exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed


Posted Aug 28, 2000
Authored by Vigilante | Site vigilante.com

Vigilante Advisory #7 - A malicious user can crash an Intel Express 550F or a host behind it by sending a packet with a malformed header. To restart the box you need remove it from it's power source as the reset button loses functionality as well. Affected systems: Intel Express Switch 550F - Firmware version 2.63 - Firmware version 2.64.

tags | exploit
SHA-256 | e5543dcadd99ee203a752f663a687366bd68f30736388f7036df6793e11c9e4c

Related Files

iDEFENSE Security Advisory 2005-09-13.2
Posted Sep 14, 2005
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDEFENSE Security Advisory 09.13.05 - Remote exploitation of a design error in the 'restore.cgi' component of Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated modification of the router configuration. The vulnerability specifically exists in the 'POST' method of restore.cgi handler. The httpd running on the internal interfaces, including by default the wireless interface, does not check if authentication has failed until after data supplied by an external user has been processed. The restore.cgi handler allows a user to upload a new configuration into the non-volatile memory of the router. If the user is authenticated, the router will then restart, and the new configuration will be loaded. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G wireless router, and has identified the same code is present in versions 3.03.6 and 4.00.7. All versions prior to 4.20.7 may be affected.

tags | advisory, remote, cgi
systems | cisco
SHA-256 | b2ccc83517cfa13503d821a0d345d4c9efc278517875dc3388bbde7b3000125d
iDEFENSE Security Advisory 2005-09-13.1
Posted Sep 14, 2005
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDEFENSE Security Advisory 09.13.05 - Remote exploitation of a design error in multiple versions of the firmware for Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated modification of the router configuration. The vulnerability specifically exists in the 'ezconfig.asp' handler of the httpd running on the internal interfaces, including by default the wireless interface. This handler is used by the 'ezSetup' to perform the initial setup of the router. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G, and has identified the same code is present in version 3.03.6. Version 2.04.4 of the WRT54G is confirmed to contain the affected code, however by default it initializes the authentication details, and so requires a password to set the configuration.

tags | advisory, remote, asp
systems | cisco
SHA-256 | 8678dca399143546a683fdfe6d05848911d3e816349bba43699a6387814c6f22
Posted Sep 5, 2005
Authored by Francois Harvey | Site securiweb.net

The Barracuda Spam Firewall Appliance firmware versions 3.1.17 and below suffer from directory traversal, remote command execution, and password retrieval vulnerabilities.

tags | exploit, remote, vulnerability
SHA-256 | 42ec53e2eb500afc8a902f37140fda794ff5018657eb32d4ce443924ae4d2560
Posted Aug 17, 2005
Authored by Steve Scherf

It appears that firmware version 4.50.6 for the Linksys WRT54GS (hardware version 1) wireless router allows wireless clients to connect and use the network without actually authenticating.

tags | advisory
SHA-256 | 96e8d0b366b9a6d9eb3a34c25b308ab8fed0342424a224e57d4430f08f3e689b
Posted Aug 17, 2005
Authored by Tim Brown | Site nth-dimension.org.uk

Nth Dimension Security Advisory (NDSA20050719) - Mentor's ADSL-FR4II router, firmware version 2.00.0111 2004.04.09, is susceptible to unauthenticated administrative access, downloading of configuration files with the system password, and denial of service attacks.

tags | exploit, denial of service
SHA-256 | 0f83b740a762a56491cbed35335983e8fef2cbc2304efae7c7441605de1e61ae
Posted Nov 24, 2004
Authored by ECL Team

Local user input handling vulnerabilities exist in WCI's TC-IDE Embedded Linux prior to v1.54 which allow local users with access to the tools provided with the system to spawn a root console, gaining full control over the running Linux operating system. In corporate environments where this product is being used, such vulnerabilities could cause disastrous effects, all users are encouraged to update to the latest firmware ASAP.

tags | exploit, local, root, vulnerability
systems | linux
SHA-256 | 46d3aa11e83ba80562e7262440809b13893d555f6f58bc2ca80b55ac4797533e
Secunia Security Advisory 13065
Posted Nov 5, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Lyndon Dubeau has reported a security issue in NetGear FWAG114 ProSafe Dual Band Wireless VPN Firewall, which can be exploited by malicious people to read or manipulate configuration information. The problem is that it is not possible to disable the SNMP service nor change the default SNMP community strings. The problem has been reported in firmware release 1.0.26RC4. Other versions may also be affected.

tags | advisory
SHA-256 | ce8088360acd36d27b92b5320bc300140c19379438b86e163025f5ac775e72bc
Posted Oct 13, 2004
Authored by Mr. Joe

When powering off the Micronet Wireless Broadband Router, Model Number SP916BM, the admin password gets set back to admin. Here's the kicker: in order to change the password you must know what the administrative password was set to prior to the power off. Upgrade to firmware 1.9 to fix this.

tags | advisory
SHA-256 | e11542d2578735dc297e764e674a65cc9614bb6b9f43c8814372598c9f6eff29
Posted Sep 29, 2004
Authored by Daniel Fabian | Site sec-consult.com

The firmware of Motorola's wireless WR850G router has a flaw that enables an attacker to log into the router's web interface without knowing username or password and the ability to gain knowledge of the router's username and password after logging in.

tags | advisory, web
SHA-256 | 53a21852c0242beeb54ba7eefa07e509f4a3ca8e3fb4efdc7230f7b036ceeeb4
Posted Jul 26, 2004
Authored by Dirk Loss | Site it-consult.net

eSeSIX Thintune with a firmware equal to or below 2.4.38 is susceptible to multiple vulnerabilities. These include having a backdoored service on a high port with an embedded password giving a remote root shell, various other passwords being stored locally in clear text, and a local root shell vulnerability.

tags | exploit, remote, shell, local, root, vulnerability
SHA-256 | c7d6d010b7722058b4e87e183838984d6663484de3c895b5781af6297637e073
Posted Jul 11, 2004
Site corsaire.com

Whitepaper on hardening Mac OS X. The paper includes a very brief introduction to the firmware, descriptions of hardening using both GUI and command-line interface.

tags | paper
systems | unix, apple, osx
SHA-256 | 4688e86aba49b64aea66c1e41de872c1d5fbe4833debe6b75fc948a9e68ed20c
Posted Jun 22, 2004
Authored by Gregory Duchemin

It has been reported that a vulnerability exists in DNS One, potentially allowing malicious people to conduct script insertion attacks. The problem is that input supplied to the HOSTNAME and CLIENTID parameters in a valid DHCP request are logged unfiltered, allowing arbitrary HTML and script code to be embedded. Successful exploitation allows code execution in an administrative user's browser in context of the affected site when the report / log is viewed. Reportedly, firmware version 2.4.0-8 and 2.4.0-8A and prior are affected.

tags | advisory, arbitrary, code execution
SHA-256 | 834a3a0d683b2f180754f7d96f8cbc06c96db82fa7ecf2da5fe00ff2985869ab
Posted Jun 14, 2004
Authored by msl

Edimax 7205APL with a firmware of 2.40a-00 has a huge flaw where a guest account is hard-coded into the firmware allowing anyone to perform a backup with the same privileges of the administrator.

tags | exploit
SHA-256 | 819184677465c2c8b615fa02029e918e3a745193ddc406e52a03e02353079da1
Posted Jun 9, 2004
Authored by Fernando Sanchez

USR Robotics Broadband Router 8003 has a flawed password checking functionality where the password is first verified by a javascript function that has the real administrator password embedded and easily viewable in the source code, allowing any malicious remote attacker to take full control of the device. Tested against firmware v1.04 08. USR Robotics has claimed the problem is not that serious and has not taken any steps to remedy the situation.

tags | exploit, remote, javascript
SHA-256 | 9355223364a226a9678e3b296d0cdc281938db1b9412641fba0392b38c8c4485
iDEFENSE Security Advisory 2004-05-26.t
Posted May 26, 2004
Authored by iDefense Labs, Rafel Ivgi | Site idefense.com

iDEFENSE Security Advisory 05.26.04: Remote exploitation of a buffer overflow in firmware release of 3Com's OfficeConnect Remote 812 ADSL Router could allow a denial of service. By sending a specially formed long string to the telnet port of a vulnerable device containing Telnet escape sequences, it is possible to get it to either reboot or stop handling packets. If the device does not reboot spontaneously, it will require a manual reboot before continuing normal operation.

tags | advisory, remote, denial of service, overflow
advisories | CVE-2004-0476
SHA-256 | 02eabd38499d8724a5f09a1c30c54ba23979a167fff06c240818836ce07ce693
Posted Mar 2, 2004
Authored by xeno

SonicWall Firewall/VPN appliances with a firmware revision of or below are vulnerable to denial of service attacks, arp flooding, and network mapping.

tags | advisory, denial of service
SHA-256 | 5afceb8d554b712bc100cf66fbfdd59b1cd755eb6ffd70f786dc79e5d8d57d0c
Posted Feb 24, 2004
Authored by Rafel Ivgi | Site theinsider.deep-ice.com

Gigabyte Broadband Router version Gn-B46B with firmware version 1.003.00 is vulnerable to a remote authorization bypass.

tags | advisory, remote
SHA-256 | e3149a74a9c9b81c93c795bacc90d54e97eece5c31f0f9a3dd7a8c272d3b6b3f
Posted Feb 23, 2004
Site ncipher.com

nCipher Security Advisory No. 9 - On certain models and firmware combinations, an attacker who is able to issue commands to an HSM may be able to access secret data stored in the module, including critical application keys.

tags | advisory
SHA-256 | 071a6375bd388973a762bfda42b19fa6b55931c003c9e7b6bbc847b7f457b7e1
Posted Dec 5, 2003
Authored by carbon

Sending a blank GET request to a Linksys WRT54G v1.0 (firmware v 1.42.3) router results in a denial of service.

tags | advisory, denial of service
SHA-256 | 986a4c9134cb217705aa68dacd125d9dff813dac0af519f895c98449cde6ce59
Posted Oct 16, 2003
Site DigitalPranksters.com

The Linksys EtherFast Cable/DSL Firewall Router BEFSX41 (Firmware 1.44.3) is susceptible to a denial of service attack when a long string is sent to the Log_Page_Num parameter of the Group.cgi script.

tags | exploit, denial of service, cgi
SHA-256 | f1c0300dc00e219b8dbc03dbdfde2f6bb99cf9e08b84db923315190b4e59337b
Posted Aug 12, 2003
Authored by Chris | Site cr-secure.net

The D-Link 704p router with firmware version 2.70 is susceptible to multiple denial of service attacks via excessively populated URLs.

tags | advisory, denial of service
SHA-256 | 259dfe21c118eba6461f050b76150dcde4b4c110bda548460ad171c05429eaea
Posted Jul 29, 2003
Authored by Reda Zitouni | Site vigilante.com

Vigilante Advisory 2003002 - A flaw in firmware version 12.2(4)JA and earlier of the Cisco Aironet 1100 series allows a malicious remote user to discover which accounts are valid on the targeted Cisco Aironet Access Point by using classical brute force techniques. Exploitation of this flaw is possible if the telnet service is enabled with authentication.

tags | advisory, remote
systems | cisco
advisories | CVE-2003-0512
SHA-256 | dd1081c4783f7f655e1c47afb23551054a850f7af1193270e29c559513a42be0
Posted Jun 3, 2003
Authored by Chris | Site securityindex.net

D-Link routers with a firmware of 2.70 and below are vulnerable to a denial of service vulnerability providing the attacker has the ability to see the internal interface on the router. Sending a malformed URL to the syslog script will caused a DNS query. Multitudes of this query can result in a DoS and other odd forms of behavior.

tags | exploit, denial of service
SHA-256 | 802c81b31a6ec34d42defd9d16029f1790493faf92d67f06228dcf953950b333
Posted Jul 10, 2002
Authored by Peter Grundl, Andreas Sandor | Site kpmg.dk

Watchguard Firebox Dynamic VPN Configuration Protocol Denial of Service - Malicious users can crash the Dynamic VPN Configuration Protocol service (DVCP) by sending a malformed packet to the listener service on TCP port 4110. Watchguard Firebox firmware v5.x.x is vulnerable.

tags | denial of service, tcp, protocol
SHA-256 | f7fefdb893755ef161385dc353bea35abe34c677710fe9ef1b8f81eb0e3212b7
Posted Jan 31, 2002
Authored by Null Byte Security | Site home.tampabay.rr.com

NetGear RO318 HTTP Filter Advisory - The firmware does not check URL's well enough and will send out restricted content if given a malformed URL. Includes perl exploit.

tags | exploit, web, perl
SHA-256 | 6e07fabd2f010c02fcaec5a1372c9f6341cee8b1bd9566de7cbd913ccf7a0bbc
Page 4 of 4

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    13 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By