Automated Tank Gauge (ATG) Remote Configuration Disclosure Exploit

In 2015, HD Moore, the creator of Metasploit, published an article disclosing over 5,800 gas station Automated Tank Gauges ATGs which were publicly accessible. Besides monitoring for leakage, these systems are also instrumental in gauging fluid levels, tank temperature, and can alert operators wh...

HD Moore Leaves Rapid7 for Venture Capital Opportunity

HD Moore, creator of the Metasploit Framework and a security innovator behind a number of Internet-wide security research projects, is moving into venture capital. Moore announced yesterday that he is leaving his current post as chief research officer at Rapid7 on Jan. 29 for a new opportunity in...

Advantech EKI Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-344-01A Advantech EKI Vulnerabilities that was published December 15, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update B Part 1 of 3 -------- HD Moore of Rapid7 identified several vulnerabilities in...

INFOMARK IMW-C920W miniupnpd 1.0 - Denial of Service Vulnerability

MiniUPNPd version 1.0 remote denial of service exploit. !/usr/bin/perl miniupnpd/1.0 remote denial of service exploit Copyright 2015 c Todor Donev email protected http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg The SSDP protocol can discover Plug & Play devices, with uPnP...

Ceragon FibeAir IP-10 SSH Private Key Exposure

Ceragon FibeAir IP-10 SSH Private Key Exposure CVE-2015-0936 Product Description Ceragon produces a series of ruggedized, microwave backhaul devices used to provide connectivity to mobile, IP-based devices; usually, these devices are found in either large industrial environments, or installed on...

Debian DSA-3062-1 : wget - security update

HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line utility to retrieve files via HTTP, HTTPS, and FTP. The vulnerability allows to create arbitrary files on the user's system when Wget runs in recursive mode against a malicious FTP server. Arbitrary file creation may override...

DLA-82-1 wget - security update

Bulletin has no description...

NAT-PMP Security Vulnerability Affects 1.2M Routers

Vulnerabilities in embedded devices, in particular small office and home office routers, have been relentless. Another serious issue was discovered this week that affects more than 1.2 million such devices due to improper NAT-PMP protocol implementations, most of which run counter to the...

Apple QuickTime 7.2/7.3 - RSTP Response Universal Exploit (win/osx)

No description provided by source. Copyright C 2007 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: http://www.milw0rm.com/exploits/4648 original Microsoft Windows code http://www.milw0rm.com/exploits/4651 recent Microsoft Windows...

Windows SYSTEM Escalation Via KiTrap0D

This Metasploit module will create a new session with SYSTEM privileges via the KiTrap0D exploit by Tavis Ormandy. If the session in use is already elevated then the exploit will not run. The module relies on kitrap0d.x86.dll and is not supported on x64 editions of Windows. This module requires...

Windows SYSTEM Escalation via KiTrap0D

This module will create a new session with SYSTEM privileges via the KiTrap0D exploit by Tavis Ormandy. If the session in use is already elevated then the exploit will not run. The module relies on kitrap0d.x86.dll, and is not supported on x64 editions of Windows. This module requires Metasploit:...

Scan Shows 65% of ReadyNAS Boxes on Web Vulnerable to Critical Bug

It’s been known for some time now–several months, in fact–that there is a critical, remotely exploitable vulnerability in some of Netgear’s ReadyNAS storage boxes, and a patch has been available since July. However, many of the boxes exposed to the Web are still vulnerable, and a recent scan by H...

DefenseCode Security Advisory: Cisco Linksys Remote Preauth 0day Root Exploit Follow-Up

A few weeks ago, we have announced remote preauth root access exploit for Cisco Linksys http://www.youtube.com/watch?v=cv-MbL7KFKE. Vulnerability details were disclosed here: http://www.defensecode.com/public/DefenseCodeBroadcomSecurityAdvisory.pdf During further research, we have discovered that...

AxMan ActiveX fuzzing <== Memory Corruption PoC

Exploit for windows platform in category dos / poc Exploit Title: AxMan ActiveX fuzzing == Memory Corruption PoC Crash : http://imageshack.us/f/217/axman.jpg/ Date: July 28, 2012 Author: coolkaveh email protected Https://twitter.com/coolkaveh Vendor Homepage: http://digitaloffense.net/tools/axman...

unix/x86 Backshell[/dev/tcp],Port(30) - 61 bytes Shellcode

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Trivial Password Flaw Leaves MySQL Databases Exposed

There is a trivially exploitable vulnerability in MySQL that enables an attacker to gain root access to the database server. The bug, which recently was patched, stems from an error in the way that MySQL and MariaDB handle passwords, giving an attacker a chance of getting root access by supplying...

Derbycon 2011 Videos talks

Derbycon 2011 Videos Talks The idea behind DerbyCon was developed by Dave Kennedy ReL1K, Martin Bos PureHate, and Adrian Crenshaw Irongeek. Their motivation stemmed from a desire to see more of the old-style talks and events of the conventions of the past. DerbyCon was hosted by some specialized...

Check Point Endpoint Security Server Information Disclosure

R7-0038: Check Point Endpoint Security Server Information Disclosure February 7, 2011 -- Vulnerability Details: The Check Point Endpoint Security Server and Integrity Server products inadvertently expose a number of private directories through the web interface. These directories include the SSL...

HD Moore on the Windows DLL Vulnerability

Dennis Fisher talks with HD Moore about the newly discovered DLL load vulnerability in Windows, which affects several dozen applications and can be used by attackers to silently compromise remote machines, as well as the guidance and workarounds that Microsoft is offering for users and developers...

HD Moore: Critical Flaw in 40 Different Windows Apps

Metasploit’s HD Moore was in the midst of researching the recently patched LNK Windows shortcut vulnerability when he stumbled upon a serious problem that exposes more than 40 different Windows software programs to remote code execution attacks. Moore issued a brief warning about the issue via...