exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files from S. Viehbock

First Active2012-12-04
Last Active2014-11-06
Symantec Endpoint Protection 12.1.4023.4080 XXE / XSS / Arbitrary File Write
Posted Nov 6, 2014
Authored by S. Viehbock | Site sec-consult.com

Symantec Endpoint Protection version 12.1.4023.4080 suffers from XXE injection, cross site scripting, and arbitrary file write vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, xxe
advisories | CVE-2014-3437, CVE-2014-3438, CVE-2014-3439
SHA-256 | 8dac04a3f8aa31944840699e39fc5cb46e42c335bda4f13704749fd690e88f91
F5 BIG-IP 11.5.1 Cross Site Scripting
Posted Aug 28, 2014
Authored by S. Viehbock | Site sec-consult.com

F5 BIG-IP versions 11.5.1 and below suffer from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-4023
SHA-256 | 90bc183e4916362d71c4474e9345d2f9d2041b58846f35012b0a395feaf2417a
Bitdefender GravityZone File Disclosure / Missing Authentication
Posted Jul 16, 2014
Authored by S. Viehbock | Site sec-consult.com

Bitdefender GravityZone versions prior to 5.1.11.432 suffer from local file disclosure, insecure service configuration, and missing authentication vulnerabilities.

tags | exploit, local, vulnerability
SHA-256 | af619d5dbc0d5687b495f706bf14196eb93f0a0131142a9608bdc0bdfd57b826
Citrix Netscaler Disclosure / Cross Site Scripting
Posted Jul 16, 2014
Authored by S. Viehbock | Site sec-consult.com

Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway are susceptible to cookie disclosure and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-4346, CVE-2014-4347
SHA-256 | d1476599affa41b884dec786579a526abb8aa5d7a7e7ce2a41d003a8d5c21aa6
OpenVPN Access Server Arbitrary Code Execution
Posted Jul 16, 2014
Authored by S. Viehbock | Site sec-consult.com

Remote attackers can execute arbitrary code and execute other attacks on computers with the OpenVPN Access Server "Desktop Client" installed.

tags | advisory, remote, arbitrary
SHA-256 | 3f95a17f5a3e3e08e1e5b964c913a1f26f928b80824fd0094146709d8a80f674
CoSoSys Endpoint Protector 4 SQL Injection / Backdoor
Posted May 22, 2014
Authored by S. Viehbock | Site sec-consult.com

CoSoSys Endpoint Protector 4 suffers from remote SQL injection, unauthenticated access, information disclosure, and backdoor vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | ee59c852aa9ec9b54cfb17cac2c30abf6fbb5c230308e6bbdca47b9cb0f61f3e
AVG Remote Administration Bypass / Code Execution / Static Keys
Posted May 8, 2014
Authored by S. Viehbock | Site sec-consult.com

AVG Remote Administration version 13.0.0.2892 suffers from authentication bypass, remote code execution, missing entity authentication, and use of static encryption key vulnerabilities.

tags | exploit, remote, vulnerability, code execution
SHA-256 | ceb5d04708b6157050ac25449b0b9e11964628e323bd6dc10d4cab4e2224dd97
Plex Media Server 0.9.9.10 CSRF / Disclosure
Posted Apr 11, 2014
Authored by S. Viehbock | Site sec-consult.com

Plex Media Server version 0.9.9.10 suffers from use of plain text protocols, insecure use of SSL/TLS, unauthenticated information disclosure, and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, protocol, info disclosure, csrf
SHA-256 | 3e1cb6d955b6c33349b4369cc89ac45fd2b1365efadc1a8d845bde2d9f7310d6
Symantec LiveUpdate Administrator 2.3.2.99 Password Reset / SQL Injection
Posted Mar 28, 2014
Authored by S. Viehbock | Site sec-consult.com

Symantec LiveUpdate Administrator versions 2.3.2.99 and below suffer from password reset and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, sql injection
advisories | CVE-2014-1644, CVE-2014-1645
SHA-256 | 11f001616a25bdfdf4be738bd0ef7f77bf985f9f7a0f5c873331ffa8305ed340
Plex Media Server 0.9.9.2.374-aa23a69 Bypass / File Disclosure
Posted Feb 28, 2014
Authored by S. Viehbock | Site sec-consult.com

Plex Media Server versions 0.9.9.2.374-aa23a69 and below suffer from authentication bypass and local file disclosure vulnerabilities.

tags | exploit, local, vulnerability
SHA-256 | 5056a9a5be5beee1b56ca5f4a45fd08b7e9f849a4edabf46ffd88ef7a0b91dcc
Symantec Endpoint Protection 11.0 / 12.0 / 12.1 XXE / SQL Injection
Posted Feb 19, 2014
Authored by S. Viehbock | Site sec-consult.com

Symantec Endpoint Protection versions 11.0, 12.0, and 12.1 suffer from unauthenticated XML external entity injection and unauthenticated local SQL injection vulnerabilities.

tags | advisory, local, vulnerability, sql injection, xxe
advisories | CVE-2013-5014, CVE-2013-5015
SHA-256 | 8dc0a7d04b4648d74f8859b867b10ed25093390acfa65b509cef76bb983b8a1a
Citrix Netscaler 10.0 Denial Of Service
Posted Oct 3, 2013
Authored by S. Viehbock | Site sec-consult.com

A vulnerability was found in the nsconfigd daemon (TCP port 3008/SSL and 3010). This daemon can be crashed by sending a specially crafted message. No prior authentication is necessary. A watchdog daemon (pitboss) automatically restarts nsconfigd after the first six crashes and then reboots the appliance. By sending just a few packets the appliance can be kept in a constant reboot loop resulting in total loss of availability. The vulnerabilities have been verified to exist in Citrix NetScaler VPX (Build 70.7.nc), which was the most recent version at the time of discovery.

tags | advisory, tcp, vulnerability
SHA-256 | 58dcdce47632f720bc628f80305effb40ef074b20b017ef9442a1abcc451ee3b
Vodafone EasyBox Default WPS PIN Algorithm Weakness
Posted Aug 6, 2013
Authored by S. Viehbock | Site sec-consult.com

Vodafone EasyBox versions 802 and 803 suffer from a default WPS PIN algorithm weakness. The algorithm that generates the default WPS-PIN is entirely based on the MAC address (=BSSID) and serial number of the device. The serial number can be derived from the MAC address.

tags | exploit
SHA-256 | 289f3c58cfede8c1346e1a846dc8ad72e079b2ff4985c9f67e119e67dffb4df5
Siemens OpenScape Branch / Session Border Controller XSS / Disclosure / Injection
Posted Jun 14, 2013
Authored by S. Viehbock | Site sec-consult.com

Siemens OpenScape Branch and OpenScape Session Border Controller products suffer from cross site scripting, statistical information disclosure, OS command injection, and file disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | d411e938d89b49388f3a074efa7d56e1c24eafa0d3427639a9475e7e7b547ce3
Barracuda Networks SSHd Backdoor Accounts
Posted Jan 24, 2013
Authored by S. Viehbock | Site sec-consult.com

Multiple Barracuda Networks products suffer from having static backdoor accounts that allow for remote administrative access via SSH.

tags | exploit, remote
SHA-256 | af0eddb146ce4e92db04a06f9cdbbf1edfc91930d2dab115922735f39815e502
Barracuda SSL VPN Authentication Bypass
Posted Jan 24, 2013
Authored by S. Viehbock | Site sec-consult.com

Barracuda SSL VPN suffers from multiple authentication bypass vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 2e9dabefadd19b1d7aa7a94287028e4a3bdd2d46f0e4a5d36287849ea44b1c87
F5 BIG-IP 11.2.0 SQL Injection
Posted Jan 22, 2013
Authored by S. Viehbock | Site sec-consult.com

F5 BIG-IP versions 11.2.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2012-3000
SHA-256 | 075964bff42decb58985c82a10aee244147936d50217dd3f3028ad2948fdffaf
F5 BIG-IP 11.2.0 XML External Entity Injection
Posted Jan 22, 2013
Authored by S. Viehbock | Site sec-consult.com

F5 BIG-IP versions 11.2.0 and below suffer from an XML external entity injection (XXE) vulnerability.

tags | exploit, xxe
advisories | CVE-2012-2997
SHA-256 | eed88f6727e8539cfd0581fa3d650e62fcb1404306be009618a1f266887154ab
F5 FirePass SSL VPN 7.0.0 HF-70-6 Local File Inclusion
Posted Dec 4, 2012
Authored by S. Viehbock | Site sec-consult.com

F5 FirePass SSL VPN versions 7.0.0 HF-70-6 and below suffer from an unauthenticated local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 62b5e587146e75f16fd21805e355ff844951cefeba2797d37135fea776d627ff
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close