347 matches found
Seagate Central Remote Root Exploit
Seagate Central by default has a passwordless root account and no option to change it. This exploit logs into the ftp server and uploads a php shell to the webroot. From there, the uploaded shell can execute commands with root privileges as lighttpd. !/usr/bin/python seagateftpremoteroot.py Seaga...
Seagate Central Remote Root
!/usr/bin/python seagateftpremoteroot.py Seagate Central Remote Root Exploit Jeremy Brown jbrown3264/gmail May 2015 -Synopsis- Seagate Central by default has a passwordless root account and no option to change it. One way to exploit this is to log into it's ftp server and upload a php shell to th...
Seagate Central Remote Facebook Access Token
!/usr/bin/python seagatecentralfacebook.py Seagate Central Remote Facebook Access Token Exploit Jeremy Brown jbrown3264/gmail May 2015 -Synopsis- Seagate Central stores linked Facebook account access tokens in /etc/archiveaccounts.ser and this exploit takes advantage of two bugs: 1 Passwordless...
Seagate Central 2014.0410.0026-F - Remote Command Execution
Seagate Central 2014.0410.0026-F - Remote Command Execution !/usr/bin/python seagateftpremoteroot.py Seagate Central Remote Root Exploit Jeremy Brown jbrown3264/gmail May 2015 -Synopsis- Seagate Central by default has a passwordless root account and no option to change it. One way to exploit this...
Seagate Central 2014.0410.0026-F - Remote Facebook Access Token
Seagate Central 2014.0410.0026-F - Remote Facebook Access Token !/usr/bin/python seagatecentralfacebook.py Seagate Central Remote Facebook Access Token Exploit Jeremy Brown jbrown3264/gmail May 2015 -Synopsis- Seagate Central stores linked Facebook account access tokens in /etc/archiveaccounts.se...
Seagate Central 2014.0410.0026-F - Remote Facebook Access Token
!/usr/bin/python seagatecentralfacebook.py Seagate Central Remote Facebook Access Token Exploit Jeremy Brown jbrown3264/gmail May 2015 -Synopsis- Seagate Central stores linked Facebook account access tokens in /etc/archiveaccounts.ser and this exploit takes advantage of two bugs: 1 Passwordless...
Seagate Central 2014.0410.0026-F - Remote Command Execution
!/usr/bin/python seagateftpremoteroot.py Seagate Central Remote Root Exploit Jeremy Brown jbrown3264/gmail May 2015 -Synopsis- Seagate Central by default has a passwordless root account and no option to change it. One way to exploit this is to log into it's ftp server and upload a php shell to th...
Seagate Business Storage 2-Bay NAS Remote Code Execution Vulnerability
The Seagate Business Storage 2-Bay NAS is an enterprise-class network storage server from Seagate USA. A remote code execution vulnerability exists in the Seagate Business Storage 2-Bay NAS. An attacker can exploit this vulnerability to execute arbitrary code with root privileges, which may also...
Seagate Confirms NAS Zero Day, Won't Patch Until May
Seagate, over the weekend, confirmed the zero-day vulnerability in its Seagate Business Storage 2-Bay NAS boxes disclosed March 1. But in the same breath, told customers exposed to the vulnerability that a patch is still two months away. “For those customers who choose to keep their networks open...
Seagate Business NAS - Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class MetasploitModule 'Seagate Business NAS Unauthenticated Remote Command Execution', 'Description' = %q Some Seagate Busine...
Seagate Business NAS Unauthenticated Remote Command Execution Exploit
Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open ...
Seagate Business NAS Firmware Vulnerabilities Disclosed
Firmware running on certain Seagate network-attached storage devices that are popular with small businesses and home offices, are vulnerable to remote attacks. Researchers at Beyond Binary, a security consulting firm in Australia, on Sunday went public with their disclosure after a nearly...
Seagate NAS appears remote code execution vulnerability-vulnerability warning-the black bar safety net
Foreign security researcher OJ Reeves found the Seagate NAS one remote code execution vulnerability, and in the last year of the 1 0-month 7 Report to the official, but 1 3 0 days past the official still does not fix the vulnerability, so today he released the vulnerability details. ! Overview...
Seagate Business NAS Unauthenticated Remote Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit4 'Seagate Business NAS Unauthenticated Remote Command Execution', 'Description' = %q Some Seagate Business NA...
Seagate Business NAS Unauthenticated Remote Command Execution
Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open ...
Seagate NAS Zero-Day Vulnerability allows Unauthorized Root Access Remotely
Seagate, a popular vendor of hardware solutions, has a critical zero-day vulnerability in its Network Attached Storage NAS device software that possibly left thousands of its users vulnerable to hackers. Seagate's Business Storage 2-Bay NAS product, found in home and business networks, is...
Seagate Business NAS 2014.00319 - Remote Code Execution
Seagate Business NAS 2014.00319 - Remote Code Execution !/usr/bin/env python Seagape ======= Seagate Business NAS pre-authentication remote code execution exploit as root user. by OJ Reeves @TheColonial - for full details please see https://beyondbinary.io/advisory/seagate-nas-rce/ Usage =====...
Seagate Business NAS <= 2014.00319 - Pre-Authentication Remote Code Execution (0day)
Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open ...
Seagate Business NAS 2014.00319 Remote Code Execution
!/usr/bin/env python Seagape ======= Seagate Business NAS pre-authentication remote code execution exploit as root user. by OJ Reeves @TheColonial - for full details please see https://beyondbinary.io/advisory/seagate-nas-rce/ Usage ===== seagape.py -c ua - ip : ip or host name of the target NAS ...
Seagate Business NAS 2014.00319 - Remote Code Execution
!/usr/bin/env python Seagape ======= Seagate Business NAS pre-authentication remote code execution exploit as root user. by OJ Reeves @TheColonial - for full details please see https://beyondbinary.io/advisory/seagate-nas-rce/ Usage ===== seagape.py -c ua - ip : ip or host name of the target NAS ...