Eric Sesterhenn

22 exploits Active since Feb 2017
CVE-2017-6307 WRITEUP HIGH WRITEUP
tnef < 1.4.13 - Out-of-bounds Write in MAPI Attribute Reader
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.
CVSS 7.8
CVE-2017-6308 WRITEUP HIGH WRITEUP
tnef < 1.4.13 - Integer Overflow and Heap Overflow via Memory Allocation Wrapper
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.
CVSS 7.8
CVE-2017-6309 WRITEUP HIGH WRITEUP
tnef < 1.4.13 - Out-of-bounds Read via Type Confusion in parse_file()
An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.
CVSS 7.8
CVE-2017-6310 WRITEUP HIGH WRITEUP
tnef < 1.4.13 - Out-of-bounds Read via MAPI Attribute Type Confusion
An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.
CVSS 7.8
CVE-2017-6307 WRITEUP HIGH WRITEUP
tnef < 1.4.13 - Out-of-bounds Write in MAPI Attribute Reader
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.
CVSS 7.8
CVE-2017-6308 WRITEUP HIGH WRITEUP
tnef < 1.4.13 - Integer Overflow and Heap Overflow via Memory Allocation Wrapper
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.
CVSS 7.8
CVE-2017-6309 WRITEUP HIGH WRITEUP
tnef < 1.4.13 - Out-of-bounds Read via Type Confusion in parse_file()
An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.
CVSS 7.8
CVE-2017-6310 WRITEUP HIGH WRITEUP
tnef < 1.4.13 - Out-of-bounds Read via MAPI Attribute Type Confusion
An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.
CVSS 7.8
CVE-2017-8840 EXPLOITDB MEDIUM text WRITEUP
Peplink Balance Firmware - Unauthenticated Sensitive Information Exposure via HASync Debug Endpoint
Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, and Submitted syncid.
CVSS 5.3
CVE-2017-8839 EXPLOITDB MEDIUM text WRITEUP
Peplink Balance 305 380 580 710 1350 2500 Firmware - Cross-Site Scripting via orig_url Parameter
XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi.
CVSS 6.1
CVE-2017-8838 EXPLOITDB MEDIUM text WRITEUP
Peplink Balance 305 380 580 710 1350 2500 Firmware - Cross-Site Scripting via syncid Parameter
XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.
CVSS 6.1
CVE-2017-8837 EXPLOITDB CRITICAL text WRITEUP
Peplink Balance Firmware Cleartext Password Storage in /etc/waipass and /etc/roapass
Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.
CVSS 9.8
CVE-2017-8836 EXPLOITDB HIGH text WRITEUP
Peplink Balance 305, 380, 580, 710, 1350, and 2500 Firmware - Cross-Site Request Forgery in Administrative CGI Scripts
CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.
CVSS 8.8
CVE-2017-8835 EXPLOITDB CRITICAL text WRITEUP
Peplink Balance 305, 380, 580, 710, 1350, and 2500 Firmware < 7.0.1-build2093 - SQL Injection via bauth Cookie
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.
CVSS 9.8
CVE-2017-15270 EXPLOITDB MEDIUM text WRITEUP
psftpd 10.0.4 Build 729 - Log Injection via CSV Escape Bypass
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' and '\r' are not escaped and can be used to add new entries to the log.
CVSS 5.3
CVE-2017-15271 EXPLOITDB MEDIUM text WRITEUP
PSFTPd 10.0.4 Build 729 - Unauthenticated Use-After-Free via Crafted SSH Identification String
A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled attackers to perform a very effective DoS attack against this service. By sending a crafted SSH identification / version string to the server, a NULL pointer dereference could be caused, apparently because of a race condition in the window message handling, performing the cleanup for invalid connections. This incorrect cleanup code has a use-after-free.
CVSS 5.9
EIP-2026-113227 EXPLOITDB text WORKING POC
Web Video Streamer - Multiple Vulnerabilities
EIP-2026-111987 EXPLOITDB text WRITEUP
Seo Panel - 'file' Directory Traversal
EIP-2026-107681 EXPLOITDB text WRITEUP
HumHub 0.11.2/0.20.0-beta.2 - SQL Injection
CVE-2014-5380 EXPLOITDB HIGH perl WORKING POC
Grand MA 300 Firmware - Cleartext Transmission of Sensitive PIN Data
Grand MA 300 allows retrieval of the access PIN from sniffed data.
CVSS 7.5
CVE-2014-5381 EXPLOITDB CRITICAL perl WORKING POC
Grand MA 300 Firmware - Insufficiently Protected Credentials via Weak PIN Verification
Grand MA 300 allows a brute-force attack on the PIN.
CVSS 9.8
CVE-2017-8841 EXPLOITDB HIGH text WRITEUP
Peplink Balance 305 380 580 710 1350 2500 Firmware - Arbitrary File Deletion via upfile.path Parameter
Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter.
CVSS 8.1