what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 34 RSS Feed

Files from Pierre Kim

Email addressprivate
First Active2015-04-08
Last Active2024-11-04
View User Profile
IBM Security Verify Access 32 Vulnerabilities
Posted Nov 4, 2024
Authored by Pierre Kim | Site pierrekim.github.io

IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution
advisories | CVE-2022-2068, CVE-2023-30997, CVE-2023-30998, CVE-2023-31001, CVE-2023-31004, CVE-2023-31005, CVE-2023-31006, CVE-2023-32328, CVE-2023-32329, CVE-2023-32330, CVE-2023-38267, CVE-2023-38368, CVE-2023-38369, CVE-2023-38370
SHA-256 | bbe5e2c1ca7d3b42c24076cc8aa46544dec9bd260d2ef8b56f24a6ec52ecd952
IBM Security Verify Access Appliance Insecure Transit / Hardcoded Passwords
Posted Nov 4, 2024
Authored by Pierre Kim | Site pierrekim.github.io

IBM Security Verify Access Appliance suffers from multiple insecure transit vulnerabilities, hardcoded passwords, and uninitialized variables. ibmsecurity versions prior to 2024.4.5 are affected.

tags | exploit, vulnerability
advisories | CVE-2024-31871, CVE-2024-31872, CVE-2024-31873, CVE-2024-31874
SHA-256 | 938bde01e4fdd9ce1c3698333190a685348457736b7db8df0f3db5ed879e5675
Toshiba Multi-Function Printers 40 Vulnerabilities
Posted Jul 4, 2024
Authored by Pierre Kim | Site pierrekim.github.io

103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more.

tags | exploit, remote, local, vulnerability, code execution
advisories | CVE-2024-27141, CVE-2024-27142, CVE-2024-27143, CVE-2024-27144, CVE-2024-27145, CVE-2024-27146, CVE-2024-27147, CVE-2024-27148, CVE-2024-27149, CVE-2024-27150, CVE-2024-27151, CVE-2024-27152, CVE-2024-27153, CVE-2024-27154
SHA-256 | 3196a1e9c40085b9ded85457f98f507d5eb821d35f5d7df16aecdc1254d2e3e2
Sharp Multi-Function Printer 18 Vulnerabilities
Posted Jul 4, 2024
Authored by Pierre Kim | Site pierrekim.github.io

308 different models of Sharp Multi-Function Printers (MFP) are vulnerable to 18 different vulnerabilities including remote code execution, local file inclusion, credential disclosure, and more.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
advisories | CVE-2024-28038, CVE-2024-28955, CVE-2024-29146, CVE-2024-29978, CVE-2024-32151, CVE-2024-33605, CVE-2024-33610, CVE-2024-33616, CVE-2024-34162, CVE-2024-35244, CVE-2024-36248, CVE-2024-36251
SHA-256 | b34130e7b38cd2d4de974b3c5bbaf20487c4ecc369b0ca9066b9c81dd1667a8e
Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization
Posted Jul 20, 2021
Authored by Pierre Kim

Dell OpenManage Enterprise versions up to 3.6.1 suffer from multiple hard-coded credential issues, multiple privilege escalation, weak permissions, authentication bypass, and other vulnerabilities.

tags | exploit, vulnerability
SHA-256 | b55157214aaa2b6ae562d7cfa0de32cfd562800d2a6cb523e250837eb6218be3
FiberHome HG6245D Disclosure / Bypass / Privilege Escalation / DoS
Posted Jan 13, 2021
Authored by Pierre Kim

FiberHome HG6245D routers suffer from bypass, hard-coded credentials, password disclosure, privilege escalation, denial of service, remote stack overflow, and additional vulnerabilities. suffers from bypass, cross site scripting, denial of service, and privilege escalation vulnerabilities.

tags | exploit, remote, denial of service, overflow, vulnerability, xss, info disclosure
SHA-256 | 2686e5c761e36bc3dfa888e8cf7225a954dc7af702d0bdccbb3ce7c5c5524e11
V-SOL OLTs Backdoor / Privilege Escalation
Posted Jul 14, 2020
Authored by Pierre Kim

Various V-SOL OLTs suffer from multiple backdoor issues, hardcoded RSA keys, potential command injection, and insecure management vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 20f5c0e255904786d117f0970a2860bba9487e20530393ccb85c7c54cba91c1e
CDATA OLTs Backdoor / Privilege Escalation / Information Disclosure
Posted Jul 7, 2020
Authored by Pierre Kim

Various CDATA OLTs suffer from backdoor access with telnet, credential leaks, shell escape with root privileges, denial of service, and weak encryption algorithm vulnerabilities.

tags | exploit, denial of service, shell, root, vulnerability
SHA-256 | 25ead8b8d6facee2b0e679c6d68a14a89d0c99b0b24923b75e4317730748e5e6
Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution
Posted Mar 15, 2020
Authored by Pierre Kim

Zyxel CNM SecuManager versions 3.1.0 and 3.1.1 suffer from having hard-coded secrets, missing authentication, backdoors, and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution
SHA-256 | 3c3f163d0c264f8928d2c11d08aaa6f6a1b4fbcda9b03fe3db342d382fa8d619
D-Link DIR-850L Credential Disclosure
Posted Nov 23, 2017
Authored by Pierre Kim, Zdenda, Raphael de la Vienne, Peter Geissler

D-Link DIR-850L remote code execution variant exploit that extracts username and password for the device.

tags | exploit, remote, code execution
SHA-256 | 1c82c3f87c75fc759451b815a7874e735d42e98ea00c4a393b3d85c52866af91
WiseGiga NAS CSRF / LFI / Command Execution
Posted Sep 11, 2017
Authored by Pierre Kim

WiseGiga NAS suffers from cross site request forgery, local file inclusion, command execution, and default credential vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
SHA-256 | e7fbe801b430323d61a1963f92f116957b217b28433d3d108bd32656242cd400
D-Link 850L XSS / Backdoor / Code Execution
Posted Sep 8, 2017
Authored by Pierre Kim

D-Link 850L suffers from cross site scripting, access bypass, backdoor, bruteforcing, information disclosure, remote code execution, and denial of service vulnerabilities. Basically, do not use this device unless you want to analyze it to see how not to design something.

tags | exploit, remote, denial of service, vulnerability, code execution, xss, info disclosure, csrf
SHA-256 | 3a9bd05d149ac1db91581ef8d913fef21e9b0ab8adc8b8428e217e2841c41d87
Wireless IP Camera (P2P) WIFICAM GoAhead Backdoor / Remote Command Execution
Posted Mar 9, 2017
Authored by Pierre Kim

Wireless IP Camera (P2P) WIFICAM, which gets rebranded as many others, suffers from a backdoor account, remote command execution, transit, and various authentication vulnerabilities.

tags | exploit, remote, vulnerability
SHA-256 | 559b80f2a3cc3fa49e3c01aac9e24b9d9c250fba7e12a6315b8cee5246ab32fc
TP-Link C2 / C20i Command Injection / Denial Of Service
Posted Feb 9, 2017
Authored by Pierre Kim

TP-Link CS and C20i are vulnerable to command injection, denial of service, and improper firewall rule issues.

tags | exploit, denial of service
SHA-256 | eaec08f8fd30acc140b280bed29e39d58c422fe574a7752a1ea1aaef2398036b
OpenBSD HTTP Server 6.0 Denial Of Service
Posted Feb 6, 2017
Authored by Pierre Kim

OpenBSD HTTP server versions up to 6.0 suffer from a denial of service vulnerability.

tags | exploit, web, denial of service
systems | openbsd
advisories | CVE-2017-5850
SHA-256 | 8cb179fc0c44b36068a2fb1ea7d4c3cb44fce813eaf3de73953f10a2bfceac82
D-Link DWR-932B Backdoors / Default WPS PIN
Posted Sep 28, 2016
Authored by Pierre Kim

D-Link DWR-932B suffers from backdoor accounts, default WPS PIN, weak WPS PIN generation, and various other bad security practices and issues.

tags | exploit
SHA-256 | c6622e059d37bef9eede516a3030b6a743db38a5cd314be7e8c8d9f7cd9c8022
Quanta LTE Router Code Execution / Backdoor Accounts
Posted Apr 5, 2016
Authored by Pierre Kim

Quanta LTE routers suffer from backdoor accounts, remote code execution, weak WPS functionality, arbitrary file reading, and a ridiculous amount of other vulnerabilities.

tags | exploit, remote, denial of service, arbitrary, vulnerability, code execution
SHA-256 | 574a7a5333ba067e960ea26d54102349d8fe190084d3f24d869cdee6d409231f
FreeBSD bsnmpd Information Disclosure
Posted Jan 16, 2016
Authored by Pierre Kim

FreeBSD suffers from a bsnmpd information disclosure vulnerability.

tags | exploit, info disclosure
systems | freebsd, bsd
advisories | CVE-2015-5677
SHA-256 | 30858a55de4d08a56a599bb420f85c65dae9f53454ef12c51314ce7d18ea9a53
FreeBSD Security Advisory - FreeBSD-SA-16:06.bsnmpd
Posted Jan 15, 2016
Authored by Pierre Kim

FreeBSD Security Advisory - The SNMP protocol supports an authentication model called USM, which relies on a shared secret. The default permission of the bsnmpd configuration file, /etc/bsnmpd.conf, is weak and does not provide adequate protection against local unprivileged users. A local user may be able to read the shared secret, if configured and used by the system administrator.

tags | advisory, local, protocol
systems | freebsd
advisories | CVE-2015-5677
SHA-256 | a72b9ae60396ff46558b0ec651b04f329fe46350335df2906500a42e8c4ad50b
Ganeti Denial Of Service / Information Disclosure
Posted Jan 5, 2016
Authored by Pierre Kim

Ganeti suffers from unauthenticated information disclosure and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure
advisories | CVE-2015-7944, CVE-2015-7945
SHA-256 | b366b0e8cdc76ece2a45806306e7e5adc7f7ed618bac49a090623b0b34db5e3c
Huawei Wimax CSRF / Information Disclosure / Manipulation
Posted Dec 1, 2015
Authored by Pierre Kim

Huawei Wimax routers suffer from cross site request forgery, information disclosure, and system manipulation vulnerabilities.

tags | exploit, vulnerability, info disclosure, csrf
SHA-256 | 665c198903c1a2084546365ee984482cf859f3ed18d69b64ac380d553c6da03c
OpenBSD net-snmp Information Disclosure
Posted Nov 13, 2015
Authored by Pierre Kim

OpenBSD net-snmp suffers from a credential and information disclosure vulnerability.

tags | exploit, info disclosure
systems | openbsd
advisories | CVE-2015-8100
SHA-256 | a80d494deb52dc8a57e8c8f3a438e4dc2e1095c1a787fbcd33b9d4404d060cac
Huawei 3G Routers CSRF / DoS / Bypass / Information Disclosure
Posted Oct 7, 2015
Authored by Pierre Kim

Huawei 3G routers suffer from authentication bypass, cross site request forgery, denial of service, and various other vulnerabilities.

tags | exploit, denial of service, vulnerability, csrf
SHA-256 | 5d2367658e0c166fbe6a18500efffe9f8332dd64802030160bd60d6778785f68
TOTOLink Backdoor Persistence
Posted Aug 13, 2015
Authored by Pierre Kim

Although they have provided an image with it disabled on start up, TOTOLink routers still have a backdoor built into them.

tags | advisory
SHA-256 | 5fd5e8b16e2f7e7dac5fbbe2efbd48e9af98651b4c03e89f5ba73804906d26a2
8 TOTOLINK Routers Backdoored / Command Execution
Posted Jul 16, 2015
Authored by Pierre Kim, Alexandre Torres

8 TOTOLINK router models have backdoor hardcoded credentials and suffer from remote command execution vulnerabilities.

tags | exploit, remote, vulnerability
SHA-256 | da4f3b45bf033743303421b024a5e6709556b805b29ed6d02f62e31906abb380
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close