what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files from Johannes Greil

First Active2005-12-14
Last Active2024-10-10
Palo Alto Networks GlobalProtect Local Privilege Escalation
Posted Oct 10, 2024
Authored by Johannes Greil, Michael Baer | Site sec-consult.com

Palo Alto Networks GlobalProtect versions 5.1.x, 5.2.x, 6.0.x, 6.1.x, 6.3.x and versions less than 6.2.5 suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2024-9473
SHA-256 | bdf5f12114d9810353407e9bf2aa69dff68a900d64bc056a6fe658b1f27ea756
Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure
Posted Aug 21, 2019
Authored by Johannes Greil | Site sec-consult.com

Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability.

tags | exploit
advisories | CVE-2019-15045, CVE-2019-15046
SHA-256 | 3838fc4275908e3ac8ebdd5bb1370b4c99bea63e3815ed1f4143cadf66d17b91
ADB Group Manipulation Privilege Escalation
Posted Jul 4, 2018
Authored by Johannes Greil | Site sec-consult.com

An attacker with standard / low access rights within the web GUI is able to gain access to the CLI (if it has been previously disabled by the configuration) and escalate his privileges. Depending on the CLI features it is possible to extract the whole configuration and manipulate settings or gain access to debug features of the device, e.g. via "debug", "upgrade", "upload" etc. commands in the CLI. Attackers can gain access to sensitive configuration data such as VoIP credentials or other information and manipulate any settings of the device. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.

tags | exploit, web
advisories | CVE-2018-13110
SHA-256 | 90ac2bef39fc223d39c55dd25d8c1c7649eef240a5d176c34c393459939c1b5d
ADB Authorization Bypass
Posted Jul 4, 2018
Authored by Johannes Greil | Site sec-consult.com

Depending on the firmware version/feature-set of the ISP deploying the ADB device, a standard user account may not have all settings enabled within the web GUI. An authenticated attacker is able to bypass those restrictions by adding a second slash in front of the forbidden entry of the path in the URL. It is possible to access forbidden entries within the first layer of the web GUI, any further subsequent layers/paths (sub menus) were not possible to access during testing but further exploitation can't be ruled out entirely. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.

tags | exploit, web
advisories | CVE-2018-13109
SHA-256 | 224fe403284f3f8aa1fc76600cf0efb9753737797fe2fc4605009e3ffb114dc8
ADB Local Root Jailbreak
Posted Jul 4, 2018
Authored by Johannes Greil | Site sec-consult.com

ADB broadband gateways and routers suffer from a local root jailbreak vulnerability via a network file sharing flaw. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.

tags | exploit, local, root
advisories | CVE-2018-13108
SHA-256 | 7dce607bd3e5e3f6e26587a92d82df41533ac622acb4e023f4d607f0a8326860
Loxone Smart Home XSS / DoS / Access Control
Posted May 14, 2015
Authored by Johannes Greil | Site sec-consult.com

Loxone Smart Home versions prior to firmware 6.4.5.12 suffer from flaws including denial of service, cross site scripting, credential theft, header injection, and control of arbitrary devices.

tags | exploit, denial of service, arbitrary, xss
SHA-256 | ab5062f89708dd98a37da8e485f31600d093f6ecd77a9ddf38203d4670fb5690
Snom IP Phones XSS / CSRF / Traversal / Escalation / Command Execution
Posted Jan 13, 2015
Authored by Johannes Greil | Site sec-consult.com

Snom IP phones with firmware versions prior to 8.7.5.15 suffer from authentication bypass, command execution, cross site request forgery, cross site scripting, privilege escalation, and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | d2c2d58cc183daa4264d0d86fbef93c03c64a2d566cceec9002e366fbba704dd
Readsoft Invoice Processing / Process Director XSS / Design Issues
Posted Aug 6, 2014
Authored by Johannes Greil | Site sec-consult.com

Readsoft Invoice Processing version 5.6 and Process Director version 7.2 suffers from cross site scripting and design vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | 58bf606761fd0cbf2446293ded7d4bf6daba9b1265483f987c814d44bf97c023
Shopizer 1.1.5 Code Execution / XSS / CSRF / Data Manipulation
Posted Jul 11, 2014
Authored by Johannes Greil, Johannes Dahse | Site sec-consult.com

Shopizer version 1.1.5 suffers from remote command execution, cross site request forgery, cross site scripting, and data manipulation vulnerabilities.

tags | exploit, remote, vulnerability, xss, csrf
SHA-256 | e4162980efab523974589c1d3461783cd9e47700688234801663f08a5f929a8d
NICE Recording eXpress 6.x Root Backdoor / XSS / Bypass
Posted May 30, 2014
Authored by Johannes Greil | Site sec-consult.com

NICE Recording eXpress versions 6.0.x, 6.1.x, 6.2.x, 6.3.x, and 6.5.x suffer from cross site scripting, root backdoor, unauthenticated access, fail authorization, insecure cookie handling, and remote SQL injection vulnerabilities.

tags | exploit, remote, root, vulnerability, xss, sql injection, insecure cookie handling
SHA-256 | bdb30edda34d4ff17e66fa273b232b2211afee38439c1a357eb28084a440f5d2
Huawei E5331 MiFi Unauthenticated Access / Setting Manipulation
Posted Mar 7, 2014
Authored by Johannes Greil | Site sec-consult.com

Huawei E5331 MiFi mobile hotspot version 21.344.11.00.414 suffers from unauthenticated access and setting manipulation vulnerabilities.

tags | exploit, vulnerability
SHA-256 | cf66e5b0d1f8f702cc5cfd945ea173dc22ced7f2673c50573c15dd2f91677a87
T-Mobile Router Disclosure / Command Execution / Traversal / CSRF
Posted Jan 22, 2014
Authored by Johannes Greil | Site sec-consult.com

T-Mobile HOME NET Router LTE / Huawei B593u-12 version V100R001C54SP063 suffers from cross site request forgery, information disclosure, command injection, and directory traversal vulnerabilities.

tags | advisory, vulnerability, info disclosure, csrf
SHA-256 | 5ecc71b535700461b5eb90e9396b789a771cb54638c84b968532e6e4e659d99e
Grouplink Everything Helpdesk 10.0.3 XSS / Admin Takeover
Posted Sep 5, 2013
Authored by Johannes Greil, V. Paulikas | Site sec-consult.com

Grouplink Everything HelpDesk versions 10.0.3 and below suffers from cross site scripting and password reset vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | 0e11f563d1566704eb5a0ee34b573581a9cbbfbbc50c6d757da046e0bdf19595
GroundWork monarch_scan.cgi OS Command Injection
Posted Apr 24, 2013
Authored by Johannes Greil, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in GroundWork 6.7.0. This software is used for network, application and cloud monitoring. The vulnerability exists in the monarch_scan.cgi, where user controlled input is used in the perl qx function, which allows any remote authenticated attacker, whatever his privileges are, to inject system commands and gain arbitrary code execution. The module has been tested successfully on GroundWork 6.7.0-br287-gw1571 as distributed within the Ubuntu 10.04 based VM appliance.

tags | exploit, remote, arbitrary, cgi, perl, code execution
systems | linux, ubuntu
advisories | OSVDB-91051
SHA-256 | 4f033af844cdd623331a0bd422e02eb8ac32fdbef2908dd0e003506fe068e0b1
GroundWork Monitor Enterprise 6.7.0 SQL Injection / Command Execution
Posted Mar 8, 2013
Authored by Johannes Greil | Site sec-consult.com

GroundWork Monitor Enterprise version 6.7.0 suffers from remote SQL injection, file disclosure, command injection, and cross site scripting vulnerabilities. This is the second of two advisories documenting all the issues in GroundWork. Detailed proof of concepts were removed by the author because GroundWork is refusing to fix the underlying security issues.

tags | advisory, remote, vulnerability, xss, sql injection, proof of concept
SHA-256 | dee12f394845970be25c5bec4cdb8f4b96ef27fcdb45f2b56195fa023bcfd2a5
GroundWork Monitor Enterprise 6.7.0 XSS / Disclosure / Command Execution
Posted Mar 8, 2013
Authored by Johannes Greil | Site sec-consult.com

GroundWork Monitor Enterprise version 6.7.0 suffers from insufficient authentication, file disclosure, file modification, cross site scripting, XML external entity injection, command injection, and various other vulnerabilities. Detailed proof of concepts were removed by the author because GroundWork is refusing to fix the underlying security issues.

tags | advisory, vulnerability, xss, proof of concept, xxe
SHA-256 | 96c7a6d3d01751ea9ff17e2fa08b0d6e1ef1b0d0d735f08fb7964d7f9ea4c83e
VOXTRONIC Voxlog Professional 3.7.2.729 SQL Injection / Disclosure
Posted Feb 20, 2012
Authored by Johannes Greil | Site sec-consult.com

VOXTRONIC Voxlog Professional versions 3.7.2.729 and below suffer from file disclosure, remote code execution, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection
SHA-256 | 1b7e866efc987b1e820a90007bf6bda712524774261dd6c1229b6080fec76cc1
SecCommerce SecSigner Java Applet 3.5.0 File Upload
Posted Dec 19, 2011
Authored by Johannes Greil, Elisabeth Demeter | Site sec-consult.com

The SecCommerce SecSigner Java applet version 3.5.0 suffers from a client-side remote arbitrary file upload vulnerability.

tags | advisory, java, remote, arbitrary, file upload
SHA-256 | 5c2fa4abe1884f3a0b572d67e36f2d26b087f7cd52d35a19c40e81c656d3dd40
Check Point SSL VPN Command Execution
Posted Aug 11, 2011
Authored by Johannes Greil | Site sec-consult.com

Check Point SSL VPN On-Demand applications suffer from remote file upload and command execution vulnerabilities.

tags | advisory, remote, vulnerability, file upload
advisories | CVE-2011-1827
SHA-256 | 16fc1a812d8e49f019aec198ac5b1f6339e0854addc6171fa54586f34e1a1259
Sawmill Enterprise Code Execution / Cross Site Request Forgery / Cross Site Scripting
Posted Oct 22, 2010
Authored by Johannes Greil | Site sec-consult.com

Sawmill Enterprise versions prior to 8.1.7.3 suffers from arbitrary code execution, cross site request forgery, cross site scripting and various other vulnerabilities. suffers from buffer overflow, cross site request forgery, cross site scripting and file disclosure vulnerabilities.

tags | exploit, overflow, arbitrary, vulnerability, code execution, xss, csrf
SHA-256 | 2bd10f0a3d3cc78cbdd70e360341145cdcc41d59f78c199e223b197ec74303a1
JSFTemplating / Mojarra Scales / GlassFish File Disclosure
Posted Sep 2, 2009
Authored by Johannes Greil | Site sec-consult.com

SEC Consult Security Advisory 20090901-0 - A file disclosure vulnerability exists in JSFTemplating, Mojarra Scales, and GlassFish Application Server v3 Admin console.

tags | exploit
SHA-256 | 997ef8e7a5352750004cfe364dea689341b943cbe725378661952f230c85209d
LevelOne AMG-2000 Wireless AP Proxy Bypass
Posted Apr 29, 2009
Authored by Johannes Greil | Site sec-consult.com

SEC Consult Security Advisory 20090429-0 - LevelOne AMG-2000 Wireless AP Management Gateway suffers from proxy bypass and plain text vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 21fedd3d58a60ec4be0f1b3d390a6efc6e4b55fd06209cf789610813125e1daf
wirelesslan.pdf
Posted Aug 19, 2008
Authored by Johannes Greil | Site sec-consult.com

Wireless LAN Attacks - What you need to know or a simple guide to WEP/WPA-PSK cracking. Written in German.

tags | paper
SHA-256 | fc0140409550bde9a1cac6afb2f4ba716dca7bfe4e2a1793339b8e8e88392400
SA-20070722-0.txt
Posted Jul 23, 2007
Authored by Johannes Greil | Site sec-consult.com

SEC Consult Security Advisory - SEC Consult has discovered an arbitrary code execution flaw in Joomla! version 1.5 beta 2.

tags | exploit, arbitrary, code execution
SHA-256 | 27257772ee84bdb082f3c8d0b36b605e8ca0215067cd5b2505a0b873391955c4
SA-20070509-0.txt
Posted May 10, 2007
Authored by Johannes Greil | Site sec-consult.com

SEC Consult Security Advisory 20070509-0 - The Nokia Intellisync Mobile Suite is susceptible to cross site scripting, source code disclosure, and denial of service vulnerabilities. Details provided. Versions known vulnerable include 6.4.31.2, 6.6.0.107, and 6.6.2.2.

tags | exploit, denial of service, vulnerability, xss
SHA-256 | 51a25ba5752d84a5e2041a75ccb577608b5f1dc5ff208d33097a57a267d97907
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close