what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution
Posted May 11, 2022
Authored by Pedro Ribeiro, Radek Domanski | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the Cisco RV series router's SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation easier. Successful execution of this module results in a reverse root shell. A custom payload is used as Metasploit does not have ARMLE null free shellcode. This vulnerability was presented by the Flashback Team in Pwn2Own Austin 2021 and OffensiveCon 2022. For more information check the referenced advisory. This module has been tested in firmware versions 1.0.03.15 and above and works with around 65% reliability. The service restarts automatically so you can keep trying until you pwn it. Only the RV340 router was tested, but other RV series routers should work out of the box.

tags | exploit, overflow, shell, root, shellcode
systems | cisco
advisories | CVE-2022-20699
SHA-256 | 619682621429d96cd23a1e1bcd69a008398c5244223265886c52e2e417242d02

Related Files

Alpha Networks ADSL2/2+ Wireless Router ASL-26555 Password Disclosure
Posted Aug 17, 2012
Authored by Alberto Ortega

Alpha Networks ADSL2/2+ Wireless Router version ASL-26555 suffers from a remote administration password disclosure vulnerability. Tested on firmware version 2.0.0.30B_ES.

tags | exploit, remote
SHA-256 | 0acc750576387e5c5c8428df81f18e8f0e01592d9d5308c8ea0f94e991b8de78
Iomega StorCenter/EMC Lifeline Remote Access
Posted Aug 9, 2012
Site emc.com

A vulnerability exists for Iomega network storage devices with EMC Lifeline firmware that can potentially be exploited to gain unauthorized access to remote shares in certain circumstances. If remote access (including port-forwarding) is enabled on affected Iomega devices, all created shares (including shares on connected USB devices) could potentially be accessed by unauthorized remote users or systems due to access control issues.

tags | advisory, remote
advisories | CVE-2012-2283
SHA-256 | 1751607ad763d8c3030dd46fa7360620eefb9a7f9ade9c9368211dd334e6edf7
QNAP Command Injection
Posted Jun 17, 2012
Authored by Phil Taylor, Nadeem Salim | Site senseofsecurity.com.au

QNAP Turbo NAS with firmware versions 3.6.1 Build 0302T and below suffer from a command injection vulnerability that allows for remote code execution.

tags | exploit, remote, code execution
SHA-256 | bcec74851c024f2e1466935f495fd1687810e39d50b44f12aa001bc14964e143
HP Security Bulletin HPSBPI02728 SSRT100692 6
Posted Apr 26, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02728 SSRT100692 6 - In November, 2011, a potential security vulnerability was identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. This revision, version 6, of the Security Bulletin announces the availability of firmware updates for additional devices.

tags | advisory
advisories | CVE-2011-4161
SHA-256 | 6b9303b4257f0a92fb10e6843f9b596fd3b0ff2087609043ce342140b4a101ad
HP Security Bulletin HPSBPI02728 SSRT100692 5
Posted Mar 19, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02728 SSRT100692 5 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 5 of this advisory.

tags | advisory
advisories | CVE-2011-4161
SHA-256 | 34fc17a3a00efdd16c2e510fe459251c21d59b231555ad0e979a5da926ca663a
Secunia Security Advisory 48048
Posted Feb 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sense of Security has reported a security issue in Snom VoIP Phone Firmware, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | bdd99dccd465ec4c59bbf42bc1f0b06ef8b4944a9f0c632126074ac0519348ff
Secunia Security Advisory 48158
Posted Feb 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sense of Security has reported a security issue and a vulnerability in Snom VoIP Phone Firmware, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | 9d55a5c4cc119aba5c9ab9d76cce3f9611f9d1be5e38cbfe9ee8fc2efafed802
Secunia Security Advisory 48061
Posted Feb 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sense of Security has reported a security issue in Snom VoIP Phone Firmware, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 52fd7d90f18e1af4afd57abcfc7e0a98cc2f675e2689ddcf564d0e2a43c57ede
HP Security Bulletin HPSBPI02728 SSRT100692 4
Posted Feb 18, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02728 SSRT100692 4 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 4 of this advisory.

tags | advisory
advisories | CVE-2011-4161
SHA-256 | ae3a06d6319920eca0609887ae91355785a811ce0226b7717b8527b4072104ba
HP Security Bulletin HPSBPI02728 SSRT100692 3
Posted Jan 9, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02728 SSRT100692 3 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 3 of this advisory.

tags | advisory
advisories | CVE-2011-4161
SHA-256 | dd5e56f566ad2ca9b114239aba459968b740fd1b964f71a9074e028284d0c8a1
HP Security Bulletin HPSBPI02728 SSRT100692 2
Posted Dec 29, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02728 SSRT100692 2 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2011-4161
SHA-256 | ff6f22298de3f425de467f22cf364320ca21ac4e7ef6bb1908722100799044d9
IBM TS3100/TS3200 Web UI Authentication Bypass
Posted Dec 21, 2011
Site trustwave.com

The IBM TS3200/TS3200 Web User Interface is vulnerable to an authentication bypass attack. By sending a series of requests to the authentication function, it is possible to trigger a condition which causes the application to grant an access cookie which permits remote administration. Firmware less than A.60 is affected.

tags | exploit, remote, web
advisories | CVE-2011-1372
SHA-256 | 251930962a416ff086d78263b78eb5f8dcc016095a831b437bd5a97ae19df1ac
Secunia Security Advisory 47257
Posted Dec 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledged some vulnerabilities in Sun System Firmware, which can be exploited by malicious people to conduct spoofing attacks, cause a DoS (Denial of Service), and potentially compromise a user's system.

tags | advisory, denial of service, spoof, vulnerability
SHA-256 | ca8de27c8fdebbee80901664bdcdd9943caeaf960ed3984e7122403b6e96ff00
HP Security Bulletin HPSBPI02728 SSRT100692
Posted Dec 1, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02728 SSRT100692 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2011-4161
SHA-256 | d48441fde8682890a6be06f1b7536c5c8c950288456b21ade23cb63724135da3
Apple Security Advisory 2011-11-10-2
Posted Nov 15, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-11-10-2 - Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 is now available and addresses a security vulnerability. dhclient allowed remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. This issue is addressed by stripping shell meta-characters in dhclient-script.

tags | advisory, remote, arbitrary, shell
systems | apple
advisories | CVE-2011-0997
SHA-256 | 6e8e307de2ea87a65b2fbe4858a5cdefa741c0cb65ec28c910798ebd7cbf3bd9
Digging Inside VxWorks OS And Firmware - Holistic Security
Posted Jul 18, 2011
Authored by Aditya K Sood | Site secniche.org

Whitepaper called Digging Inside VxWorks OS and Firmware - Holistic Security. VxWorks is one of the most widely accepted embedded OSes. In this paper, they have conducted a detailed study of the VxWorks OS security model and firmware in order to understand the potential impact of security vulnerabilities and weaknesses.

tags | paper, vulnerability
SHA-256 | 2c622ddb4286be353e85ab46da20fe4b0ca3a0d882e1cf8d909f856256f15449
Multiple IP Cameras Remote Command Execution
Posted Jun 9, 2011
Authored by Roberto Paleari

IP Cameras such as TRENDnet, Digicom, and iPUX all share a firmware that suffers from undocumented user, command injection, hidden telnet service, and various other vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 2e13035b1da24232cad2b5abbce7c0d6968fb792c214dcbcbecba7542a6aaf4b
Belkin G Wireless Router 5.00.12 Password Hash Disclosure
Posted May 31, 2011
Authored by Aodrulez

Belkin G Wireless Router with firmware version 5.00.12 suffers from a password hash disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 1ff16d35f0826f93976163d23810916b6c842c832770207c9409be7c72c79f0d
Linksys WRT54G Cross Site Scripting
Posted Apr 29, 2011
Authored by Justin C. Klein Keane

The Cisco Linksys Wireless G Broadband Router WRT54G with firmware version 4.21.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
systems | cisco
SHA-256 | 33023e6063d14ffdaada37d384498349e1d019e88d22a6bd58eef458b22376b7
Linksys WRT54G Password Disclosure
Posted Apr 11, 2011
Authored by RaFD

Linksys WRT54G with firmware version 7.00.1 suffers from an administrative password disclosure vulnerability via ftpd.

tags | exploit, info disclosure
SHA-256 | 29ac89d17267faf8260fc55d0bf0cea35b3acec9de7d42041acbc8aaabc40393
ProxBrute 0.3
Posted Jan 12, 2011
Authored by Brad Antoniewicz

ProxBrute is a custom firmware written for the proxmark3. It extends the currently available firmware (revision 465) to support brute force attacks against proximity card access control systems. This version of ProxBrute requires the knowledge of a [once] valid tag value to vertically or horizontally escalate the tag's privileges.

tags | cracker
systems | unix
SHA-256 | a155a9dd000312c20ecbe6ca6bab1bc991183e9dea73578a76754b148ab1332a
RoomWizard Credential Disclosure
Posted Jan 6, 2011
Authored by Sean Lam

RoomWizard suffers from a default password and sync connector credential leak vulnerability. Firmware version 3.2.3 is affected.

tags | exploit, info disclosure
advisories | CVE-2010-0214
SHA-256 | cd571a6d6eac92710b122e7baf4146e0163348b1c380b890746f3484d6c692d5
DIR-615 Privilege Escalation
Posted Dec 5, 2010
Authored by Craig Heffner | Site devttys0.com

This file provides a detailed description of a privilege escalation vulnerability that has been confirmed to affect the DIR-615 revD router running firmware version 4.11.

tags | advisory
SHA-256 | a160c910db3449d12d52aa5b71001bba6e2a99708a556a84bf479eddf5694cb0
Secunia Security Advisory 42059
Posted Nov 2, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Intel Xeon 5500 and 5600 Series BMC Firmware, which can be exploited by malicious users to gain escalated privileges.

tags | advisory
SHA-256 | 01e20d92ef50436b1c0eef5c25bdb74ed3a2e0277f94650daf9927dd6874e094
Proventia Network Mail Security System CRLF Injection
Posted Sep 14, 2010
Authored by Dr. Marian Ventuneac

Web-based Local Management Interface (LMI) of IBM Proventia Network Mail Security System appliance (firmware 1.6) is vulnerable to a CRLF Injection vulnerability. When exploited by an authenticated attacker, such vulnerability could lead to compromising the security of the appliance, allowing injection of custom HTTP cookies, forcing external redirects, potential HTTP Response Splitting attacks, etc.

tags | exploit, web, local
advisories | CVE-2010-0155
SHA-256 | e89f3a47c9d247e4c7ef74ea39c92a4c23d3b46381a0211b7b0b6dd059c87d44
Page 1 of 4
Back1234Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close