Druva inSync client for Windows exposes a network service on TCP port 6064 on the local network interface. inSync versions 6.5.2 and prior do not validate user-supplied program paths in RPC type 5 messages, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested successfully on inSync version 6.5.2r99097 on Windows 7 SP1 (x64).
12e3b974b7cb427087439bf5f922afb373bca8c3346525b183f6422b28801319Red Hat Security Advisory 2020-1725-01 - The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Issues addressed include a HTTP request smuggling vulnerability.
70440f69de06b5af489ae2f8c8489291f418f4e9f8e38d2401271421d54881f2Red Hat Security Advisory 2020-1702-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a heap overflow vulnerability.
8f2c142f2755284356d752a2a9083db5906f1c101b0473922a4651d6c653e11bDebian Linux Security Advisory 4649-1 - Felix Wilhelm of Google Project Zero discovered that HAProxy, a TCP/HTTP reverse proxy, did not properly handle HTTP/2 headers. This would allow an attacker to write arbitrary bytes around a certain location on the heap, resulting in denial-of-service or potential arbitrary code execution.
80baf89b62669c231d6573be3cd65d0c449865262825b3da687c69972b88fa1f80 bytes small Linux/x86 reverse shell generator shellcode with customizable TCP port and IP address.
b6288f9069a67ab9a6e3d01fe3b23d7615e89b3fbb4002b6507be11140b269ffRed Hat Security Advisory 2020-1288-01 - The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Issues addressed include an out of bounds write vulnerability.
89719e6b81441f976dd3381193a1c7ab82863d5a4068e38baa0bcc2c20bca64dRed Hat Security Advisory 2020-1290-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include an out of bounds write vulnerability.
8543e7b94677e15978de5119c6ea1bc027dd4b9630ee58bbf3947abb1242a170Red Hat Security Advisory 2020-1289-01 - The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Issues addressed include an out of bounds write vulnerability.
43f7dbed2caec40c2917358ab5796636cad13980c6528820ebaf5c8d42ea78dcRed Hat Security Advisory 2020-1000-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. A heap-based overflow was addressed.
a05f2d02c4e050654376794065fcd0c944afaa09edf293301111c78112a800ecnullscan is a modular framework designed to chain and automate security tests. It parses target definitions from the command line and runs corresponding modules and their nullscan-tools afterwards. It can also take hosts and start nmap first in order to perform a basic portscan and run the modules afterwards. Also, nullscan can parse a given nmap logfile for open tcp and udp ports and again run the modules afterwards. All results will be logged in specified directories with a clean structure and an HTML report can subsequently be generated.
1da37356f0e6207cb790e560e1a98270c3634a6f5b57a81d9d96288dc9cb5be2Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
958a5045c8a59fa700876133f5194c0b5962c1980df9cf0fee1207d048e18ebeThis whitepaper provides an overview of the MQTT protocol. MQTT is a is an open OASIS and ISO standard (ISO/IEC PRF 20922) lightweight, simple machine to machine TCP/IP based protocol which can be used for communication between IoT devices.
78e054c75221b860ea376398c58871b6df4560e564b271b438e6fbc6930c17c3CHIYU BF430 TCP IP Converter suffers from a persistent cross site scripting vulnerability.
a97e6652b54a6e213462a18bf798714e11945b4cee44fe4556ec6fbe64c90f92This exploit uses the Cable Haunt vulnerability to open a shell for the Sagemcom F@ST 3890 (50_10_19-T1) cable modem. The exploit serves a website that sends a malicious websocket request to the cable modem. The request will overflow a return address in the spectrum analyzer of the cable modem and using a rop chain start listening for a tcp connection on port 1337. The server will then send a payload over this tcp connection and the modem will start executing the payload. The payload will listen for commands to be run in the eCos shell on the cable modem and redirect STDOUT to the tcp connection.
658e656e50297dc9328be51b95fa17458c6d29e74f2464a318d0eabe41049aa0188 bytes small Lnux/x64 reverse TCP stager shellcode.
591019260910193e4c2e2e0f050fbb9e22e4ce33e8a1c99cfcee1b71f9f72dc2Debian Linux Security Advisory 4577-1 - Tim Dusterhus discovered that haproxy, a TCP/HTTP reverse proxy, did not properly sanitize HTTP headers when converting from HTTP/2 to HTTP/1. This would allow a remote user to perform CRLF injections.
354b9471b47cedf156fae21fdd08eeb96eab9831e2b07a6b5c32125d5f285f6cUbuntu Security Notice 4197-1 - It was discovered that Bind incorrectly handled certain TCP-pipelined queries. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service.
a45a34a52cb88dfe6f7cca466bbfa3d532ee0e6d4c77eec287474dcd8e6290d4This Metasploit module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions: 1.6.10-17-726448d~44bit on FreeSWITCH-Deb8-TechPreview virtual machine; 1.8.4~64bit on Ubuntu 19.04 (x64); and 1.10.1~64bit on Windows 7 SP1 (EN) (x64).
2af6ba6d2dae98ab9fd3f1dbb8b8f6ec3e20238f5bef67966c656048edd77ffcWhitepaper called Covert Channel and Data Hiding in TCP/IP.
ee6c94c7e37da8cedd6c14da5b0c23870bbf9aaf399d2fe36aa251541bf12313Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
71af9918773e9028decc9c58136a9f56713a2951ed97b1130c0d6a01fe95eeabA FortiSIEM collector connects to a Supervisor/Worker over HTTPS TLS (443/TCP) to register itself as well as relaying event data such as syslog, netflow, SNMP, etc. When the Collector (the client) connects to the Supervisor/Worker (the server), the client does not validate the server-provided certificate against its root-CA store. Since the client does no server certificate validation, this means any certificate presented to the client will be considered valid and the connection will succeed. If an attacker spoofs a Worker/Supervisor using an ARP or DNS poisoning attack (or any other MITM attack), the Collector will blindly connect to the attacker's HTTPS TLS server. It will disclose the authentication password used along with any data being relayed. Versions 5.0 and 5.2.1 have been tested and are affected.
dbc1310afdd15da14c73881539c81b6d75bfa93a15e200bb1094631bd6549cbe53 bytes small Linux/x86 bind TCP port 43690 null-free shellcode.
72ee8e6b0c1bb5959452806f1adf21697514884ba37f888de728a9f0fdb94820Linux/x86 TCP reverse shell 127.0.0.1 nullbyte free shellcode.
329c527166985f21f8066e80dbde39d0834fcb98733657d062bf3926cdfd341f120 bytes small Linux/x86_64 reverse (127.0.0.1:4444/TCP) shell (/bin/sh) + password (pass) shellcode.
1c38c103a596fcb64ef48d59fd8c0f6942b90a78da6f307b1b22480e5eb523e5157 bytes small Linux/MIPS64 reverse (localhost:4444/TCP) shell shellcode.
0e371de6c42c802891f465341b83b23f73f24fea23abf8aa1e01af9d67db8681
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed