exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 56 RSS Feed

Files from T. Weber

First Active2016-11-14
Last Active2024-09-24
Netman 204 4.05 SQL Injection / Unauthenticated Password Reset
Posted Sep 24, 2024
Authored by T. Weber, S. Dietz, D. Blagojevic | Site cyberdanube.com

Netman 204 version 4.05 suffers from remote SQL injection and unauthenticated password reset vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2024-8877, CVE-2024-8878
SHA-256 | 9c87235443244a564a179cec6442609a57be8b1bcb3c5c9b1b6a264fe45368e8
Perten Instruments Process Plus Software 1.11.6507.0 LFI / Hardcoded Credentials
Posted Jul 23, 2024
Authored by T. Weber, S. Dietz | Site cyberdanube.com

Perten Instruments Process Plus Software versions 1.11.6507.0 and below suffer from local file inclusion, hardcoded credential, and execution with unnecessary privilege vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
advisories | CVE-2024-6911, CVE-2024-6912, CVE-2024-6913
SHA-256 | 92c6be9a95dec36f75c305fd1ec54275736478e25459c036cab67f945826b0f2
SEH utnserver Pro/ProMAX / INU-100 20.1.22 XSS / DoS / File Disclosure
Posted Jun 10, 2024
Authored by T. Weber | Site cyberdanube.com

SEH utnserver Pro/ProMAX and INU-100 version 20.1.22 suffers from cross site scripting, denial of service, and file disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
advisories | CVE-2024-5420, CVE-2024-5421, CVE-2024-5422
SHA-256 | 67806c2f4c3195737e32e0a53dfdc16ae12e9f9db70895d10ba1b259619c40f6
ORing IAP-420 2.01e Cross Site Scripting / Command Injection
Posted May 30, 2024
Authored by T. Weber | Site cyberdanube.com

ORing IAP-420 version 2.01e suffers from remote command injection and persistent cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss
advisories | CVE-2024-5410, CVE-2024-5411
SHA-256 | 28abb60f6782915fe5d445adb98b15cb9953faaf9cc843956f9c44bd40922a89
Korenix JetNet Series Unauthenticated Access
Posted Jan 15, 2024
Authored by T. Weber, S. Dietz | Site cyberdanube.com

Korenix JetNet Series allows TFTP without authentication and also allows for unauthenticated firmware upgrades.

tags | exploit
advisories | CVE-2023-5347, CVE-2023-5376
SHA-256 | e98dce221232e53adca554fe3cd6ed0d46d0caac22afced67ae352d9d304056c
Advantech EKI-1524-CE / EKI-1522 / EKI-1521 Cross Site Scripting
Posted Aug 14, 2023
Authored by T. Weber, A. Resanovic, T. Etzenberger, M. Bineder, R. Haas | Site cyberdanube.com

Advantech EKI-1524-CE series, EKI-1522 series,and EKI-1521 series versions 1.21 and below and 1.24 and below suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2023-4202, CVE-2023-4203
SHA-256 | c3a6cbea79ff546db8165bd3b5e329dfc66aec81cd06ea79d913dda8ae9f889b
Phoenix Contact TC Cloud / TC Router 2.x XSS / Memory Consumption
Posted Aug 14, 2023
Authored by T. Weber, S. Stockinger, A. Resanovic, T. Etzenberger | Site cyberdanube.com

Phoenix Contact TC Router 3002T-4G* versions prior to 2.0.2, TC Cloud Client 1002-4G* versions prior to 2.07.2, and Cloud Client 1101T-TX/TX versions prior to 2.06.10 suffer from cross site scripting and memory consumption vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
advisories | CVE-2023-3526, CVE-2023-3569
SHA-256 | a587bb9bbd0a7bc6b304a09099ebed341f33e4b48fa43bcad73ec180522c55d2
Advantech EKI-15XX Series Command Injection / Buffer Overflow
Posted May 12, 2023
Authored by T. Weber, S. Dietz | Site cyberdanube.com

Advantech EKI-1524-CE series, EKI-1522 series, and EKI-1521 series suffer from command injection and buffer overflow vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2023-2573, CVE-2023-2574, CVE-2023-2575
SHA-256 | 156682e9b1ae64a09507acbd8e4e2825d7de53ca1c3540e8c214b7b38fbd68ac
Zyxel Unauthenticated LAN Remote Code Execution
Posted Mar 22, 2023
Authored by Stefan Viehboeck, T. Weber, Gerhard Hechenberger, Steffen Robertz | Site metasploit.com

This Metasploit module exploits a buffer overflow in the zhttpd binary (/bin/zhttpd). It is present on more than 40 Zyxel routers and CPE devices. The code execution vulnerability can only be exploited by an attacker if the zhttp webserver is reachable. No authentication is required. After exploitation, an attacker will be able to execute any command as root, including downloading and executing a binary from another host.

tags | exploit, overflow, root, code execution
SHA-256 | fc9419af3871336277cafde42125966d876812e4e57c8b48da3a83050219381f
Korenix JetWave Command Injection / Denial Of Service
Posted Feb 15, 2023
Authored by T. Weber, S. Dietz | Site cyberdanube.com

Multiple versions of Korenix JetWave suffer from authenticated command injection and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
SHA-256 | 855f389543c13d74be1ffa1c20556605349c2e7c25c9e761aad4692ec6b41a9d
Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection
Posted Dec 14, 2022
Authored by T. Weber | Site cyberdanube.com

Intelbras WiFiber 120AC inMesh version 1.1-220216 suffers from an authenticated command injection vulnerability.

tags | exploit
advisories | CVE-2022-40005
SHA-256 | ed99477c42e93bd1a34f1bac91b2dd83464752e9e6c54a967155fd881bf63c70
Delta Electronics DVW-W02W2-E2 2.42 Command Injection
Posted Dec 9, 2022
Authored by T. Weber | Site cyberdanube.com

Delta Electronics DVW-W02W2-E2 version 2.42 suffers from an authenticated command injection vulnerability.

tags | exploit
SHA-256 | 52f6f8745199afbfc55428bee6dbae1fbbe91da63778b61a0ac8bf89593b7906
Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS
Posted Dec 9, 2022
Authored by T. Weber | Site cyberdanube.com

Delta Electronics DX-2100-L1-CN version 1.5.0.10 suffers from command injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c011ce849673992de02ffa60ff745be7e4efb5d267d29dec7c008d33777fc8a8
Hirschmann (Belden) BAT-C2 8.8.1.0R8 Command Injection
Posted Nov 30, 2022
Authored by T. Weber | Site cyberdanube.com

Hirschmann (Belden) BAT-C2 version 8.8.1.0R8 suffers from a remote authenticated command injection vulnerability.

tags | exploit, remote
advisories | CVE-2022-40282
SHA-256 | 902fa02d042cb42bf90b944d2600703447b836b6f9b4d286e2b0bca32793a471
Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection
Posted Oct 14, 2022
Authored by T. Weber | Site cyberdanube.com

Intelbras WiFiber 120AC inMesh version 1.1-220216 suffers from an authenticated command injection vulnerability.

tags | exploit
SHA-256 | 4849e99df805e1eb9050864513716a8f55def09fca9fc5b0dddcaa19077b0b61
COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read
Posted Sep 27, 2022
Authored by T. Weber, Gerhard Hechenberger, Steffen Robertz, T. Longin | Site sec-consult.com

COVESA versions 2.18.8 and below suffer from heap buffer over-read and null pointer dereference vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2022-39836, CVE-2022-39837
SHA-256 | 548515ca72e9a559204cae299150309e86e1f034ccca3a9cd876a5da99d81eb2
Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
Posted Jun 20, 2022
Authored by T. Weber | Site sec-consult.com

Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components.

tags | exploit
advisories | CVE-2015-0235, CVE-2015-7547, CVE-2015-9261, CVE-2017-16544, CVE-2022-32985
SHA-256 | 811819aa67b6ad1bef552d7cc55544b3fd1c366dc092a396d3d23c2d49bd1e36
dbus-broker-29 Memory Corruption
Posted Jun 6, 2022
Authored by T. Weber, Gerhard Hechenberger, Steffen Robertz, T. Longin | Site sec-consult.com

dbus-broker-29 suffers from multiple memory corruption vulnerabilities. dbus-broker-31 addresses these issues.

tags | exploit, vulnerability
advisories | CVE-2022-31212, CVE-2022-31213
SHA-256 | 1688a18cca9d3b422b451318fd542b12535ebb6ef1eb8f23ae56ff707d1b4659
Korenix JetPort 5601V3 Backdoor Account
Posted Jun 6, 2022
Authored by T. Weber | Site sec-consult.com

Korenix JetPort 5601V3 with firmware version 1.0 suffers from having default backdoor accounts. The vendor will not address the issue as they claim the secret cannot be cracked in a reasonable amount of time.

tags | exploit
advisories | CVE-2020-12501
SHA-256 | 3e2603282fec3712a00d6e06e97b774d59453da271d200dfc02c1517bb7fec06
Siemens A8000 CP-8050/CP-8031 SICAM WEB Missing File Download / Missing Authentication
Posted Apr 15, 2022
Authored by T. Weber, Gerhard Hechenberger, Steffen Robertz | Site sec-consult.com

Siemens A8000 CP-8050/CP-8031 SICAM WEB suffers from denial of service and a missing authentication vulnerability that allows for file download.

tags | exploit, web, denial of service
advisories | CVE-2021-45034, CVE-2022-27480
SHA-256 | 7f0a0ec0c017ac5bb71670246359ab27291e0f6543e3a3b66f3b4ecf9cd874dc
Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control
Posted Feb 17, 2022
Authored by Stefan Viehboeck, T. Weber, Gerhard Hechenberger, Steffen Robertz | Site sec-consult.com

Multiple Zyxel devices suffer from buffer overflow, local file disclosure, unsafe storage of sensitive data, command injection, broken access control, symbolic link processing, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, overflow, local, vulnerability, xss, csrf
SHA-256 | 0ba1f45b7a5254a119e2a3aeddf4279392e2e0120fe45790d15563c4eadf7fd2
Korenix Technology JetWave CSRF / Command Injection / Missing Authentication
Posted Feb 4, 2022
Authored by T. Weber | Site sec-consult.com

Korenix Technology JetWave products JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, and JetWave 3220 suffer from unauthenticated device administration, cross site request forgery, multiple command injection, and unauthenticated tftp action vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2020-12500, CVE-2020-12501, CVE-2020-12502, CVE-2020-12503, CVE-2020-12504, CVE-2021-39280
SHA-256 | 5a25ab12344f226941a56dbd876e476339306b241e827b61d60cb9042131e4b4
Moxa Command Injection / Cross Site Scripting / Vulnerable Software
Posted Sep 1, 2021
Authored by T. Weber | Site sec-consult.com

Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-1914, CVE-2013-7423, CVE-2015-0235, CVE-2015-7547, CVE-2016-1234, CVE-2021-39278, CVE-2021-39279
SHA-256 | 91e5218cfa2c2452c1da0918b3b85328aad5bcf76352c949affc7a9a10a95a39
Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials
Posted Aug 19, 2021
Authored by T. Weber, Daniel Teuchert | Site sec-consult.com

Multiple Altus Sistemas de Automacao products such as the Nexto NX30xx Series, Nexto NX5xxx Series, Nexto Xpress XP3xx Series, and Hadron Xtorm HX3040 Series suffer from command injection, cross site request forgery, and hardcoded credential vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2021-39243
SHA-256 | 04419f303d6024196a934d7a822a54ec4c5ef330f60bde124f5af5cb94703343
Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication
Posted Jun 1, 2021
Authored by T. Weber | Site sec-consult.com

Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095.

tags | exploit, vulnerability, csrf
advisories | CVE-2020-12500, CVE-2020-12501, CVE-2020-12502, CVE-2020-12503, CVE-2020-12504
SHA-256 | 2ab15e19675a05aaabcb76dc1553dadb6ceb96917b39bbdccdfbeaba3666a535
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close