exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files from Peter Lapp

Email addresslappsec at gmail.com
First Active2015-01-13
Last Active2019-12-06
Trend Micro Deep Security Agent 11 Arbitrary File Overwrite
Posted Dec 6, 2019
Authored by Peter Lapp

Trend Micro Deep Security Agent 11 suffers from an arbitrary file overwrite vulnerability.

tags | exploit, arbitrary
advisories | CVE-2019-15627
SHA-256 | 893eaef24a4ca96041577727c07da9c8823de03e147d276420609d0067521440
Broadcom CA Privileged Access Manager 2.8.2 Remote Command Execution
Posted Dec 5, 2019
Authored by Peter Lapp

Broadcom CA Privileged Access Manager version 2.8.2 suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2018-9021, CVE-2018-9022
SHA-256 | b57c9d05247aeec50f84b6f1d59466d0e7e19320e75ac48a4c045bb8ffba4b6b
HP Connected Backup 8.6 / 8.8.6 Local Privilege Escalation
Posted Jan 24, 2018
Authored by Peter Lapp

HP Connected Backup versions 8.6 and 8.8.6 suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2017-14355
SHA-256 | 4ec9745a0caf80870df4736931099f57d3387759529f891827958c5514239ef7
AlienVault USM/OSSIM 5.3.4 / 5.3.5 Remote Command Execution
Posted Apr 14, 2017
Authored by temp66, Peter Lapp | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection in Alienvault USM/OSSIM versions 5.3.4 and 5.3.5. The vulnerability lies in an API function that does not check for authentication and then passes user input directly to a system call as root.

tags | exploit, root
SHA-256 | d72c139011d02b5dd53490824fea6a9d33d4ea93c69d1eaa4c8702f390b4d945
Alienvault OSSIM / USM 5.3.0 Authentication Bypass
Posted Mar 7, 2017
Authored by Peter Lapp

Alienvault OSSIM / USM versions 5.3.0 and below suffer from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2016-7955
SHA-256 | ccc7d25b13cf43b235374996a93e7e29606307a1b963ca5677daa1e44f30002d
AlienVault OSSIM/USM Remote Code Execution
Posted Feb 25, 2017
Authored by Mehmet Ince, Peter Lapp | Site metasploit.com

This Metasploit module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object injection vulnerability which leads to SQL injection attack that leaks an administrator session token. Attackers can create a rogue action and policy that enables to execute operating system commands by using captured session token. As a final step, SSH login attempt with a invalid credentials can trigger a created rogue policy which triggers an action that executes operating system command with root user privileges. This Metasploit module was tested against following product and versions: AlienVault USM 5.3.0, 5.2.5, 5.0.0, 4.15.11, 4.5.0 AlienVault OSSIM 5.0.0, 4.6.1

tags | exploit, arbitrary, root, spoof, php, vulnerability, sql injection
SHA-256 | ac4cd7158b0ae42d40bce75202d5221b0347a49712ff529804a31fe058562cf0
Alienvault OSSIM/USM 5.3.1 PHP Object Injection
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a php object injection vulnerability.

tags | exploit, php
advisories | CVE-2016-8580
SHA-256 | 15c73504476ef61ce3f78973018cb8b2513108fb8a4f815dca1ef6a0da27f672
Alienvault OSSIM/USM 5.3.1 Persistent Cross Site Scripting
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-8581
SHA-256 | 373697a8bc5814e72590ca5c5ffda41e105c91a84d2e74b0d4e25fb2659889b6
Alienvault OSSIM/USM 5.3.1 SQL Injection
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2016-8582
SHA-256 | 30fc087a9e2c28203acf4fa8bf0c93d8dbf91426b95c05cb6c56d71080f5ecdc
Alienvault OSSIM/USM 5.3.1 Cross Site Scripting
Posted Nov 2, 2016
Authored by Peter Lapp

Alienvault OSSIM/USM versions 5.3.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-8583
SHA-256 | 67edb0c1f8dc320c504c4dc2955487eacc3b39dcbb0d2dd72fa7e4322b63bd3e
EasyDNNnews Cross Site Scripting
Posted Jan 13, 2016
Authored by Peter Lapp

EasyDNNnews versions prior to 7.5 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c301e8eddd3eb44f1d899c7ce2722b610bd164ac4b7e465bd2cb23277bc8e516
Alienvault OSSIM/USM 4.x / 5.0 XSS / SQL Injection / Command Execution
Posted May 6, 2015
Authored by Peter Lapp

Alienvault OSSIM/USM versions 4.14, 4.15, and 5.0 suffer from cross site scripting, remote command execution, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 05fedd0172a711f1b3ebccf206431da754dbc59c1c66baabdd88b6a813ba1830
F5 BIG-IP ASM 11.4.1 Filter Bypass
Posted May 6, 2015
Authored by Peter Lapp

The F5 ASM is a web application firewall designed to protect web applications from attacks. Due to the way that the system processes JSON content, it's possible to bypass the ASM using a crafted request to a URL that processes both JSON and regular URL encoded requests. Versions 11.4.0 and 11.4.1 are confirmed vulnerable.

tags | exploit, web, bypass
SHA-256 | e6abe385fd18e2857c231bede6a8524e4d82cb8ad1197e2ab340759994fa7bad
Alienvault OSSIM/USM 4.14.X Command Execution
Posted Jan 16, 2015
Authored by Peter Lapp

Alienvault OSSIM/USM versions 4.14.x and below suffer from a remote command execution vulnerability. Proof of concept included.

tags | exploit, remote, proof of concept
SHA-256 | a68baa3bbf3f63879d7b7f3eaa8c9b8bc017abc0c0112daba2b272eca6043950
F5 BIG-IP Application Security Manager (ASM) XSS
Posted Jan 13, 2015
Authored by Peter Lapp

F5 BIG-IP Application Security Manager (ASM) versions 11.4.0, 11.4.1, and likely 11.4.x-11.5.x suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 16576032ddeda7555602b8798ffb21e9ce47e0cba867050f523c045d39124b0d
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close