exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files

Ivanti Avalanche MDM Buffer Overflow
Posted Sep 18, 2023
Authored by Ege Balci | Site metasploit.com

This Metasploit module exploits a buffer overflow condition in Ivanti Avalanche MDM versions prior to 6.4.1. An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in arbitrary code execution with the NT/AUTHORITY SYSTEM permissions. This vulnerability occurs during the processing of 3/5/8/100/101/102 item data types. The program tries to copy the item data using qmemcopy to a fixed size data buffer on stack. Upon successful exploitation the attacker gains full access to the target system. This vulnerability has been tested against Ivanti Avalanche MDM version 6.4.0.0 on Windows 10.

tags | exploit, overflow, arbitrary, code execution
systems | windows
advisories | CVE-2023-32560
SHA-256 | f923d88a736ee1b1d58c5f717428d9695cfc5a4107837de0f4006d0c4a042202

Related Files

Ivanti Sentry Authentication Bypass / Remote Code Execution
Posted Sep 13, 2023
Authored by jheysel-r7, James Horseman, Zach Hanley | Site metasploit.com

This Metasploit module exploits an authentication bypass in Ivanti Sentry which exposes API functionality which allows for code execution in the context of the root user.

tags | exploit, root, code execution
advisories | CVE-2023-38035
SHA-256 | ea4bf146aae20e6532518f5f14a0339f6c32348de42b3b15936e869ed48d8e04
Ivanti Avalance Remote Code Execution
Posted Sep 4, 2023
Authored by Robel Campbell

Ivanti Avalanche versions prior to 6.4.0.0 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2023-32560
SHA-256 | fbb31ff5f38dd146b12a471e205d680b8205fc2fdb41ac774f03201dcb313808
Ivanti Avalanche FileStoreConfig Shell Upload
Posted May 16, 2023
Authored by Shelby Pace, Piotr Bazydlo | Site metasploit.com

Ivanti Avalanche versions prior to 6.4.0.186 permits MS-DOS style short names in the configuration path for the Central FileStore. Because of this, an administrator can change the default path to the web root of the applications, upload a JSP file, and achieve remote command execution as NT AUTHORITY\SYSTEM.

tags | exploit, remote, web, root
advisories | CVE-2023-28128
SHA-256 | 2d460c161e59ed0128cbce4a78b4bddc06c84edf0d04e1d6643a9c60b4012dc5
Ivanti Cloud Services Appliance (CSA) Command Injection
Posted Jan 18, 2023
Authored by h00die-gr3y, Jakub Kramarz | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the Ivanti Cloud Services Appliance (CSA) for Ivanti Endpoint Manager. A cookie based code injection vulnerability in the Cloud Services Appliance before 4.6.0-512 allows an unauthenticated user to execute arbitrary code with limited permissions. Successful exploitation results in command execution as the nobody user.

tags | exploit, arbitrary
advisories | CVE-2021-44529
SHA-256 | ed5ba9659a8b5c3e1351d75d25fedfb77cae4f82344658a2b6b6cbe220161e6d
Ivanti Endpoint Manager CSA 4.5 / 4.6 Remote Code Execution
Posted Mar 21, 2022
Authored by D7X

Ivanti Endpoint Manager CSA versions 4.5 and 4.6 suffer from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2021-44529
SHA-256 | 6ede7e4c555086097785e7b930d3648768ced8d291ef8685bd545f55401f4bd6
Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection
Posted Oct 11, 2021
Authored by LiquidWorm | Site zeroscience.mk

Cypress Solutions CTM-200 wireless gateway version 2.7.1 suffers from an authenticated semi-blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'ctm-config-upgrade.sh' script leveraging the 'fw_url' POST parameter used in the cmd upgreadefw as argument, called by ctmsys() as pointer to execv() and make_wget_url() function to the wget command in /usr/bin/cmdmain ELF binary.

tags | exploit, arbitrary, shell, root
SHA-256 | 3c5b924eea85063a32d4abf12a102470e52fe008b637d8c375ec9d27c3e4f296
MobileIron MDM Hessian-Based Java Deserialization Remote Code Execution
Posted Jan 25, 2021
Authored by Orange Tsai, wvu, iamnoooob, rootxharsh | Site metasploit.com

This Metasploit module exploits an ACL bypass in MobileIron MDM products to execute a Groovy gadget against a Hessian-based Java deserialization endpoint.

tags | exploit, java
advisories | CVE-2020-15505
SHA-256 | 5c0db542beea98b42c60393d60ff136e823dca9b8c1933fb194541ebcc3d1e48
SureMDM Local / Remote File Inclusion
Posted Feb 2, 2019
Authored by Digital Interruption

SureMDM versions prior to the 2018-11 Patch suffers from local and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
advisories | CVE-2018-15657
SHA-256 | b069dba5af00d8f2b4260a759c6f5a4c28e1c87bc836b38530dc45f0811913f3
Ivanti Workspace Control UNC Path Data Security Bypass
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

Ivanti Workspace Control contains a flaw where it is possible to access folders that should be protected by Data Security. A local attacker can bypass these restrictions using localhost UNC paths. Depending on the NTFS permissions it may be possible for local users to access files and folders that should be protected using Data Protection. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

tags | advisory, local, bypass
SHA-256 | 507e3c9cc2d0a60cb3923378de3e647c3ee8b937f4097ddf9a6615c71a46daf9
Ivanti Workspace Control Registry Stored Credentials
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

A flaw was found in Workspace Control that allows a local unprivileged user to retrieve the database or Relay server credentials from the Windows Registry. These credentials are encrypted, however the encryption that is used is reversible. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

tags | advisory, local, registry
systems | windows
SHA-256 | 964ae3397201993a0875edfc0ea849d24a6d6bd09383d580016c683c5209f357
Ivanti Workspace Control Named Pipe Privilege Escalation
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

It was found that Ivanti Workspace Control allows a local (unprivileged) attacker to run arbitrary commands with Administrator privileges. This issue can be exploited by spawning a new Composer process, injecting a malicious thread in this process. This thread connects to a Named Pipe and sends an instruction to a service to launch an attacker-defined application with elevated privileges. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

tags | advisory, arbitrary, local
SHA-256 | 8258dbf9be109afe0d7a02ca62f333c5c39f3e9e6c52f1ae3f17a46f22ef8eca
Ivanti Workspace Control Application PowerGrid SEE Whitelist Bypass
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

It was found that the PowerGrid application can be used to run arbitrary commands via the /SEE command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.950.0.

tags | exploit, arbitrary, bypass
SHA-256 | d22755c11b4351cbedb8fccbfeb8f10b0a0fd56433daae7099f4a1f97ebe9bcb
Ivanti Workspace Control Application PowerGrid RWS Whitelist Bypass
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

It was found that the PowerGrid application will execute rundll32.exe from a relative path when it is started with the /RWS command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1.

tags | exploit, arbitrary, bypass
SHA-256 | 247ebbfbc6e429e14f49ffdb9bfdcf441bfb4a187e2d9cb26ed36d4cf65e0153
Microsoft Machine Debug Manager (mdm) DLL Hijacking
Posted Jun 30, 2017
Authored by Karn Ganeshen

Microsoft Machine Debug Manager (mdm) suffers from dll hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
SHA-256 | db92dfe873e589fe2a002dfec15943dbc9eb4432297101f2fd0811808db098a2
Newtec Satellite Modem MDM6000 2.2.5 Cross Site Scripting
Posted Aug 22, 2016
Authored by LiquidWorm | Site zeroscience.mk

Newtec Satellite Modem version MDM6000 2.2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 66bc91a91c3296445a0ce9b51f0b9593e0c5ff0d247b6788f617a033992cf9be
Red Hat Security Advisory 2015-2241-03
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2241-03 - The chrony suite, chronyd and chronyc, is an advanced implementation of the Network Time Protocol, specially designed to support systems with intermittent connections. It can synchronize the system clock with NTP servers, hardware reference clocks, and manual input. It can also operate as an NTPv4 server or peer to provide a time service to other computers in the network. An out-of-bounds write flaw was found in the way chrony stored certain addresses when configuring NTP or cmdmon access. An attacker that has the command key and is allowed to access cmdmon could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2015-1821, CVE-2015-1822, CVE-2015-1853
SHA-256 | 9dcd1e723bb8317bbfc69f9f7175740614fd51f6bffa6bfacdfedd26b82d3eb2
Samsung Galaxy KNOX Android Browser Remote Code Execution
Posted Nov 18, 2014
Authored by joev, Andre Moulu | Site metasploit.com

This Metasploit module exploits a vulnerability that exists in the KNOX security component of the Samsung Galaxy firmware that allows a remote webpage to install an APK with arbitrary permissions by abusing the 'smdm://' protocol handler registered by the KNOX component. The vulnerability has been confirmed in the Samsung Galaxy S4, S5, Note 3, and Ace 4.

tags | exploit, remote, arbitrary, protocol
SHA-256 | 03a3f71c2c2fa9fd0b119371b2d55e432974a0922073ac802b493949e3fd1f34
JAMF Casper Suite MDM Cross Site Request Forgery
Posted Sep 28, 2012
Authored by Jacob Holcomb

JAMF Casper Suite MDM suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2012-4051
SHA-256 | cf040459d9566c7ec0296767cfadc0a7c77290c27d5f32c1c12b7b58c1b369b8
Secunia Security Advisory 43191
Posted Feb 5, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Moxa Device Manager MDM Tool, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory
SHA-256 | 37fe2e9cc0970f707f9a6ff9d560eded3d460a451526b2534219f67bdb896cfa
MOXA Device Manager Tool 2.1 Buffer Overflow
Posted Nov 8, 2010
Authored by Ruben Santamarta, MC | Site metasploit.com

This Metasploit module exploits a stack overflow in MOXA MDM Tool 2.1. When sending a specially crafted MDMGw (MDM2_Gateway) response, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
SHA-256 | d1dd4e7fce98d32b48eac6791f3f78990a4253f063ff4c36a0b84dd00ca14a1c
iDEFENSE Security Advisory 2007-05-10.2
Posted May 11, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 05.10.07 - Remote exploitation of a buffer overflow vulnerability within Novell Inc.'s NetMail allows attackers to execute arbitrary code with the privileges of the service. This vulnerability specifically exists within the SSL version of the "NMDMC.EXE" service. The application does not perform sufficient input validation when copying data into a fixed size stack buffer. When processing a specially crafted request made to this service, a stack-based buffer overflow occurs leading to corruption of program control registers saved on the stack. iDefense has confirmed the existence of this vulnerability within version 3.52e_FTF2 of Novell Inc's NetMail. Older versions are suspected to be vulnerable.

tags | advisory, remote, overflow, arbitrary
SHA-256 | 7c4224fd04fdf501163a3652b70255e6a67bedbbac0803f93921ededa636574a
mdma-5.savant.txt
Posted Jun 7, 2000
Authored by Wizdumb | Site subversion.za.org

MDMA Advisory #5 - It is possible to view the source of CGI scripts running under the Savant Webserver by omitting the HTTP version from your request.

tags | exploit, web, cgi
SHA-256 | 1724fba392451be3b3274800afadb12de1c0b9bc1ae2d9480be7bf44fb177af0
mdma-6.eserv.txt
Posted Jun 7, 2000
Authored by Wizdumb | Site subversion.za.org

MDMA Advisory #6 - EServ v2.92 and prior are vulnerable to a logging heap overflow vulnerability. Java proof of concept exploit code included.

tags | exploit, java, overflow, proof of concept
SHA-256 | 8f8294582a025b703fc4bcc38a6d47de57ed4735dddb9a13e1f4b02168d4ba63
Page 1 of 1
Back1Next

File Archive:

November 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    1 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    0 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    219 Files
  • 14
    Nov 14th
    19 Files
  • 15
    Nov 15th
    66 Files
  • 16
    Nov 16th
    38 Files
  • 17
    Nov 17th
    9 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    11 Files
  • 22
    Nov 22nd
    56 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    36 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    14 Files
  • 28
    Nov 28th
    30 Files
  • 29
    Nov 29th
    35 Files
  • 30
    Nov 30th
    25 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close