Subscribe via feed.
Archive for August, 2016

ELIGIBLECONTESTANT TOPSEC Remote Code Execution

Posted by deepcore under exploit (No Respond)

ELIGIBLECONTESTANT is a remote code execution exploit for TOPSEC firewalls. It leverages an HTTP POST parameter injection vulnerability. Versions affected include 3.3.005.057.1 to 3.3.010.024.1. Note that this exploit is part of the recent public disclosure from the “Shadow Brokers” who claim to have compromised data from a team known as the “Equation Group”, however, there […]

EPICBANANA Cisco ASA / PIX Privilege Escalation

Posted by deepcore under exploit (No Respond)

EPICBANANA is a privilege escalation exploit for Cisco Adaptive Security Appliance (ASA) and Cisco Private Internet eXchange (PIX) devices. Exploitation takes advantage of default Cisco credentials (password: cisco). ASA versions affected include 711, 712, 721, 722, 723, 724, 80432, 804, 805, 822, 823, 824, 825, 831, 832 and PIX versions affected include 711, 712, 721, […]

ESCALATEPLOWMAN WatchGuard Privilege Escalation

Posted by deepcore under exploit (No Respond)

ESCALATEPLOWMAN is a privilege escalation exploit for WatchGuard firewalls of unknown versions that injects code via the ifconfig command. Note that this exploit is part of the recent public disclosure from the “Shadow Brokers” who claim to have compromised data from a team known as the “Equation Group”, however, there is no author data available […]

EXTRABACON Cisco ASA Remote Code Execution

Posted by deepcore under exploit (No Respond)

EXTRABACON is a zero day remote code execution exploit for Cisco Adaptive Security Appliance (ASA) devices. It leverages an SNMP overflow and relies on knowing the target’s uptime and software version. Versions affected include 802, 803, 804, 805, 821, 822, 823, 824, 825, 831, 832, 841, 842, 843, 844. Note that this exploit is part […]

Honeywell IP-Camera HICC-1100PT Credential Disclosure

Posted by deepcore under exploit (No Respond)

Honeywell IP-Camera HICC-1100PT suffers from an unauthenticated remote credential disclosure vulnerability.

SIEMENS IP Camera CCMW1025 x.2.2.1798 Change Admin User / Password

Posted by deepcore under exploit (No Respond)

SIEMENS IP Camera CCMW1025 version x.2.2.1798 remote change admin user / password exploit.

QNAP QTS 4.2.1 Build 20160601 imbgName Parameter Command Injection

Posted by deepcore under exploit (No Respond)

QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.

QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Command Injection

Posted by deepcore under exploit (No Respond)

QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from an OS command injection vulnerability.

QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from a persistent cross site scripting vulnerability.

QNAP QTS 4.2.1 Build 20160601 Arbitrary File Overwrite

Posted by deepcore under exploit (No Respond)

QNAP QTS version 4.2.1 Build 20160601 suffers from an arbitrary file overwrite vulnerability.