BthPan module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Microsoft Bluetooth Personal Area Networking version 5.1.2600.5512 on XP SP3 is affected.

tags | exploit, arbitrary
advisories | CVE-2014-4971
SHA-256 | 9520a3d17643c7ebf1130b867b4f899c083ee1d3103c9e343a9e895529ec8545
Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation
Posted Jul 15, 2014
Authored by Matthew Bergin

A vulnerability within VBoxGuest module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Oracle VirtualBox Guest Additions versions 4.3.8 through 4.3.10 are affected.

tags | exploit, arbitrary
advisories | CVE-2014-2477
SHA-256 | 23d2e313c1427a208d2779f1e9be216e6d3f6f4025a67191718be30d6c492262
Kleeja Upload Center Script CRLF Injection
Posted Nov 28, 2012
Authored by Ashiyane Digital Security Team

Kleeja Upload Center Script version 1.0.1 appears to suffer from a CRLF header injection vulnerability.

tags | exploit
SHA-256 | 76f605b7d08edb4bf05d6d22b3bcf13e784043856c560044d5fd49ceec08d874
K Labs Empowers SQL Injection
Posted Feb 16, 2012
Authored by tempe_mendoan

K Labs Empowers suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 00b7f605544886c275266536a41562e767219bbef092ede519441ef2e3ed1283
Page 3 of 4
Back1234Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close