Suggested description
Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response.
Vulnerability Type
Buffer Overflow
berkgoksel
/ setup.py
Last active
February 20, 2019 16:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pip._internal import main | |
| import sys | |
| inst = {'y','yes'} | |
| try: | |
| import numpy as np | |
| print("Everything seems OK. No need for setup.") | |
| except ImportError: |
berkgoksel
/ Ericsson LG IPECS NMS Cleartext Credential Dump
Created
January 25, 2019 13:38
Dump postgresql database credentials, NMS login credentials and domain user credentials
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| # Exploit Title: Ericsson-LG iPECS NMS - Cleartext Cred. Dump | |
| # Vendor Notification: 03-03-2018 - No response | |
| # Initial CVE: 04-04-2018 | |
| # Disclosure: 21-04-2018 | |
| # Exploit Author: Berk Cem Göksel | |
| # Contact: twitter.com/berkcgoksel || bgoksel.com | |
| # Vendor Homepage: http://www.ipecs.com/ |
berkgoksel
/ Core FTP LE - Remote Buffer Overflow - PoC (CVE-2018-12113).py
Last active
June 29, 2018 13:44
PoC for CVE-2018-12113
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # coding: utf-8 | |
| ############ Description: ########## | |
| # The vulnerability was discovered during a vulnerability research lecture. | |
| # This is meant to be a PoC. | |
| #################################### | |
| # Exploit Title: Core FTP LE v2.2 Build 1921 (Client) - Buffer Overflow PoC | |
| # Date: 12 Jun 2018 |
berkgoksel
/ Core FTP LE - Remote Buffer Overflow - (CVE-2018-12113).md
Last active
June 22, 2018 06:44
Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution
berkgoksel
/ PaleMoon_PoC.html
Created
June 13, 2018 15:12
Pale Moon Browser < 27.9.3 - Use After Free - Proof of Concept.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- PaleMoon Browser - Proof of Concept --> | |
| <!-- Exploit Title: Pale Moon Browser < 27.9.3 - Use After Free - Proof of Concept --> | |
| <!-- Date: 13 Jun 2018 --> | |
| <!-- Author - Berk Cem Goksel --> | |
| <!-- Contact: twitter.com/berkcgoksel || bgoksel.com --> | |
| <!-- Vendor Homepage: https://www.palemoon.org/ --> | |
| <!-- Software Link: https://www.palemoon.org/palemoon-win32.shtml --> | |
| <!-- Version: Versions prior to 27.9.3 (Tested versions: 27.9.0, 27.9.1, 27.9.2) --> | |
| <!-- Tested on: Windows 10 --> |
berkgoksel
/ Pale Moon Browser Use-after-free (CVE 2018-12292).md
Last active
June 13, 2018 15:13
Use after free vulnerability on Pale Moon Browser. Multiple versions affected.
Suggested description
A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject on Pale Moon Browser versions before 27.9.3.
Additional Information
The vulnerability has been confirmed and patched by the vendor.
berkgoksel
/ nms_creddump.py
Last active
April 25, 2018 18:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from sys import argv | |
| import sys | |
| import os | |
| import time | |
| import requests | |
| import re | |
| if len(argv) != 3: |
berkgoksel
/ Test
Created
April 22, 2018 10:31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Test | |
| 123 |
berkgoksel
/ CVE-2018-10285.md
Last active
April 22, 2018 16:32
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms
Suggested description
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.
Vulnerability Type
berkgoksel
/ CVE-2018-10286.md
Last active
April 22, 2018 16:32
The Ericsson-LG iPECS NMS A.1Ac web application discloses cleartext credentials
Suggested description
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.
NewerOlder