Craig Young

9 exploits Active since Dec 2013
CVE-2013-3313 EXPLOITDB HIGH text WORKING POC
Loftek Nexus 543 IP Camera - Info Disclosure
The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311.
CVSS 7.5
CVE-2013-3312 EXPLOITDB HIGH text WORKING POC
Loftek Nexus 543 Firmware - Cross-Site Request Forgery via set_users.cgi
Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) passwords or (2) firewall configuration, as demonstrated by a request to set_users.cgi.
CVSS 8.8
CVE-2013-3311 EXPLOITDB HIGH text WORKING POC
Loftek Nexus 543 Firmware - Unauthenticated Path Traversal via URL
Directory traversal vulnerability in the Loftek Nexus 543 IP Camera allows remote attackers to read arbitrary files via a .. (dot dot) in the URL of an HTTP GET request.
CVSS 7.5
CVE-2014-0224 METASPLOIT HIGH ruby SCANNER
SSL Labs API Client
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
CVSS 7.4
CVE-2013-2751 METASPLOIT ruby WORKING POC
NETGEAR ReadyNAS <4.1.12 & <4.2.24 - Code Injection
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."
CVE-2013-3568 METASPLOIT HIGH ruby WORKING POC
Cisco Linksys WRT110 Firmware - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
CVSS 8.8
CVE-2013-3314 EXPLOITDB HIGH text WORKING POC
Loftek Nexus 543 Firmware - Unauthenticated Sensitive Information Exposure via get_realip.cgi and get_status.cgi
The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) IP addresses via a request to get_realip.cgi or (2) firmware versions (ui and system), timestamp, serial number, p2p port number, and wifi status via a request to get_status.cgi.
CVSS 7.5
CVE-2013-3568 EXPLOITDB HIGH ruby WORKING POC
Cisco Linksys WRT110 Firmware - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
CVSS 8.8
CVE-2013-2751 EXPLOITDB ruby WORKING POC
NETGEAR ReadyNAS <4.1.12 & <4.2.24 - Code Injection
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."