Posts by: Maurizio Agazzini (aka inode)
CVE-2016-7065 – Red Hat JBoss EAP deserialization of untrusted data
Red Hat JBoss EAP deserialization of untrusted data Advisory URL: http://lab.mediaservice.net/advisory/2016-05-jboss.txt [crayon-5c689f1466726349188357/]
CVE-2016-5983 – IBM WebSphere deserialization of untrusted data
IBM WebSphere deserialization of untrusted data Advisory url: http://lab.mediaservice.net/advisory/2016-02-websphere.txt [crayon-5c689f14669ef109929602/]
McAfee VirusScan Enterprise security restrictions bypass
McAfee VirusScan Enterprise security restrictions bypass Advisory URL: http://lab.mediaservice.net/advisory/2016-01-mcafee.txt [crayon-5c689f1466cca828623234/]
VPN Brute forcer
vpnc-brute is a modified version of the VPNC client (https://www.unix-ag.uni-kl.de/~massar/vpnc/) that add capabilities to automatically check a combination of user and password . The source code has been patched to…
Windows To Go on USB 3.0 controllers
Some days ago we decided to test Windows To Go. After installing Windows 8.1 on a Sandisk Extreme USB 3.0 64 GB key we incurred into a problem. The system…
HP System Management Homepage JustGetSNMPQueue Command Injection without Metasploit
Some days ago we tried to use the "exploit/multi/http/hp_sys_mgmt_exec" Metasploit module on one of our targets. The host was vulnerable but a Meterpreter session was not opened: [crayon-5c689f1466f43650091816/] After some…
McAfee Virus Scan Enterprise password hashing demystified
McAfee Virus Scan Enterprise has a feature to protect settings modification from server admins by setting a password. This password is stored into registry, before version 8.8 the hash of…
SIP digest leak – Metasploit module
Metasploit module for the SIP digest leak discovered by EnableSecurity. By sending a fake call to a phone, when the user hangs up a BYE message is sent back. If…