Eric Sesterhenn

18 exploits Active since Feb 2017
CVE-2017-6307 WRITEUP HIGH WRITEUP
Tnef < 1.4.12 - Out-of-Bounds Write
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.
CVSS 7.8
CVE-2017-6308 WRITEUP HIGH WRITEUP
Tnef < 1.4.12 - Integer Overflow
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.
CVSS 7.8
CVE-2017-6309 WRITEUP HIGH WRITEUP
Tnef < 1.4.12 - Out-of-Bounds Write
An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.
CVSS 7.8
CVE-2017-6310 WRITEUP HIGH WRITEUP
Tnef < 1.4.12 - Out-of-Bounds Write
An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.
CVSS 7.8
CVE-2017-8840 EXPLOITDB MEDIUM text WRITEUP
Peplink B305hw2 Firmware - Information Disclosure
Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, and Submitted syncid.
CVSS 5.3
CVE-2017-8839 EXPLOITDB MEDIUM text WRITEUP
Peplink B305hw2 Firmware - XSS
XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi.
CVSS 6.1
CVE-2017-8838 EXPLOITDB MEDIUM text WRITEUP
Peplink B305hw2 Firmware - XSS
XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.
CVSS 6.1
CVE-2017-8837 EXPLOITDB CRITICAL text WRITEUP
Peplink B305hw2 Firmware - Insufficiently Protected Credentials
Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.
CVSS 9.8
CVE-2017-8836 EXPLOITDB HIGH text WRITEUP
Peplink B305hw2 Firmware - CSRF
CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.
CVSS 8.8
CVE-2017-8835 EXPLOITDB CRITICAL text WRITEUP
Peplink B305hw2 Firmware - SQL Injection
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.
CVSS 9.8
CVE-2017-15270 EXPLOITDB MEDIUM text WRITEUP
Psftpd - Improper Input Validation
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' and '\r' are not escaped and can be used to add new entries to the log.
CVSS 5.3
CVE-2017-15271 EXPLOITDB MEDIUM text WRITEUP
Psftpd - Use After Free
A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled attackers to perform a very effective DoS attack against this service. By sending a crafted SSH identification / version string to the server, a NULL pointer dereference could be caused, apparently because of a race condition in the window message handling, performing the cleanup for invalid connections. This incorrect cleanup code has a use-after-free.
CVSS 5.9
EIP-2026-113227 EXPLOITDB text WORKING POC
Web Video Streamer - Multiple Vulnerabilities
EIP-2026-111987 EXPLOITDB text WRITEUP
Seo Panel - 'file' Directory Traversal
EIP-2026-107681 EXPLOITDB text WRITEUP
HumHub 0.11.2/0.20.0-beta.2 - SQL Injection
CVE-2014-5380 EXPLOITDB HIGH perl WORKING POC
Granding Grand Ma300 Firmware - Cleartext Transmission
Grand MA 300 allows retrieval of the access PIN from sniffed data.
CVSS 7.5
CVE-2014-5381 EXPLOITDB CRITICAL perl WORKING POC
Granding Grand Ma300 Firmware - Insufficiently Protected Credentials
Grand MA 300 allows a brute-force attack on the PIN.
CVSS 9.8
CVE-2017-8841 EXPLOITDB HIGH text WRITEUP
Peplink B305hw2 Firmware - Path Traversal
Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter.
CVSS 8.1