Posts by: Maurizio Agazzini (aka inode)
CVE-2016-7065 – Red Hat JBoss EAP deserialization of untrusted data
Red Hat JBoss EAP deserialization of untrusted data Advisory URL: http://lab.mediaservice.net/advisory/2016-05-jboss.txt [crayon-5b03afb1065a4545895476/]
CVE-2016-5983 – IBM WebSphere deserialization of untrusted data
IBM WebSphere deserialization of untrusted data Advisory url: http://lab.mediaservice.net/advisory/2016-02-websphere.txt [crayon-5b03afb10699d028704751/]
McAfee VirusScan Enterprise security restrictions bypass
McAfee VirusScan Enterprise security restrictions bypass Advisory URL: http://lab.mediaservice.net/advisory/2016-01-mcafee.txt [crayon-5b03afb106d5b061801193/]
VPN Brute forcer
vpnc-brute is a modified version of the VPNC client (https://www.unix-ag.uni-kl.de/~massar/vpnc/) that add capabilities to automatically check a combination of user and password . The source code has been patched to…
Windows To Go on USB 3.0 controllers
Some days ago we decided to test Windows To Go. After installing Windows 8.1 on a Sandisk Extreme USB 3.0 64 GB key we incurred into a problem. The system…
HP System Management Homepage JustGetSNMPQueue Command Injection without Metasploit
Some days ago we tried to use the "exploit/multi/http/hp_sys_mgmt_exec" Metasploit module on one of our targets. The host was vulnerable but a Meterpreter session was not opened: [crayon-5b03afb10713d210537867/] After some…
McAfee Virus Scan Enterprise password hashing demystified
McAfee Virus Scan Enterprise has a feature to protect settings modification from server admins by setting a password. This password is stored into registry, before version 8.8 the hash of…
SIP digest leak – Metasploit module
Metasploit module for the SIP digest leak discovered by EnableSecurity. By sending a fake call to a phone, when the user hangs up a BYE message is sent back. If…