Files from Jeremy Brown ≈ Packet Storm

Channel: Files from Jeremy Brown ≈ Packet Storm

Ajenti Remote Command Execution

October 11, 2019, 8:05 am

Ajenti suffers from a remote command execution vulnerability.

View Article

Podman / Varlink Remote Code Execution

October 14, 2019, 5:15 pm

Remote exploit for Podman when configured with Varlink that allows for remote command execution, denial of service, directory traversal, and information disclosure vulnerabilities.

View Article

Ajenti 2.1.31 Command Injection

December 2, 2019, 11:24 am

This Metasploit module exploits a command injection in Ajenti version 2.1.31. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.

View Article

Erlang Bytecode String Converter

December 21, 2020, 9:30 am

estr2bc is a python script to convert arbitrary string input to Erlang bytecode.

View Article

Stratodesk NoTouch Center Privilege Escalation

December 21, 2020, 12:19 pm

Stratodesk NoTouch Center virtual appliance suffers from a privilege escalation vulnerability. This was addressed in version 4.4.68.

View Article

Cassandra Web 0.5.0 Remote File Read

December 29, 2020, 11:44 am

Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for the server to auth to it and provide the...

View Article

HPE Edgeline Infrastructure Manager Improper Authorization

December 29, 2020, 11:46 am

HPE Edgeline Infrastructure Manager suffers from multiple broken authorization flows that allow for administrative function access without authenticating and can allow for arbitrary password changes.

View Article

Openpilot Default SSH Key Scanner

December 31, 2020, 7:32 am

Openpilot has a default SSH key that can allow attackers remote access if not changed. This script port scans and attempts to login to Openpilot SSH servers with the default key.

View Article

Zoom 4.6.239.20200613 Meeting Connector Post-Auth Remote Root

December 31, 2020, 7:36 am

Zoom version 4.6.239.20200613 suffers from a Meeting Connector post-authentication remote root code execution vulnerability via the proxy server functionality. The latest Zoom client has this issue...

View Article

PIMT 1.0

January 4, 2021, 8:00 am

PIMT is a Public Infrastructure Monitoring Tool (pronounced PIM-tee). It queries common recon tools for publicly available data regarding particular organizations based on the domains and keywords...

View Article

F5 BIG-IQ VE 8.0.0-2923215 Remote Root

June 23, 2021, 9:02 am

F5 BIG-IQ VE version 8.0.0-2923215 post-authentication remote root code execution exploit.

View Article

Cisco Modeling Labs 2.1.1-b19 Remote Command Execution

June 23, 2021, 9:04 am

Cisco Modeling Labs version 2.1.1-b19 remote command execution exploit.

View Article

HPE RDA-CAS 1.23.826 Denial Of Service

June 23, 2021, 9:06 am

HPE RDA-CAS version 1.23.826 remote denial of service exploit.

View Article

Docker Dashboard Remote Command Execution

July 7, 2021, 8:58 am

Docker Dashboard suffers from a remote command execution vulnerability. The fix is added in commit 79cdc41.

View Article

Okta Access Gateway 2020.5.5 Authenticated Remote Root

July 7, 2021, 9:10 am

Okta Access Gateway version 2020.5.5 suffers from multiple authenticated remote root command injection vulnerabilities.

View Article

Riak Insecure Default Configuration / Remote Command Execution

August 4, 2021, 6:56 am

Riak runs as an Erlang service configured with a default cookie of riak that allows for remote command execution if not modified before use.

View Article

Shoutcast Server 2.6.0.753 Crash

August 23, 2021, 8:14 am

Shoutcast server version 2.6.0.753 suffers from a remote authenticated crash vulnerability.

View Article

Ulfius Web Framework Remote Memory Corruption

September 14, 2021, 9:22 am

Ulfius Web Framework suffers from a remote memory corruption vulnerability. When parsing malformed HTTP requests, a heap-related initialization bug is triggered resulting in a crash in the server or...

View Article

litefuzz 1.0

September 20, 2021, 9:09 am

litefuzz is a multi-platform fuzzer for poking at userland binaries and servers.

View Article

GtkRadiant 1.6.6 Buffer Overflow

June 1, 2022, 12:34 pm

GtkRadiant version 1.6.6 suffers from a buffer overflow vulnerability.

View Article

Comma Openpilot Insecure Default Configuration

June 1, 2022, 1:15 pm

Comma devices running Openpilot suffered from an insecure configuration when SSH is enabled where the private key is publicly known. Additional security hardening improvements have also been made in...

View Article

libMeshb Buffer Overflow

June 2, 2022, 10:05 am

libMeshb suffers from a buffer overflow vulnerability. Version 7.62 has been released to address this issue.

View Article

IIPImage Remote Memory Corruption

June 3, 2022, 9:01 am

IIPImage is distributed with a server that enables advanced, high-performance image manipulation for web-based streaming and viewing of high resolution images. The server component called iipsrv.fcgi...

View Article

NVIDIA Data Center GPU Manager Remote Memory Corruption

June 3, 2022, 9:08 am

NVIDIA DCGM runs on machines with NVIDIA GPUs to gather telemetry and GPU health data. nv-hostengine is a daemon that by default listens on the loopback interface, but can also listen on the network...

View Article

Apple macOS Remote Events Memory Corruption

September 5, 2022, 7:59 am

This is a proof of concept exploit for the Apple macOS remote events remote memory corruption vulnerability. It serves as a toolkit to help debug and trigger crashes.

View Article

More Pages to Explore .....

Latest Images