Time To Patch: RCE on Meinberg NTP Time Server

During a recent vulnerability assessment for a customer, I ran across an interesting web server while enumerating network enabled devices.  Navigating to the web server presented the management interface for a Meinberg NTP Time Server. This particular hardware appliance was used to provide an accurate time source for time-sensitive applications and hardware components while [...]

By |2024-04-15T14:26:05+00:00July 17th, 2016|EXPLOITS|0 Comments
Read More

Fun with Remote Controllers – Dameware Mini Remote Control (CVE-2016-2345)

While performing security assessments, we often come across software that allows administrators to remotely manage systems on their network. There are dozens of different packages available, with varying benefits and drawbacks. With this convenience comes the obvious security implications that come from allowing remote access to a system. [...]

By |2024-04-15T14:26:05+00:00April 3rd, 2016|EXPLOITS|3 Comments
Read More

MEDCIN Engine Exploitation – Part 2 (CVE-2015-2898-2901, CVE-2015-6006)

Before I dive deep into a technical write-up, I first wanted to give a quick summary of what this post is going to cover for those that may want to skip around. This article is in reference to the disclosure posted here. I'm going to start by reviewing past work [...]

By |2024-04-15T14:26:05+00:00January 6th, 2016|EXPLOITS|0 Comments
Read More

BSIDES Charleston 2015 – IAVA 2015-A-0127 Walkthrough and POC Exploit

I recently presented "Software Vulnerability Discovery and Exploitation during Red Team Assessments" at BSides Charleston 2015 and wanted to give others the ability to follow along with the slides by testing the POC against their own virtual environment. The slides can be found on slideshare here. The [...]

By |2024-04-15T14:26:05+00:00November 17th, 2015|EXPLOITS|2 Comments
Read More
Copyright 2025 Securifera | All Rights Reserved
XYouTube
Go to Top