-
(CVE-2020-11553 -> CVE-2020-11557) NOC NOC. Who’s there? Your NMS is pwnd.
Recently I discovered vulnerabilities in Castle Rock Computing’s SNMPc Enterprise, specifically SNMPc OnLine 12.10.10 before 2020-01-28. Instead of writing my usual blog post containing the coordinated disclosure information, I thought I would do something a little bit different this time and create a simple tutorial for new players regarding the importance of bug chaining. We’ll […]
-
(CVE-2019-13494) SNMPc Enterprise Edition 9 & 10 Stack Based Buffer Overflow
Background: On the 27th May 2019 I discovered a number of stack based buffer overflows in Castle Rock Computing’s SNMPc Enterprise Edition 9 & 10. Exploitation of the these vulnerabilities allows an attacker to execute arbitrary code on the targeted system/s. Castle Rock Computing’s (CRC) SNMPc Enterprise 10 “is a secure distributed Network Management System […]
-
(CVE-2019-12774 –> CVE-2019-12777) ENTTEC Lighting Controllers Vulnerabilities
In March 2019 I discovered numerous vulnerabilities in a number of ENTTEC’s Lighting Controller products. These vulnerabilities were identified in the current firmware versions publicly available from ENTTEC’s website product pages. According to the comapany’s website, ENTTEC are “Leaders in the expert design and manufacture of LED lights and controls, ENTTEC are an Australian company […]
-
(CVE-2018-5457) Vyaire Medical CareFusion Upgrade Utility Vulnerability
Background: On the 03rd August 2017 I discovered an Uncontrolled Search Path Element (CWE-427) vulnerability in Vyaire Medical’s CareFusion Upgrade Utility software. This vulnerability can be exploited by placing a crafted DLL file in the search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and execute arbitrary […]
-
(CVE-2017-14020) Automation Direct Multiple Software Vulnerabilities
Background: In late July 2017, I discovered vulnerabilities in a number of AutomationDirect’s industrial control products, particularly around the programming and interaction software. These vulnerabilities can be exploited by placing a crafted DLL file in the software search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and […]
-
(CVE-2017-14029) VTScada HMI and SCADA Software Vulnerability
Background: On the 05th August 2017 I discovered an Uncontrolled Search Path Element (CWE-427) vulnerability in Trihedral Engineering Limited’s VTScada HMI and SCADA software. This vulnerability can be exploited by placing a crafted DLL file in the search path which is loaded prior to a valid DLL, allowing an attacker to hijack the DLL and […]
-
(CVE-2017-9335) Red Lion Controls Sixnet-Managed Industrial Switches, AutomationDirect STRIDE-Managed Ethernet Switches Vulnerabilities
Background: On the 16th October 2016 I discovered a number of vulnerabilities in Red Lion Controls’ Sixnet SLX Managed Industrial Switches and AutomationDirect’s STRIDE Managed Ethernet Switches. The industrial switches are commonly deployed worldwide in critical infrastructure environments and were identified to Use Hard-coded Cryptographic Keys (CVE-2017-9335 | CWE-321) as well as Incorrect Permissions Assignment […]
-
PCMan BOFing
Picture this… you are having a crack at a CTF comp, and you have managed to smash most of the miscellaneous, web, forensic, and trivia challenges. The scoreboard shows that you have had a pretty good run, but then.. one by one other teams start to leap frog you on the ladder! What is going […]
-
CVE-TBA: Reflected Cross-Site Scripting (XSS) in QNAP TS-x09 Turbo NAS
On the 7th of July 2015 I discovered a reflected cross-site scripting (XSS) vulnerability in QNAP TS-x09 Network Attached Storage devices. Full disclosure was undertaken with the vendor and a CVE-ID has been requested from Mitre. CVE-ID: requested 7th July 2015 Author: Mark Cross Twitter: @xerubus WWW: www.mogozobo.com Summary A reflected Cross-Site scripting vulnerability was […]
-
CVE-TBA: Cleartext base64 format for transmission of credentials within cookies in QNAP TS-x09 Turbo NAS
On the 13th of July 2015 I discovered a clear text base64 transmission of credentials vulnerability within cookies in QNAP TS-x09 Network Attached Storage devices. Full disclosure was undertaken with the vendor and a CVE-ID has been requested from Mitre. CVE-ID: requested 13th July 2015 Author: Mark Cross Twitter: @xerubus WWW: www.mogozobo.com Summary A plaintext […]
-
Fear thy neighbours
In a previous article All your AP base are belong to us, I touched on why it is so important to ensure that you do not have WPS running on your wireless access point (WAP) or router. If you had no alternative but to run WPS, then you should make certain that your router is […]