Kvasir - Penetration Testing Data Management Tool

Penetration Testing Data Management can be a nightmware, because well you generate a LOT of data and some information when conducing a penetration test, especially using tools – they return lots of actual and potential vulnerabilitites to review. Port scanners can return thousands of ports for ju...

Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow Vulnerability

This Metasploit module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000. The vulnerability exists in the service BKHOdeq.exe when handling specially crafted packets. This Metasploit module has been tested successfully on Yokogawa CENTUM CS 3000 R3.08.50 over Windows XP SP3 and...

ZTE F460/F660 cable modems contain an unauthenticated backdoor

Overview ZTE F460/F660 cable modems contain an unauthenticated backdoor. Description ZTE F460/F660 cable modems contain an unauthenticated backdoor. The webshellcmd.gch script accepts unauthenticated commands that have administrative access to the device. It has been reported that the...

Yokogawa Multiple Products Vulnerabilities

OVERVIEW Yokogawa reports that several buffer overflow vulnerabilities affect several of its products. Juan Vazquez of Rapid7 Inc.,Rapid7 Inc., http://www.rapid7.com, web site last accessed May 13, 2014. and independent researcher Julian Vilas Diaz reported to CERT/CC that they identified several...

February 2014 Microsoft Patch Tuesday Security Bulletins

February’s Microsoft Patch Tuesday promises to be a relatively straightforward set of bulletins, but more noteworthy is that it’s the same day Microsoft officially deprecates the MD5 hash algorithm. Announced last August, Microsoft will officially restrict the use of digital certificates with MD5...

CVE-2012-6493

Cross-site request forgery CSRF vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete...

CVE-2012-6493

CVE-2012-6493: Multiple CSRF vulnerabilities in Rapid7 Nexpose Security Console

CVE-2012-6493

Cross-site request forgery CSRF vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete...

SuperMicro Device Uses Default SSL Certificate

The X.509 certificate of the remote host has not been changed from the default certificate that is hardwired into the firmware. The private key corresponding to this certificate is shared across all devices running the same firmware, meaning that the remote host's X.509 certificate cannot be...

Supermicro Onboard IPMI - 'close_window.cgi' Remote Buffer Overflow (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Supermicro Onboard IPMI closewindow.cgi Buffer Overflow', 'Description' = %q This module exploits a buffer overflow on the Supermicro...

Supermicro Onboard IPMI close_window.cgi Buffer Overflow Vulnerability

This Metasploit module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the closewindow.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system from libc with an...

Supermicro Onboard IPMI close_window.cgi Buffer Overflow

This module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the closewindow.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system from libc with an arbitrary CMD...

Supermicro Onboard IPMI Static SSL Certificate Scanner

This module checks for a static SSL certificate shipped with Supermicro Onboard IPMI controllers. An attacker with access to the publicly-available firmware can perform man-in-the-middle attacks and offline decryption of communication to the controller. This module has been on a Supermicro Onboar...

NAS4Free - Remote Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'rexml/document' class Metasploit4 'NAS4Free Arbitrary Remote Code Execution', 'Description' = %q NAS4Free allows an authenticated...

OpenMediaVault Cron Remote Command Execution Vulnerability

OpenMediaVault allows an authenticated user to create cron jobs as arbitrary users on the system. An attacker can abuse this to run arbitrary commands as any user available on the system including root. This module requires Metasploit: http//metasploit.com/download Current source:...

Openbravo ERP XXE Arbitrary File Read

The Openbravo ERP XML API expands external entities which can be defined as local files. This allows the user to read any files from the FS as the user Openbravo is running as generally not root. This module was tested against Openbravo ERP version 3.0MP25 and 2.50MP6. This module requires...

NAS4Free Arbitrary Remote Code Execution

NAS4Free allows an authenticated user to post PHP code to a special HTTP script and have the code executed remotely. This module was successfully tested against NAS4Free version 9.1.0.1.804. Earlier builds are likely to be vulnerable as well. This module requires Metasploit:...

NAS4Free version 9.1.0.1 contains a remote command execution vulnerability

Overview NAS4Free version 9.1.0.1.804 and possibly earlier versions contain a remote code execution vulnerability CWE-94. Description CWE-94: Improper Control of Generation of Code 'Code Injection' NAS4Free version 9.1.0.1.804 and possibly earlier versions contain a remote code execution...

Scan Shows 65% of ReadyNAS Boxes on Web Vulnerable to Critical Bug

It’s been known for some time now–several months, in fact–that there is a critical, remotely exploitable vulnerability in some of Netgear’s ReadyNAS storage boxes, and a patch has been available since July. However, many of the boxes exposed to the Web are still vulnerable, and a recent scan by H...

HP Intelligent Management SOM Account Creation

This module exploits a lack of authentication and access control in HP Intelligent Management, specifically in the AccountService RpcServiceServlet from the SOM component, in order to create a SOM account with Account Management permissions. This module has been tested successfully on HP...