exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files from Denis Andzakovic

First Active2013-11-27
Last Active2020-05-26
Pi-Hole 3.3 Command Execution
Posted May 26, 2020
Authored by h00die, Denis Andzakovic | Site metasploit.com

This Metasploit module exploits a command execution vulnerability in Pi-Hole versions 3.3 and below. When adding a new domain to the whitelist, it is possible to chain a command to the domain that is run on the OS.

tags | exploit
SHA-256 | cfc36a06914072c52416ddfd61eac6960d61e2221a60fe7ace44ef28f80b6a52
Network Manager VPNC Username Privilege Escalation
Posted Aug 31, 2018
Authored by Brendan Coles, Denis Andzakovic | Site metasploit.com

This Metasploit module exploits an injection vulnerability in the Network Manager VPNC plugin to gain root privileges. This Metasploit module uses a new line injection vulnerability in the configured username for a VPN network connection to inject a `Password helper` configuration directive into the connection configuration. The specified helper is executed by Network Manager as root when the connection is started. Network Manager VPNC versions prior to 1.2.6 are vulnerable. This Metasploit module has been tested successfully with VPNC versions: 1.2.4-4 on Debian 9.0.0 (x64); and 1.1.93-1 on Ubuntu Linux 16.04.4 (x64).

tags | exploit, root
systems | linux, debian, ubuntu
advisories | CVE-2018-10900
SHA-256 | 07e3f24f0ba44622e12961448bb4ae2cacb1f01c983cf368bc94c3c2107fbe4a
Network Manager VPNC 1.2.4 Privilege Escalation
Posted Jul 23, 2018
Authored by Denis Andzakovic

Network Manager VPNC version 1.2.4 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2018-10900
SHA-256 | 07086aef8c32f905b63b3ac0bd56d5717e5df977d219eaf6d7809892f46da39f
Oracle Fusion Middleware 12c (12.2.1.3.0) WebLogic SAML Issues
Posted Jul 20, 2018
Authored by Denis Andzakovic

Two vulnerabilities were discovered within the Oracle WebLogic SAML service provider authentication mechanism. By inserting an XML comment into the SAML NameID tag, an attacker can coerce the SAML service provider to log in as another user. Additionally, WebLogic does not require signed SAML assertions in the default configuration. By omitting the signature portions from a SAML assertion, an attacker can craft an arbitrary SAML assertion and bypass the authentication mechanism.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2018-2933, CVE-2018-2998
SHA-256 | df883ee3bce61fab76fb737953e569c776dce1d344a6385409a6926c2d6cf3ef
Nfdump 1.6.14 Denial Of Service / Heap Overflow
Posted May 10, 2016
Authored by Denis Andzakovic | Site security-assessment.com

Nfdump versions 1.6.14 and below suffer from heap overflows that allow for denial of service attacks.

tags | advisory, denial of service, overflow
SHA-256 | 754bf4505d758095cd48cfcbf41cf29dbc1850bd31bd11e5f86b0ac8519a93dd
Idera Up.Time Monitoring Station 7.0 post2file.php Arbitrary File Upload Version 1
Posted Nov 13, 2015
Authored by Denis Andzakovic | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability found within the Up.Time monitoring server 7.2 and below. A malicious entity can upload a PHP file into the webroot without authentication, leading to arbitrary code execution. Although the vendor fixed Up.Time to prevent this vulnerability, it was not properly mitigated. To exploit against a newer version of Up.Time (such as 7.4), please use exploits/multi/http/uptime_file_upload_2.

tags | exploit, web, arbitrary, php, code execution, file upload
SHA-256 | 3a747350c98cce69fa71e25b346c4de32b1a03a8ca5d876cf4c6dd0be8365fbc
Idera Up.Time Monitoring Station 7.4 post2file.php Arbitrary File Upload Version 2
Posted Nov 13, 2015
Authored by Denis Andzakovic | Site metasploit.com

This Metasploit module exploits a vulnerability found in Uptime version 7.4.0 and 7.5.0. The vulnerability began as a classic arbitrary file upload vulnerability in post2file.php, which can be exploited by exploits/multi/http/uptime_file_upload_1.rb, but it was mitigated by the vendor. Although the mitigation in place will prevent uptime_file_upload_1.rb from working, it can still be bypassed and gain privilege escalation, and allows the attacker to upload file again, and execute arbitrary commands.

tags | exploit, web, arbitrary, php, file upload
SHA-256 | e4c4f677632b91ee1052cfd06295ff58c8b4598033272f0dde8231ba8fb27720
OpenLDAP 2.4.42 Denial Of Service
Posted Sep 14, 2015
Authored by Denis Andzakovic | Site security-assessment.com

OpenLDAP versions 2.4.42 and below suffer from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | 0c1bf0a1bcf96cdd744d44d9297e87b79b407bd844d5d254ee0ba7ef0957f829
TestDisk 6.14 Check_OS2MB Stack Buffer Overflow
Posted Apr 30, 2015
Authored by Denis Andzakovic | Site security-assessment.com

This document details a stack based buffer overflow vulnerability within TestDisk version 6.14. A buffer overflow is triggered within the software when a malicious disk image is attempted to be recovered. This may be leveraged by an attacker to crash TestDisk and gain control of program execution. An attacker would have to coerce the victim to run TestDisk against their malicious image.

tags | exploit, overflow
SHA-256 | 7a37d596089ffb1fa811b151734f591791c8d53219a3fdd9ea5cf26e1b134cc6
Open Litespeed 1.3.9 Use-After-Free
Posted Apr 18, 2015
Authored by Denis Andzakovic | Site security-assessment.com

A use after free vulnerability was discovered within the header parser of the Open Litespeed web server. This vulnerability can be successfully exploited to trigger an out of bounds memory read, resulting in a segmentation fault crashing the web server. Versions 1.3.9 and below are affected.

tags | advisory, web
SHA-256 | ba696755f82d0a6c51a8e925464c14c179ecc0f068dad4c1169fb09cd1f7d894
Kaseya Browser 7.0 Android Path Traversal
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

This advisory details a vulnerability found within Kaseya Browser Android application. A path traversal vulnerability was discovered within an exported content provider, resulting in the disclosure of arbitrary files, including internal application files.

tags | exploit, arbitrary, file inclusion
SHA-256 | cd0eed73304887bcbc11bac4f7dca27d8f196f11666aa9eebef47a9489785ca8
Kaseya BYOD Gateway 7.0.2 SSL Certificate Validation / Redirection
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

This advisory details multiple vulnerabilities found within the Kaseya BYOD Gateway software. By chaining a combination of lacking SSL verification, poor authentication mechanisms and arbitrary redirection vulnerabilities, a malicious entity may potentially compromise any Kaseya BYOD installation. The Kaseya BYOD Gateway software uses a redirection feature, wherein users are redirected to their local Kaseya installation via Kaseya's hosted servers. The update request from the BYOD Gateway software to the Kaseya hosted servers was not found to verify SSL certificates and fails to implement any form of authentication, instead relying on the length of the gateway identifier to provide security. Thus, the security of the solution depends on an attacker's ability to enumerate the gateway identifier. Once a malicious user enumerates the Gateway identifier, then they may update the redirect rule for that customer in Kaseya's hosted servers, redirecting customers to a malicious Kaseya BYOD Gateway. Version 7.0.2 is affected.

tags | exploit, arbitrary, local, vulnerability
SHA-256 | 84b242264d948879e1883fb40c965edd3e0f9240397d1c5870d701482625f9be
AirWatch Direct Object Reference
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

Multiple direct object reference vulnerabilities were found within the AirWatch cloud console. VMWare advised that these issues also affect on-premise AirWatch deployments. A malicious AirWatch user may leverage several direct object references to gain access to information regarding other AirWatch customers using the AirWatch cloud. This includes viewing groups and downloading private APKs belonging to other organizations.

tags | exploit, vulnerability
advisories | CVE-2014-8372
SHA-256 | 5468547ad7baa8b8e0d41f706bd7a80458d99dc96cd25a19ec2e1b6344263f4f
Fortinet FortiOS Denial Of Service / Man-In-The-Middle
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

Fortinet FortiOS with firmware 5.0 build 4457 (GA Patch 7) suffers from a CAPWAP daemon DTLS denial of service vulnerability and man-in-the-middle vulnerability.

tags | exploit, denial of service
SHA-256 | 1d7eabcba5b448e1f50b41f696a137829a3448ee8819d84a471f0f1752e6f73c
Fortinet FortiClient Hardcoded Encryption Keys / Broken SSL Validation
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

Fortinet FortiClient suffers from broken SSL certificate validation and hardcoded encryption key vulnerabilities. This affects FortiClient iOS version 5.2.028 and FortiClient Android version 5.2.3.091.

tags | exploit, vulnerability
systems | ios
SHA-256 | 89b742d1f97f2adee5b04d0eebd11f2dfb73e303bea379908618783f651c1060
Fortinet FortiAuthenticator XSS / Disclosure / Bypass
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

Fortinet FortiAuthenticator suffers from subshell bypass, cross site scripting, password disclosure, and file disclosure vulnerabilities.

tags | exploit, vulnerability, xss, bypass, info disclosure
SHA-256 | 2316f48a2a964f620060702d77fc255206e56d4b01b414a4518441e617b7964e
Cisco Meraki Systems Manager CSRF / XSS / Functionality Abuse
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

Cisco Meraki Systems Manager suffers from cross site request forgery, abuse of functionality, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
systems | cisco
SHA-256 | 9c34baf2089dd34e016937a33e17e5155490db6c285d7340f4b9688fcc63d496
Aerohive Hive Manager / Hive OS Complete Fail
Posted Aug 28, 2014
Authored by Nick Freeman, Thomas Hibbert, Denis Andzakovic, Carl Purvis, Pedro Worcel, Scott Bell | Site security-assessment.com

Aerohive Hive Manager (Stand-alone and Cloud) versions greater than and equal to 6.1R3 and HiveOS version 6.1R3 suffer from bypass, code execution, cross site scripting, file disclosure, local file inclusion, arbitrary file upload, missing passphrase, and password disclosure vulnerabilities.

tags | advisory, arbitrary, local, vulnerability, code execution, xss, file inclusion, file upload
SHA-256 | cda32b36ba6f19559448f8007c162ba158f4b31d35722a7b7f4a3f40b5f0e800
Bypassing SSL Pinning On Android Via Reverse Engineering
Posted May 20, 2014
Authored by Denis Andzakovic | Site security-assessment.com

This whitepaper details the steps taken to unpack an application, locate the pinning handler, patch and repack. The techniques detailed in this whitepaper may also be used to achieve other goals when hacking Android applications.

tags | paper
SHA-256 | b380448797b174e0ef5426b8ceaf08d03d726e7add0c4fa1576aecd5d4c6dc55
Uptime Agent 5.0.1 Stack Overflow
Posted Nov 27, 2013
Authored by Denis Andzakovic | Site security-assessment.com

Uptime Agent version 5.0.1 suffers from a stack overflow vulnerability. Proof of concept exploit included in this archive.

tags | exploit, overflow, proof of concept
systems | linux
SHA-256 | 41b899e65489dca57409b920655c2a7e8ceaa50c5c528ba41a1b386ce5695a6c
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close