exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files

Teltonika RUT9XX Unauthenticated OS Command Injection
Posted Oct 12, 2018
Authored by David Gnedt | Site sba-research.org

Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.

tags | exploit, remote, arbitrary, cgi, root, vulnerability
advisories | CVE-2018-17532
SHA-256 | 3b891e67dc7f84a78fafd4de519a7224bdb6d898a5ad5c79db67551a91fc0d24

Related Files

Paradox IP150 Internet Module 1.40.00 Cross Site Request Forgery
Posted Jun 24, 2024
Authored by Jakob Pachmann, Fabian Funder | Site sba-research.org

Paradox IP150 Internet Module version 1.40.00 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2024-5676
SHA-256 | 9e102cbe93f6192c8caedc9ff1e998a3150ce7386317dc22ddbf5e4b3f736fbf
CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command
Posted Jan 26, 2024
Authored by David Gnedt | Site sba-research.org

CloudLinux CageFS versions 7.0.8-2 and below insufficiently restrict file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.

tags | exploit, arbitrary, local
advisories | CVE-2020-36772
SHA-256 | 7cfae83fd5939609459b8ed98a7edecfd614eb3c5cd3373d9da412bc106b20d1
CloudLinux CageFS 7.1.1-1 Token Disclosure
Posted Jan 26, 2024
Authored by David Gnedt | Site sba-research.org

CloudLinux CageFS versions 7.1.1-1 and below pass the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user.

tags | exploit, local, code execution
advisories | CVE-2020-36771
SHA-256 | 437f367ac50c53712ae264b28731e8929e461079e8ff05355b97f16fb6c32a55
MOKOSmart MKGW1 Gateway Improper Session Management
Posted Dec 20, 2023
Authored by David Gnedt, Jakob Hagl | Site sba-research.org

MOKOSmart MKGW1 Gateway devices with firmware version 1.1.1 or below do not provide an adequate session management for the administrative web interface. This allows adjacent attackers with access to the management network to read and modify the configuration of the device.

tags | exploit, web
SHA-256 | c694be2f3aeadf3e34a15c75c0c332496dca8eac6b5590d03759fec352bbdae6
SB Admin Cross Site Request Forgery / SQL Injection
Posted Jan 17, 2022
Authored by Taurus Omar

SB Admin suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
SHA-256 | bc481b1b6ef15e1c81979f3faa7fd5e035acbdc0fedd25844262c33dc6b8c43d
Ping Identity Agentless Integration Kit Cross Site Scripting
Posted Aug 30, 2019
Authored by Thomas Konrad | Site sba-research.org

Ping Identity Agentless Integration Kit versions prior to 1.5 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-13564
SHA-256 | 9c150c77a9bce6accc3723843ec65700cdd8208915df10e20c19c5f97162c324
Teltonika RUT9XX Reflected Cross Site Scripting
Posted Oct 12, 2018
Authored by David Gnedt | Site sba-research.org

Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.

tags | exploit, cgi, vulnerability, xss
advisories | CVE-2018-17533
SHA-256 | 4cce626d1539e2d1d2f295b036e17ec9f4779d6658a6a91f1e7574c7c10e9d5d
Teltonika RUT9XX Missing Access Control To UART Root Terminal
Posted Oct 12, 2018
Authored by David Gnedt | Site sba-research.org

Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.

tags | exploit, arbitrary, root
advisories | CVE-2018-17534
SHA-256 | e9d45ff879f8d592742af5d9401af535a0057ffab7ca2663e9027078fd59edd6
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close