· 6 years ago · Jan 25, 2020, 07:22 PM
1#FENIXFINANCIALSCAM
2
3
4Starting PostgreSQL 12 database server: main.
5[94m[*][0m Loaded configuration file from ~/.sniper.conf [94m[[0m[92mOK[0m[94m][0m
6[94m[*][0m Saving loot to /usr/share/sniper/loot/workspace/fenixfinancialsolutions.com [94m[[0m[92mOK[0m[94m][0m
7Starting PostgreSQL 12 database server: main.
8[94m[*] Saving loot to /usr/share/sniper/loot/workspace/fenixfinancialsolutions.com [[0m[92mOK[0m[94m][0m
9[91m
10[91m ____
11[91m __,-~~/~ `---.
12[91m _/_,---( , )
13[91m __ / < / ) \___
14[91m - ------===;;;'====------------------===;;;===----- - -
15[91m \/ ~'~'~'~'~'~\~'~)~'/
16[91m (_ ( \ ( > \)
17[91m \_( _ < >_>'
18[91m ~ `-i' ::>|--"
19[91m I;|.|.|
20[91m <|i::|i|`.
21[91m (` ^''`-' ')
22[91m --------------------------------------------------------- [0m
23[93m + -- --=[WARNING! Nuking ALL target! [0m
24[0m
25Starting PostgreSQL 12 database server: main.
26[94m[*][0m Loaded configuration file from ~/.sniper.conf [94m[[0m[92mOK[0m[94m][0m
27[94m[*][0m Saving loot to /usr/share/sniper/loot/workspace/fenixfinancialsolutions.com [94m[[0m[92mOK[0m[94m][0m
28Starting PostgreSQL 12 database server: main.
29[91m ____ [0m
30[91m _________ / _/___ ___ _____[0m
31[91m / ___/ __ \ / // __ \/ _ \/ ___/[0m
32[91m (__ ) / / // // /_/ / __/ / [0m
33[91m /____/_/ /_/___/ .___/\___/_/ [0m
34[91m /_/ [0m
35[0m
36[93m + -- --=[https://xerosecurity.com
37[93m + -- --=[Sn1per v8.0 by @xer0dayz
38[0m
39[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
40[91m GATHERING DNS INFO [0m
41[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
42dnsenum VERSION:1.2.6
43[1;34m
44----- fenixfinancialsolutions.com -----
45[0m[1;31m
46
47Host's addresses:
48__________________
49
50[0mfenixfinancialsolutions.com. 163 IN A 182.50.132.242
51[1;31m
52
53Name Servers:
54______________
55
56[0mns60.domaincontrol.com. 21164 IN A 173.201.68.31
57ns59.domaincontrol.com. 21164 IN A 97.74.100.31
58[1;31m
59
60Mail (MX) Servers:
61___________________
62
63[0m[1;31m
64
65Trying Zone Transfers and getting Bind Versions:
66_________________________________________________
67
68[0m
69Trying Zone Transfer for fenixfinancialsolutions.com on ns60.domaincontrol.com ...
70
71Trying Zone Transfer for fenixfinancialsolutions.com on ns59.domaincontrol.com ...
72[1;31m
73
74Brute forcing with /usr/share/sniper/wordlists/vhosts.txt:
75___________________________________________________________
76
77[0mwww.fenixfinancialsolutions.com. 3149 IN CNAME fenixfinancialsolutions.com.
78fenixfinancialsolutions.com. 149 IN A 182.50.132.242
79[1;31m
80
81fenixfinancialsolutions.com class C netranges:
82_______________________________________________
83
84[0m 182.50.132.0/24
85[1;31m
86
87fenixfinancialsolutions.com ip blocks:
88_______________________________________
89
90[0m 182.50.132.242/32
91
92done.
93[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
94[91m CHECKING FOR SUBDOMAIN HIJACKING [0m
95[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
96
97[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
98[91m PINGING HOST [0m
99[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
100PING fenixfinancialsolutions.com (182.50.132.242) 56(84) bytes of data.
10164 bytes from ip-182-50-132-242.ip.secureserver.net (182.50.132.242): icmp_seq=1 ttl=242 time=2.78 ms
102
103--- fenixfinancialsolutions.com ping statistics ---
1041 packets transmitted, 1 received, 0% packet loss, time 0ms
105rtt min/avg/max/mdev = 2.783/2.783/2.783/0.000 ms
106
107[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
108[91m RUNNING TCP PORT SCAN [0m
109[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
110Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-25 19:05 UTC
111Nmap scan report for fenixfinancialsolutions.com (182.50.132.242)
112Host is up (0.0030s latency).
113rDNS record for 182.50.132.242: ip-182-50-132-242.ip.secureserver.net
114Not shown: 494 filtered ports
115Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
116PORT STATE SERVICE
11780/tcp open http
118443/tcp open https
119
120Nmap done: 1 IP address (1 host up) scanned in 4.71 seconds
121[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
122[91m RUNNING UDP PORT SCAN [0m
123[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
124Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-25 19:05 UTC
125Nmap scan report for fenixfinancialsolutions.com (182.50.132.242)
126Host is up (0.000020s latency).
127rDNS record for 182.50.132.242: ip-182-50-132-242.ip.secureserver.net
128Not shown: 7 filtered ports
129PORT STATE SERVICE
13068/udp open|filtered dhcpc
13188/udp open|filtered kerberos-sec
132137/udp open|filtered netbios-ns
133139/udp open|filtered netbios-ssn
134162/udp open|filtered snmptrap
135389/udp open|filtered ldap
136520/udp open|filtered route
1372049/udp open|filtered nfs
138
139Nmap done: 1 IP address (1 host up) scanned in 2.58 seconds
140
141[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
142[91m RUNNING INTRUSIVE SCANS [0m
143[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
144[91m + -- --=[Port 21 closed... skipping.[0m
145[91m + -- --=[Port 22 closed... skipping.[0m
146[91m + -- --=[Port 23 closed... skipping.[0m
147[91m + -- --=[Port 25 closed... skipping.[0m
148[91m + -- --=[Port 53 closed... skipping.[0m
149[91m + -- --=[Port 67 closed... skipping.[0m
150[91m + -- --=[Port 68 closed... skipping.[0m
151[91m + -- --=[Port 69 closed... skipping.[0m
152[91m + -- --=[Port 79 closed... skipping.[0m
153[93m + -- --=[Port 80 opened... running tests...[0m
154[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
155[91m CHECKING HTTP HEADERS AND METHODS [0m
156[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
157HTTP/1.1 301 Moved Permanently
158location: https://fenixfinancialsolutions.com/
159Vary: Accept-Encoding
160Server: DPS/1.7.0
161X-SiteId: 3000
162Set-Cookie: dps_site_id=3000; path=/
163Date: Sat, 25 Jan 2020 19:05:53 GMT
164Connection: keep-alive
165
166[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
167[91m DISPLAYING META GENERATOR TAGS [0m
168[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
169icon
170[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
171[91m DISPLAYING COMMENTS [0m
172[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
173[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
174[91m DISPLAYING SITE LINKS [0m
175[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
176text/css
177text/javascript
178[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
179[91m CHECKING FOR WAF [0m
180[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
181
182 [1;97m______
183 [1;97m/ \
184 [1;97m( Woof! )
185 [1;97m\ ____/ [1;91m)
186 [1;97m,, [1;91m) ([1;93m_
187 [1;93m.-. [1;97m- [1;92m_______ [1;91m( [1;93m|__|
188 [1;93m()``; [1;92m|==|_______) [1;91m.)[1;93m|__|
189 [1;93m/ (' [1;92m/|\ [1;91m( [1;93m|__|
190 [1;93m( / ) [1;92m / | \ [1;91m. [1;93m|__|
191 [1;93m\(_)_)) [1;92m/ | \ [1;93m|__|[0m
192
193 [1;96m~ WAFW00F : [1;97mv2.0.0 ~
194 The Web Application Firewall Fingerprinting Toolkit
195 [0m
196[*] Checking http://fenixfinancialsolutions.com
197[+] Generic Detection results:
198[-] No WAF detected by the generic detection
199[~] Number of requests: 7
200
201[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
202[91m GATHERING HTTP INFO [0m
203[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
204[1m[34mhttp://fenixfinancialsolutions.com[0m [301 Moved Permanently] [1m[37mCookies[0m[[37mdps_site_id[0m], [1m[37mCountry[0m[[37mSINGAPORE[0m][[1m[31mSG[0m], [1m[37mHTTPServer[0m[[1m[36mDPS/1.7.0[0m], [1m[37mIP[0m[[37m182.50.132.242[0m], [1m[37mRedirectLocation[0m[[37mhttps://fenixfinancialsolutions.com/[0m], [1m[37mUncommonHeaders[0m[[37mx-siteid[0m], [1m[37mWebsiteTonight[0m
205[1m[34mhttps://fenixfinancialsolutions.com/[0m [200 OK] [1m[37mCookies[0m[[37mdps_site_id[0m], [1m[37mCountry[0m[[37mSINGAPORE[0m][[1m[31mSG[0m], [1m[37mHTML5[0m, [1m[37mHTTPServer[0m[[1m[36mDPS/1.7.0[0m], [1m[37mIP[0m[[37m182.50.132.242[0m], [1m[37mMeta-Author[0m[[37mFenix Financial Solutions[0m], [1m[37mMetaGenerator[0m[[37mStarfield Technologies; Go Daddy Website Builder 8.0.0000[0m], [1m[37mOpen-Graph-Protocol[0m[[1m[32mwebsite[0m], [1m[37mScript[0m[[37mtext/javascript[0m], [1m[37mTitle[0m[[1m[33mFenix Financial Solutions[0m], [1m[37mUncommonHeaders[0m[[37mlink,content-security-policy,x-siteid[0m], [1m[37mWebsiteTonight[0m, [1m[37mX-UA-Compatible[0m[[37mIE=edge[0m]
206[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
207[91m GATHERING SERVER INFO [0m
208[92m====================================================================================[0m•x[92m[2020-01-25](19:05)[0mx•
209
210wig - WebApp Information Gatherer
211
212
213[31;1mScanning https://fenixfinancialsolutions.com...[0m
214[34;1m_________________ SITE INFO _________________[0m
215[32mIP Title [0m
216[m182.50.132.242 Fenix Financial Solutions [0m
217[34;1m [0m
218[34;1m__________________ VERSION __________________[0m
219[32mName Versions Type [0m
220[mdps 1.7.0 Platform [0m
221[34;1m [0m
222[34;1m_____________________________________________[0m
223[mTime: 2.6 sec Urls: 600 Fingerprints: 40401[0m
224[92m====================================================================================[0m•x[92m[2020-01-25](19:06)[0mx•
225[91m GATHERING WEB FINGERPRINT [0m
226[92m====================================================================================[0m•x[92m[2020-01-25](19:06)[0mx•
227 Polyfill
228 Server: DPS/1.7.0
229 X-SiteId: 3000
230[92m====================================================================================[0m•x[92m[2020-01-25](19:06)[0mx•
231[91m SCANNING FOR VIRTUAL HOSTS [0m
232[92m====================================================================================[0m•x[92m[2020-01-25](19:06)[0mx•
233===============================================================
234Gobuster v3.0.1
235by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
236===============================================================
237[+] Url: http://fenixfinancialsolutions.com
238[+] Threads: 10
239[+] Wordlist: /usr/share/sniper/wordlists/vhosts.txt
240[+] User Agent: gobuster/3.0.1
241[+] Timeout: 10s
242===============================================================
2432020/01/25 19:06:02 Starting gobuster
244===============================================================
245===============================================================
2462020/01/25 19:06:02 Finished
247===============================================================
248[92m====================================================================================[0m•x[92m[2020-01-25](19:06)[0mx•
249[91m RUNNING NMAP HTTP SCRIPTS [0m
250[92m====================================================================================[0m•x[92m[2020-01-25](19:06)[0mx•
251Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-25 19:06 UTC
252NSE: Loaded 162 scripts for scanning.
253NSE: Script Pre-scanning.
254Initiating NSE at 19:06
255Completed NSE at 19:06, 0.00s elapsed
256Initiating NSE at 19:06
257Completed NSE at 19:06, 0.00s elapsed
258Initiating Parallel DNS resolution of 1 host. at 19:06
259Completed Parallel DNS resolution of 1 host. at 19:06, 0.00s elapsed
260Initiating SYN Stealth Scan at 19:06
261Scanning fenixfinancialsolutions.com (182.50.132.242) [1 port]
262Discovered open port 80/tcp on 182.50.132.242
263Completed SYN Stealth Scan at 19:06, 0.01s elapsed (1 total ports)
264Initiating Service scan at 19:06
265Scanning 1 service on fenixfinancialsolutions.com (182.50.132.242)
266Completed Service scan at 19:06, 6.01s elapsed (1 service on 1 host)
267Initiating OS detection (try #1) against fenixfinancialsolutions.com (182.50.132.242)
268Retrying OS detection (try #2) against fenixfinancialsolutions.com (182.50.132.242)
269Initiating Traceroute at 19:06
270Completed Traceroute at 19:06, 3.01s elapsed
271Initiating Parallel DNS resolution of 7 hosts. at 19:06
272Completed Parallel DNS resolution of 7 hosts. at 19:06, 4.00s elapsed
273NSE: Script scanning 182.50.132.242.
274Initiating NSE at 19:06
275Completed NSE at 19:07, 39.41s elapsed
276Initiating NSE at 19:07
277Completed NSE at 19:07, 0.04s elapsed
278Nmap scan report for fenixfinancialsolutions.com (182.50.132.242)
279Host is up (0.0020s latency).
280rDNS record for 182.50.132.242: ip-182-50-132-242.ip.secureserver.net
281
282PORT STATE SERVICE VERSION
28380/tcp open http Samsung AllShare httpd
284| http-brute:
285|_ Path "/" does not require authentication
286|_http-chrono: Request times for /; avg: 159.55ms; min: 154.27ms; max: 168.68ms
287|_http-csrf: Couldn't find any CSRF vulnerabilities.
288|_http-date: Sat, 25 Jan 2020 19:06:27 GMT; -1s from local time.
289|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
290|_http-dombased-xss: Couldn't find any DOM based XSS.
291|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
292|_http-errors: Couldn't find any error pages.
293|_http-feed: Couldn't find any feeds.
294|_http-fetch: Please enter the complete path of the directory to save data in.
295| http-headers:
296| location: https://fenixfinancialsolutions.com/
297| Vary: Accept-Encoding
298| Server: DPS/1.7.0
299| X-SiteId: 3000
300| Set-Cookie: dps_site_id=3000; path=/
301| ETag: 188fe404b1d9710f4b866fa1eb6503e6
302| Date: Sat, 25 Jan 2020 19:06:29 GMT
303| Connection: close
304| Transfer-Encoding: chunked
305|
306|_ (Request type: GET)
307|_http-jsonp-detection: Couldn't find any JSONP endpoints.
308| http-methods:
309|_ Supported Methods: GET HEAD POST OPTIONS
310|_http-mobileversion-checker: No mobile version detected.
311|_http-passwd: ERROR: Script execution failed (use -d to debug)
312|_http-security-headers:
313|_http-server-header: DPS/1.7.0
314| http-sitemap-generator:
315| Directory structure:
316| Longest directory structure:
317| Depth: 0
318| Dir: /
319| Total files found (by extension):
320|_
321|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
322|_http-title: Did not follow redirect to https://fenixfinancialsolutions.com/
323| http-vhosts:
324| mail.com : 301 -> https://mail.com/
325|_126 names had status 404
326|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
327|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
328|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
329|_http-xssed: No previously reported XSS vuln.
330| vulscan: VulDB - https://vuldb.com:
331| [141719] Samsung Device SIMalliance Toolbox Browser SMS Message information disclosure
332| [136176] Samsung GALAXY Apps up to 4.4.01 Signature Validation SSL Certificate Code Execution
333| [135896] Samsung Galaxy S9 up to 1.4.20 GameServiceReceiver Update Code Execution memory corruption
334| [135895] Samsung Galaxy S9 Captive Portal Code Execution memory corruption
335| [135894] Samsung Galaxy S9 ASN.1 Parser Heap-based memory corruption
336| [135557] Samsung SCX-824 swsAlert.sws Parameter cross site scripting
337| [132053] Samsung X7400GX Syncthru V6.A6.25 V11.01.05.25_08-21-2015 Web Service loginView.sws Parameter cross site scripting
338| [132052] Samsung X7400GX Syncthru V6.A6.25 V11.01.05.25_08-21-2015 Web Service networkinformationView.sws Application cross site scripting
339| [132051] Samsung X7400GX Syncthru V6.A6.25 V11.01.05.25_08-21-2015 Web Service /sws/leftmenu.sws Parameter cross site scripting
340| [132050] Samsung X7400GX Syncthru V6.A6.25 V11.01.05.25_08-21-2015 /sws/swsAlert.sws Parameter cross site scripting
341| [131870] Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 bcmdhd4358 Wi-Fi Driver prot_get_ring_space memory corruption
342| [128021] Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 bcmdhd4358 Wi-Fi Driver dhd_pcie.c dhd_bus_flow_ring_create_response memory corruption
343| [128020] Samsung Galaxy S6 bcmdhd4358 Wi-Fi Driver dhd_pcie.c dhd_bus_flow_ring_flush_response memory corruption
344| [128019] Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 bcmdhd4358 Wi-Fi Driver dhd_pcie.c dhd_bus_flow_ring_delete_response memory corruption
345| [128018] Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 Wi-Fi Driver dhd_msgbuf.c dhd_prot_txdata_write_flush denial of service
346| [128017] Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 bcmdhd4358 Wi-Fi Driver dhd_linux.c dhd_rx_frame memory corruption
347| [127726] LibRaw up to 0.18.8 dcraw_common.cpp samsung_load_raw() memory corruption
348| [124772] Samsung SCX-6545X 2.00.03.01 SNMP Service SNMP Request Cleartext information disclosure
349| [124428] Samsung Galaxy S8 G950FXXU1AQL5 IPCP Header Stack-based memory corruption
350| [124425] Samsung Members Intent privilege escalation
351| [124418] Samsung Internet Browser Object privilege escalation
352| [124392] Samsung SmartThings Hub Video-Core HTTP Server HTTP Request Stack-based memory corruption
353| [124391] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core HTTP Server /cameras/XXXX/clips memory corruption
354| [124390] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core HTTP Server memory corruption
355| [124389] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core HTTP Server memory corruption
356| [124388] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core HTTP Server memory corruption
357| [124387] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core HTTP Server memory corruption
358| [124323] Samsung SmartThings Hub STH-ETH-250 0.20.17 WifiScan memory corruption
359| [124322] Samsung SmartThings Hub STH-ETH-250 0.20.17 WifiScan memory corruption
360| [123822] Samsung SmartThings Hub STH-ETH-250 0.20.17 Credentials Stack-based memory corruption
361| [123813] Samsung SmartThings Hub 0.20.17 Video-Core Process /cameras/XXXX/clips memory corruption
362| [123812] Samsung SmartThings Hub 0.20.17 Video-Core Process /cameras/XXXX/clips memory corruption
363| [123346] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Requests privilege escalation
364| [123345] Samsung SmartThings Hub STH-ETH-250 0.20.17 /cameras/XXXX/clips memory corruption
365| [123294] Samsung SmartThings Hub STH-ETH-250 0.20.17 hubCore information disclosure
366| [123293] Samsung SmartThings Hub STH-ETH-250 0.20.17 hubCore Process HTTP Request denial of service
367| [123292] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Request Stack-based memory corruption
368| [123291] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process /cameras/XXXX/clips HTTP Request memory corruption
369| [123202] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Requests REST privilege escalation
370| [123201] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Requests JSON privilege escalation
371| [123195] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process Cookie Heap-based memory corruption
372| [123194] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Requests Stack-based memory corruption
373| [123193] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Request Stack-based memory corruption
374| [123192] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process Stack-based sql injection
375| [123191] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Request Header Injection privilege escalation
376| [123190] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Request Stack-based memory corruption
377| [123189] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Request Stack-based memory corruption
378| [123188] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Request Stack-based memory corruption
379| [123187] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Request Stack-based sql injection
380| [123186] Samsung SmartThings Hub STH-ETH-250 0.20.17 Credentials HTTP Requests JSON sql injection
381| [123185] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video Core Stack-based memory corruption
382| [123184] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video Core HTTP Request Stack-based memory corruption
383| [123183] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video Core HTTP Requests Stack-based memory corruption
384| [123182] Samsung SmartThings Hub STH-ETH-250 0.20.17 samsungWifiScan JSON Stack-based memory corruption
385| [123181] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Request Stack-based memory corruption
386| [123180] Samsung SmartThings Hub STH-ETH-250 0.20.17 URL Space command injection
387| [122598] Samsung Syncthru Web Service 4.05.61 printReportSetupView.sws cross site request forgery
388| [122594] Samsung Syncthru Web Service 4.05.61 Parameter cross site scripting
389| [119556] Samsung DVR Web Viewer webviewer_login_page cross site scripting
390| [118345] Samsung S7 Edge OMACP WAP Push Message Integer Overflow memory corruption
391| [115289] Samsung Mobile Device M(6.0)/N(7.x) sensorhub binder Service Heap-based memory corruption
392| [115288] Samsung Mobile Device N(7.x) APK privilege escalation
393| [115287] Samsung Mobile Device L(5.x)/M(6.0)/N(7.x) Gallery BMP File memory corruption
394| [115286] Samsung Mobile Device M(6.0) Email Application cross site scripting
395| [115285] Samsung Mobile Device N(7.x) Frame Size Code Execution memory corruption
396| [114128] Samsung Display Solutions App up to 3.01 on Android B2B Content Man-in-the-Middle weak encryption
397| [113616] Knox SDS IAM/SDS EMM 16.11 on Samsung Mobile weak encryption
398| [112195] Samsung Gear Bluetooth weak authentication
399| [111380] Samsung Mobile Devices N Exynos Chipset Stack-based memory corruption
400| [111034] Samsung S6 Edge SecEmailComposer/EmailComposer Crafted Application information disclosure
401| [111060] Samsung Internet Browser 6.2.01.12 IFRAME Cross-Origin privilege escalation
402| [110950] Samsung Internet Browser Same-Origin Policy privilege escalation
403| [109165] Samsung SRN-1670D Web Viewer network_ssl_upload.php privilege escalation
404| [107581] Intel Puma 5/6/7 on Samsung Packet denial of service
405| [106347] Samsung NVR cgi-bin/main-cgi JSON Data information disclosure
406| [105699] Samsung S4 GT-I9500 up to 3.4 samsung_extdisp Driver memory corruption
407| [105698] Samsung S4 GT-I9500 up to 3.4 samsung_extdisp Driver information disclosure
408| [102728] Samsung Magician 5.0 TLS Certificate weak encryption
409| [102047] Samsung S6 Edge WifiHs20UtilityService directory traversal
410| [101886] Samsung SyncThru 6 upload/updateDriver Parameter directory traversal
411| [99817] Samsung Galaxy S6 SecEmailSync sql injection
412| [99586] Samsung Galaxy S6 SecEmailUI HTML Email cross site scripting
413| [98938] Samsung Account up to 1.6/2.1 weak encryption
414| [98937] Samsung GALAXY Apps weak encryption
415| [98471] Samsung Phone 6.0/7.0 GPU Driver mali_kbase_core_linux.c kbase_dispatch Out-of-Bounds unknown vulnerability
416| [96306] Samsung Exynos fimg2d Driver on Android NULL Pointer Dereference denial of service
417| [95522] Samsung Exynos fimg2d Driver on Android Use-After-Free memory corruption
418| [95507] Samsung Note 5.0/5.1/6.0 SmartCall Activity Crash denial of service
419| [95506] Samsung Note 5.0/5.1/6.0 SpamCall Activity Crash denial of service
420| [95209] Samsung Note 4.4/5.0/5.1/6.0 VR Service Thread Crash denial of service
421| [95208] Samsung Note 5.0/5.1/6.0/7.0 SystemUI Crash denial of service
422| [95104] Samsung Mobile Phone 4.4/5.0/5.1/6.0 Application Installation std::bad_alloc denial of service
423| [94663] Samsung Galaxy S6 Edge Notification Listener information disclosure
424| [94604] Samsung DVR Web Viewer Cookie weak encryption
425| [94552] Samsung Note 5.0/5.1/6.0/7.0 Telecom memory corruption
426| [94551] Samsung Note 5.0/5.1/6.0/7.0 Telecom memory corruption
427| [94550] Samsung Note 5.0/5.1/6.0/7.0 Telecom memory corruption
428| [93581] Samsung Note 4.4/5.0/5.1 SystemUI Integer denial of service
429| [93303] Samsung Mobile L(5.0/5.1)/M(6.0) fimg2d Driver NULL Pointer Dereference memory corruption
430| [93199] Samsung Galaxy S4/S5/S6/S7 OMACP Message Config privilege escalation
431| [93198] Samsung Galaxy S4/S5/S6/S7 OMACP Message libomacp.so memory corruption
432| [93197] Samsung Galaxy S4/S5/S6/S7 OTA WAP PUSH SMS wifi-service.jar WifiServiceImpl denial of service
433| [93196] Samsung Galaxy S4/S5/S6/S7 BroadcastReceiver wifi-service.jar privilege escalation
434| [91709] Samsung Mobile Phone L(5.0/5.1)/M(6.0) SystemUI NULL Pointer Dereference denial of service
435| [80265] Samsung SRN-1670D Web Viewer XOR weak encryption
436| [80264] Samsung SRN-1670D Web Viewer Credentials information disclosure
437| [80263] Samsung SRN-1670D Web Viewer File information disclosure
438| [79057] Samsung Galaxy S6 JPEG Image memory corruption
439| [79056] Samsung Galaxy S6 GIF Image Crash denial of service
440| [79053] Samsung Galaxy S6 Bitmap Out-of-Bounds denial of service
441| [78999] Samsung SmartViewer CNC_Ctrl Control rtsp_getdlsendtime memory corruption
442| [78998] Samsung SmartViewer DVRSetupSave/SendCustomPacket memory corruption
443| [76316] Samsung SBeam 15000 NFC Connection information disclosure
444| [76087] Samsung Galaxy S5 createFromParcel memory corruption
445| [76021] Swiftkey Keyboard on Samsung Galaxy Language Pack Update /data/dalvik-cache directory traversal
446| [75985] Samsung Galaxy S4/S5/S6 Swiftkey Keyboard+ Emoji Language Pack privilege escalation
447| [75176] Samsung Security Manager up to 1.30 HTTP Request privilege escalation
448| [74288] Samsung iPOLiS Device Manager 1.12.2 OCX ActiveX Control XnsSdkDeviceIpInstaller.ocx WriteConfigValue memory corruption
449| [74213] Samsung Samsung Security Manager up to 1.29 denial of service
450| [73144] Samsung SmartViewer ActiveX Control memory corruption
451| [73143] Samsung SmartViewer ActiveX Control Stack-Based memory corruption
452| [68234] Samsung Galaxy Ace 4/Note 3/S4/S5 KNOX memory corruption
453| [68531] Samsung Mobile Devices Remote Control Feature denial of service
454| [70020] Samsung iPOLiS Device Manager up to 1.8.1 ActiveX Control memory corruption
455| [69949] Samsung iPOLiS Device Manager up to 1.8.1 ActiveX Control Stack-Based memory corruption
456| [12842] Samsung TV D7000 SSID Authentication weak authentication
457| [66860] Samsung Kies 2.5.0.12114 1 ActiveX Control SyncService.dll memory corruption
458| [12571] Samsung Nexus/Galaxy Modem libsec-ril.so RFS Command privilege escalation
459| [10120] Infraware Polaris Office/Viewer 4.0.3207.11 on Samsung Galaxy S3/S4 XML Validation denial of service
460| [64793] Samsung Smart Viewer unknown vulnerability
461| [64792] Samsung Smart Viewer Web View Cleartext information disclosure
462| [9717] Samsung PS50C7700 HTTP Request denial of service
463| [9148] Samsung IP Camera URL Validator cross site scripting
464| [7892] Samsung UE55ES6800 SOAPACTION denial of service
465| [63280] Samsung SamsungDive Subsystem unknown vulnerability
466| [63277] Samsung SamsungDive Subsystem spoofing
467| [7175] Google Android on Samsung Exynos 4210/4412 Privileges /dev/exynos-mem privilege escalation
468| [7168] Samsung LED 3D Smart TV memory corruption
469| [63139] Samsung Kies Air 2.1.210161 Crash denial of service
470| [63138] Samsung Kies Air 2.1.210161 spoofing
471| [7027] Samsung Printer 20121030 SNMP Account NetWorkManager.class NetworkManager Community String weak authentication
472| [6630] Samsung Galaxy S S2/S3 NFC privilege escalation
473| [61785] Samsung KIES 2.3.2.12074 ActiveX Control MASetupCaller.dll unknown vulnerability
474| [61634] Samsung NET-i viewer 1.37.120316 denial of service
475| [61633] Samsung NET-i viewer 1.37.120316 ActiveX Control memory corruption
476| [61632] Samsung NET-i viewer 1.37.120316 ActiveX Control Stack-based memory corruption
477| [61562] Samsung NET-i viewer 1.37 OCX ActiveX Control XProcessControl.ocx RequestScreenOptimization memory corruption
478| [60919] Samsung Chromebox 3 unknown vulnerability
479| [5259] Samsung TV MAC Address memory corruption
480| [5258] Samsung TV Controller Packet denial of service
481| [57396] Samsung Data Management Server up to 1.4.1 Authentication Form sql injection
482| [44300] Samsung DVR SHR2040 B3.03e-k1.53-v2.19 0705281908 Crash denial of service
483|
484| MITRE CVE - https://cve.mitre.org:
485| [CVE-2013-4890] The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600.
486| [CVE-2013-2310] SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi routers, SoftBank Android smartphones with the Wi-Fi application before 1.7.1, SoftBank Windows Mobile smartphones with the WISPrClient application before 1.3.1, SoftBank Disney Mobile Android smartphones with the Wi-Fi application before 1.7.1, and WILLCOM Android smartphones with the Wi-Fi application before 1.7.1, does not properly connect to access points, which allows remote attackers to obtain sensitive information by leveraging access to an 802.11 network.
487| [CVE-2012-6422] The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.
488| [CVE-2012-6337] The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data.
489| [CVE-2012-6334] The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
490| [CVE-2012-5859] Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to cause a denial of service (crash) via a crafted request to www/apps/KiesAir/jws/ssd.php.
491| [CVE-2012-5858] Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address.
492| [CVE-2012-4964] The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request.
493| [CVE-2012-4335] Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. NOTE: some of these details are obtained from third party information.
494| [CVE-2012-4334] The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.
495| [CVE-2012-4333] Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information.
496| [CVE-2012-4330] The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow.
497| [CVE-2012-4329] The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name.
498| [CVE-2012-4250] Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument.
499| [CVE-2012-4050] Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors.
500| [CVE-2012-2990] The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted HTML document.
501| [CVE-2012-2980] The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages.
502| [CVE-2012-2864] Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow."
503| [CVE-2012-2619] The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.
504| [CVE-2012-1418] Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
505| [CVE-2012-0695] Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
506| [CVE-2011-4719] Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
507| [CVE-2011-4548] Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
508| [CVE-2011-3421] Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
509| [CVE-2011-3420] Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
510| [CVE-2010-4284] SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
511| [CVE-2008-4380] The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters.
512| [CVE-2007-3931] The wrap_setuid_third_party_application function in the installation script for the Samsung SCX-4200 Driver 2.00.95 adds setuid permissions to third party applications such as xsane and xscanimage, which allows local users to gain privileges.
513| [CVE-2007-3445] Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351.
514| [CVE-2005-0865] Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) root, (2) admin, or (3) user users, which allows remote attackers to gain privileges via Telnet or an HTTP request to adsl.cgi.
515| [CVE-2005-0864] The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request.
516| [CVE-2004-1970] Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message.
517| [CVE-2001-1177] ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
518|
519| SecurityFocus - https://www.securityfocus.com/bid/:
520| [54055] Samsung AllShare 'Content-Length' HTTP Header Remote Denial Of Service Vulnerability
521| [102336] Samsung/Seagate Self-Encrypting Drive Protection CVE-2015-7267 Local Security Bypass Vulnerability
522| [102334] Samsung/Seagate Self-Encrypting Drives Protection CVE-2015-7268 Local Security Bypass Vulnerability
523| [99081] Samsung Magician CVE-2017-3218 Remote Code Execution Vulnerability
524| [97703] Multiple Samsung Galaxy Products CVE-2016-4031 Security Bypass Vulnerability
525| [97701] Multiple Samsung Galaxy Products CVE-2016-4030 Security Bypass Vulnerability
526| [97658] Samsung SecEmailSync CVE-2016-2565 Information Disclosure Vulnerability
527| [97654] Samsung SecEmailSync CVE-2016-2566 SQL Injection Vulnerability
528| [97650] Multiple Samsung Galaxy Products CVE-2016-4032 Security Bypass Vulnerability
529| [97207] Samsung Account CVE-2015-0864 Information Disclosure Vulnerability
530| [96360] Multiple Samsung Android Mobile Devices CVE-2016-4547 Denial of Service Vulnerability
531| [96128] Multiple Samsung Android Mobile Devices InputMethod Application Denial of Service Vulnerability
532| [95674] Samsung CVE-2017-5538 Remote Memory Corruption Vulnerability
533| [95424] Multiple Samsung Android Mobile Devices CVE-2017-5350 Denial of Service Vulnerability
534| [95418] Multiple Samsung Android Mobile Devices CVE-2017-5351 Denial of Service Vulnerability
535| [95319] Multiple Samsung Android Mobile Phones CVE-2017-5217 Denial of Service Vulnerability
536| [95134] Multiple Samsung Devices 'OTP' Service Remote Heap Buffer Overflow Vulnerability
537| [95092] Multiple Samsung Galaxy Product Information Disclosure Vulnerability
538| [94955] Samsung Mobile Phones Multiple Denial of Service Vulnerabilities
539| [94494] Multiple Samsung Galaxy Product CVE-2016-9567 Security Bypass Vulnerability
540| [94292] Samsung Mobile Phones SystemUI CVE-2016-9277 Denial of Service Vulnerability
541| [94283] Samsung Mobile Phones Information Disclosure and Denial of Service Vulnerabilities
542| [94120] Samsung Mobile Phones CVE-2016-7160 Null Pointer Dereference Denial of Service Vulnerability
543| [94088] Multiple Samsung Galaxy Product CVE-2016-7991 Security Bypass Vulnerability
544| [94086] Multiple Samsung Galaxy Devices CVE-2016-7990 Integer Overflow Vulnerability
545| [94082] Multiple Samsung Galaxy Devices CVE-2016-7989 Denial of Service Vulnerability
546| [94081] Samsung Mobile Phones CVE-2016-7988 Denial of Service Vulnerability
547| [92539] Samsung Security Manager Multiple Remote Command Execution and Denial of Service Vulnerabilities
548| [92349] Samsung 'fimg2d' Driver Null Pointer Deference Local Denial of Service Vulnerability
549| [92330] Samsung Android Phone Multiple Privilege Escalation Vulnerabilities
550| [91191] Samsung SW Update Software Local Privilege Escalation Vulnerability
551| [90104] Samsung Mobile Phones 'IAndroidShm' Service Denial of Service Vulnerability
552| [90100] Samsung Mobile Phones 'TvoutService_C' Service Denial of Service Vulnerability
553| [86366] Samsung 'msm_sensor_config' Function CVE-2016-4038 Remote Memory Corruption Vulnerability
554| [86278] Samsung KNOX CVE-2016-3996 Information Disclosure Vulnerability
555| [84287] Samsung SW Update Tool Security Bypass Vulnerability
556| [84284] Samsung SW Update Tool Information Disclosure Vulnerability
557| [81063] Samsung KNOX CVE-2016-1920 Man in the Middle Information Disclosure Vulnerability
558| [81056] Samsung KNOX CVE-2016-1919 Weak Encryption Security Weakness
559| [80381] Samsung SRN-1670D Camera Multiple Security Vulnerabilities
560| [79675] Samsung SmartTV and Printers CVE-2015-5729 Weak Password Security Vulnerability
561| [77431] Samsung SecEmailUI CVE-2015-7893 Security Vulnerability
562| [77430] Samsung Galaxy S6 CVE-2015-7898 Denial of Service Vulnerability
563| [77429] Samsung Galaxy S6 CVE-2015-7895 Denial of Service Vulnerability
564| [77425] Samsung LibQjpeg CVE-2015-7896 Remote Memory Corruption Vulnerability
565| [77423] Samsung LibQjpeg CVE-2015-7894 Remote Memory Corruption Vulnerability
566| [77422] Samsung Galaxy S6 CVE-2015-7897 Memory Corruption Vulnerability
567| [77339] Samsung SecEmailComposer CVE-2015-7889 Local Privilege Escalation Vulnerability
568| [77338] Samsung Galaxy S6 CVE-2015-7888 Directory Traversal Vulnerability
569| [77337] Samsung m2m1shot Driver CVE-2015-7892 Local Buffer Overflow Vulnerability
570| [77336] Samsung Sieren Kernel Driver CVE-2015-7890 Local Buffer Overflow Vulnerability
571| [77335] Samsung Fimg2d CVE-2015-7891 Local Race Condition Security Bypass Vulnerability
572| [77084] Samsung SmartViewer 'CNC_Ctrl' ActiveX Control Remote Code Execution Vulnerability
573| [77083] RETIRED: Samsung SmartViewer 'SendCustomPacket' Method Remote Code Execution Vulnerability
574| [77079] Samsung SmartViewer CVE-2015-8039 Multiple Remote Code Execution Vulnerabilities
575| [76946] Samsung XNS ActiveX SDK ActiveX Control Multiple Remote Code Execution Vulnerabilities
576| [76807] Samsung S4 GT-I9500 Memory Corruption and Information Disclosure Vulnerabilities
577| [75912] Samsung SyncThru CVE-2015-5473 Multiple Directory Traversal Vulnerabilities
578| [75404] Samsung SBeam CVE-2015-4033 Information Disclosure Vulnerability
579| [75403] Samsung Galaxy S5 CVE-2015-4034 Remote Code Execution Vulnerability
580| [75229] RETIRED: Samsung Galaxy S Phones CVE-2015-2865 Man in The Middle Security Bypass Vulnerability
581| [74877] Samsung iPOLiS Device Manager ActiveX Control CVE-2015-0555 Multiple Buffer Overflow Vulnerabilities
582| [74400] Samsung Security Manager ActiveMQ Broker Service Multiple Remote Code Execution Vulnerabilities
583| [72598] Samsung Security Manager CVE-2015-1499 Security Bypass Vulnerability
584| [71489] Samsung SmartViewer 'STWConfig' ActiveX Remote Code Execution Vulnerability
585| [71486] Samsung SmartViewer 'CNC_Ctrl' ActiveX Stack Buffer Overflow Vulnerability
586| [71148] Multiple Samsung Galaxy Devices KNOX Arbitrary Code Execution Vulnerability
587| [67823] Samsung iPOLiS Device Manager 'FindConfigChildeKeyList()' Method Stack Buffer Overflow Vulnerability
588| [67822] Samsung iPOLiS Device Manager ActiveX Control Multiple Remote Code Execution Vulnerabilities
589| [66192] Samsung Proprietary Android Backdoor Unauthorized Access Vulnerability
590| [63726] Samsung Galaxy S4 Unspecified Security Vulnerability
591| [61942] Samsung DVR CVE-2013-3585 Information Disclosure Vulnerability
592| [61938] Samsung DVR CVE-2013-3586 Cookie Authentication Bypass Vulnerability
593| [61881] Samsung DVR Multiple Access Bypass Vulnerabilities
594| [61391] Samsung PS50C7700 3D Plasma-TV CVE-2013-4890 Denial of Service Vulnerability
595| [61281] Samsung Galaxy S3 And S4 CVE-2013-4764 Local Security Bypass Vulnerability
596| [61280] Samsung Galaxy S3 And S4 CVE-2013-4763 Local Security Bypass Vulnerability
597| [60756] Samsung Galaxy S4 SMS Spoofing Vulnerability
598| [60527] Samsung SHR-5162 and SHR-5082 CVE-2013-3964 Unspecified Cross Site Scripting Vulnerability
599| [58320] Samsung TV 'SOAPACTION' Denial of Service Vulnerability
600| [58312] Samsung Galaxy S3 Full Lock Screen Security Bypass Vulnerability
601| [58123] Samsung Galaxy S3 Screen Lock Security Bypass Vulnerability
602| [57249] Samsung Kies CVE-2012-6429 Remote Buffer Overflow Vulnerability
603| [57131] SamsungDive for Android CVE-2012-6337 Spoofing Vulnerability
604| [57127] SamsungDive for Android CVE-2012-6334 Spoofing Vulnerability
605| [56955] Samsung SmartPhones Local Privilege Escalation Vulnerability
606| [56692] Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability
607| [56560] Samsung Kies Air Denial of Service and Security Bypass Vulnerabilities
608| [55936] Samsung Kies Multiple Security Vulnerabilities
609| [55053] Samsung Galaxy S2 Epic 4G Touch Multiple Insecure Temporary File Creation Vulnerabilities
610| [55047] Multiple Samsung and HTC Devices Information Disclosure Vulnerability
611| [53317] Samsung NET-i Viewer 'msls31.dll' ActiveX Buffer Overflow Vulnerability
612| [53193] Samsung NET-i ware Multiple Remote Vulnerabilities
613| [53161] Samsung TV and BD Products Multiple Denial Of Service Vulnerabilities
614| [50682] Samsung Omnia 7 'RapidConfig.exe' XML Provision Remote Code Execution Vulnerability
615| [47746] Samsung Integrated Management System DMS SQL Injection Vulnerability
616| [34705] Multiple Samsung Devices SMS Provisioning Messages Authentication Bypass Vulnerability
617| [31047] Samsung DVR SHR-2040 HTTPD Denial of Service Vulnerability
618| [24953] Samsung Linux Printer Driver SetUID Script Local Privilege Escalation Vulnerability
619| [16517] Samsung E730 Phone Remote Denial of Service Vulnerability
620| [12864] Samsung DSL Modem Multiple Remote Vulnerabilities
621| [10219] Samsung SmartEther Switch Firmware Authentication Bypass Vulnerability
622| [3008] Samsung ml85p Printer Utility Insecure Temporary File Creation Vulnerability
623|
624| IBM X-Force - https://exchange.xforce.ibmcloud.com:
625| [85904] Samsung PS50C7700 TV denial of service
626| [85190] Samsung Galaxy S4 spoofing
627| [84925] Samsung SHR Series IP cameras unspecified cross-site scripting
628| [82662] Samsung TV SOAPACTION denial of service
629| [82602] Samsung Galaxy S III Lock Screen security bypass
630| [82352] Samsung Galaxy S III Passcode Lock security bypass
631| [80926] Samsung Galaxy security bypass
632| [80923] Samsung Galaxy SamsungDive information disclosure
633| [80886] Samsung SmartPhones privilege escalation
634| [80709] Samsung Galaxy S2 kernel privilege escalation
635| [80336] Samsung printers backdoor
636| [80092] Samsung Kies Air security bypass
637| [80091] Samsung Kies Air GET denial of service
638| [79445] Samsung Kies ActiveX Control registry key security bypass
639| [79443] Samsung Kies ActiveX Control security bypass
640| [79284] Samsung Kies ActiveX Control CmdAgentLib() security bypass
641| [79283] Samsung Kies ActiveX CmdAgent.dll code execution
642| [79268] Samsung Kies Samsung.Device Service ActiveX control denial of service
643| [79193] Samsung Galaxy S III sandbox privilege escalation
644| [79192] Samsung Galaxy S III document viewer code execution
645| [78904] Samsung Galaxy S III USSD denial of service
646| [77811] Samsung Galaxy S2 Epic 4G Touch symlink
647| [76396] AllShare libpin3_dll.dll denial of service
648| [75310] Samsung NET-i viewer ActiveX control buffer overflow
649| [75070] Samsung NET-i ware ActiveX control buffer overflow
650| [75069] Samsung NET-i ware ActiveX control code execution
651| [75066] Samsung NET-i ware Master and Storage denial of service
652| [74928] Multiple Samsung TV and BD products string denial of service
653| [74927] Multiple Samsung TV and BD products controller packet denial of service
654| [71316] Samsung Omnia 7 RapiConfig.exe code execution
655| [67315] Samsung Integrated Management System DMS authentication form SQL Injection
656| [50110] Samsung SMS messages authentication bypass
657| [44995] Samsung DVR SHR2040 Web interface denial of service
658| [35502] Samsung SCX-4200 driver installation script privilege escalation
659| [19927] Samsung default accounts and passwords allow unauthorized access
660| [19925] Samsung ADSL Router information disclosure
661| [15973] Samsung SmartEther allows administrative access
662| [6845] Samsung ML-85G printer driver /tmp symlink
663|
664| Exploit-DB - https://www.exploit-db.com:
665| [19289] Samsung AllShare 2.1.1.0 NULL Pointer Deference
666| [27753] Samsung DVR Firmware 1.10 - Authentication Bypass
667| [27043] Samsung PS50C7700 TV - Denial of Service
668| [22007] Samsung Kies 2.3.2.12054_20 - Multiple Vulnerabilities
669| [21001] Samsung ml85p Printer Driver 1.0 Insecure Temporary File Creation Vulnerability (3)
670| [21000] Samsung ml85p Printer Driver 1.0 Insecure Temporary File Creation Vulnerability (2)
671| [20999] Samsung ml85p Printer Driver 1.0 Insecure Temporary File Creation Vulnerability (1)
672| [19027] Samsung NET-i viewer Multiple ActiveX BackupToAvi() Remote Overflow
673| [18808] SAMSUNG NET-i Viewer 1.37 SEH Overwrite
674| [18765] samsung net-i ware <= 1.37 - Multiple Vulnerabilities
675| [18751] Samsung D6000 TV Multiple Vulnerabilities
676| [6394] Samsung DVR SHR2040 HTTPD Remote Denial of Service DoS PoC
677|
678| OpenVAS (Nessus) - http://www.openvas.org:
679| [902935] Samsung Printer SNMP Hardcoded Community String Authentication Bypass Vulnerability
680|
681| SecurityTracker - https://www.securitytracker.com:
682| [1028821] Samsung PS50C7700 TV Web Server Processing Flaw Lets Remote Users Deny Service
683| [1027894] Samsung Phone '/dev/exynos-mem' Lets Local Users Gain Root Privileges
684| [1027819] Samsung Printers Hardcoded Password Lets Remote Users Gain Administrative Access
685| [1027571] Samsung Galaxy Phones Android Dialer Lets Remote Users Deny Service
686| [1026976] Samsung TV Bug in Remote Control Feature Lets Remote Users Deny Service
687| [1025508] Samsung Data Management Server Input Validation Flaw Lets Remote Users Inject SQL Commands
688| [1013615] Samsung ADSL Router Discloses Files to Remote Users and May Grant Root Access Via Common Default Passwords
689| [1009947] Samsung SmartEther Authentication Failure Lets Remote Users Gain Administrative Access
690| [1002019] Samsung ML-85G Printer Driver Allows Local Users to Obtain Root Level Access on the Host
691|
692| OSVDB - http://www.osvdb.org:
693| [83012] Samsung AllShare libpin3_dll.dll Content-Length HTTP Header Parsing NULL Pointer Dereference Remote DoS
694| [95574] Samsung PS50C7700 TV Crafted HTTP GET Request Handling Remote DoS
695| [95437] Samsung Galaxy S3/S4 sCloudBackupProvider.apk SMS Content Injection
696| [95436] Samsung Galaxy S3/S4 sCloudBackupProvider.apk SMS Message Restoration Disclosure
697| [94520] Samsung Galaxy S4 Cloud Backup Function SMS Spoofing Weakness
698| [94223] Samsung Multiple IP Camera URI XSS
699| [91499] Google Android on Samsung Multiple Unspecified Information Disclosure
700| [91498] Google Android on Samsung Multiple Unspecified DoS
701| [91497] Google Android on Samsung Multiple Unspecified Phone Setting Manipulation Issues
702| [91496] Google Android on Samsung Unspecified Phone Action Hijacking Issue
703| [91495] Google Android on Samsung Unspecified Unprivileged Arbitrary SMS Message Sending
704| [91494] Google Android on Samsung Unspecified Privileged Application Installation (Issue 2)
705| [91493] Google Android on Samsung Unspecified Privileged Application Installation (Issue 1)
706| [90918] Samsung TV UE55ES6800 Malformed SOAPACTION Handling Remote Overflow DoS
707| [90581] Samsung Galaxy S3 Emergency Contacts / S-Voice PIN Lock Bypass
708| [89118] Samsung Kies SyncService.dll ActiveX PrepareSync() Method Buffer Overflow
709| [88885] SamsungDive for Android Track My Mobile Function Location API Spoofing Weakness
710| [88882] SamsungDive for Android Track My Mobile Function Security Feature Disclosure Weakness
711| [88467] Samsung Galaxy Multiple Devices /dev/exynos-mem Local Privilege Escalation
712| [88379] Samsung LED 3D TV Unspecified Remote Command Execution
713| [87970] Samsung S3 Kies Air (com.samsung.swift.app.kiesair) /www/apps/KiesAir/jws/ssd.php Malformed Request Remote DoS
714| [87969] Samsung S3 Kies Air (com.samsung.swift.app.kiesair) Crafted Request Remote Session Hijack
715| [87872] Samsung Multiple Printers Hardcoded Admin Credentials
716| [86626] Samsung Galaxy S2 Multiple Application Information Disclosure
717| [86501] Samsung Kies CmdAgent.dll ICommandAgent Interface Multiple Method Remote Privilege Escalation
718| [86500] Samsung Kies Samsung.DeviceService.DCA.DeviceDataParagonATGM.1 ActiveX (DCAPARAGONGM.dll) GetDataTable() Method NULL-Pointer Dereference DoS
719| [86197] Samsung Galaxy S3 Unspecified Local Privilege Escalation
720| [86083] Samsung Galaxy S3 Near Field Communication (NFC) Memory Corruption
721| [84925] Samsung Galaxy S dmesg Buffer Touch Coordinate Application Handling Information Disclosure
722| [81222] Samsung Multiple Product MAC Address Field Parsing Remote Overflow DoS
723| [81221] Samsung Multiple Product Controller Packet String Field Parsing Remote DoS
724| [79398] Samsung DWCD Web Interface Default Password (Femtocell)
725| [77158] Samsung Omnia 7 RapiConfig.exe Traversal Provisioning XML File Execution
726| [72255] Samsung Data Management Server Default Hardcoded root Password
727| [72227] Samsung Data Management Server Unspecified SQL Injection
728| [64369] Samsung PC Studio for Mobile Phones fun_avcodec.dll Malformed AVI File Handling DoS
729| [54692] Samsung M8800 Innov8 / SGH-J750 Multiple Method SMS Provisioning Spoofing
730| [54690] Samsung G3210 Web Interface Default Password
731| [54689] Samsung G3210 rc.conf.tmp Cleartext ISP Password Local Disclosure
732| [54688] Samsung G3210 FTP-Server Default Credentials
733| [47976] Samsung DVR SHR2040 Web Interface Request Handling DoS
734| [45404] SJphone on Samsung SCH-i730 Phone Malformed SIP INVITE Message Remote Overflow DoS
735| [38214] Samsung SCX-4200 Driver Installation Script wrap_setuid_third_party_application Function Local Privilege Escalation
736| [16684] Samsung SmartEther Long Password Forced Authentication
737| [15023] Samsung ADSL Modem Multiple Default Accounts
738| [1898] Samsung ml85p Printer Utility Symlink Local Privilege Escalation
739|_
740Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
741Device type: general purpose
742Running (JUST GUESSING): Linux 4.X|3.X (87%)
743OS CPE: cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:3
744Aggressive OS guesses: Linux 4.4 (87%), Linux 3.10 - 4.11 (87%), Linux 3.16 - 4.6 (87%), Linux 3.2 - 4.9 (87%), Linux 4.10 (87%)
745No exact OS matches for host (test conditions non-ideal).
746Uptime guess: 0.009 days (since Sat Jan 25 18:54:07 2020)
747Network Distance: 9 hops
748TCP Sequence Prediction: Difficulty=264 (Good luck!)
749IP ID Sequence Generation: All zeros
750
751TRACEROUTE (using port 80/tcp)
752HOP RTT ADDRESS
7531 0.03 ms 172.18.0.1
7542 0.04 ms 172.17.0.1
7553 1.31 ms 72.14.235.61
7564 1.34 ms 74.125.242.38
7575 1.78 ms 26496.sgw.equinix.com (27.111.228.105)
7586 2.64 ms 148.72.204.1
7597 ... 8
7609 1.98 ms ip-182-50-132-242.ip.secureserver.net (182.50.132.242)
761
762NSE: Script Post-scanning.
763Initiating NSE at 19:07
764Completed NSE at 19:07, 0.00s elapsed
765Initiating NSE at 19:07
766Completed NSE at 19:07, 0.00s elapsed
767Read data files from: /usr/bin/../share/nmap
768OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
769Nmap done: 1 IP address (1 host up) scanned in 57.76 seconds
770 Raw packets sent: 83 (7.792KB) | Rcvd: 29 (1.912KB)
771[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
772[91m SAVING SCREENSHOTS [0m
773[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
774webscreenshot.py version 2.2.1
775
776[+] 1 URLs to be screenshot
777[+] 1 actual URLs screenshot
778[+] 0 error(s)
779[91m + -- --=[Port 110 closed... skipping.[0m
780[91m + -- --=[Port 111 closed... skipping.[0m
781[91m + -- --=[Port 123 closed... skipping.[0m
782[91m + -- --=[Port 135 closed... skipping.[0m
783[91m + -- --=[Port 137 closed... skipping.[0m
784[91m + -- --=[Port 139 closed... skipping.[0m
785[91m + -- --=[Port 161 closed... skipping.[0m
786[91m + -- --=[Port 162 closed... skipping.[0m
787[91m + -- --=[Port 264 closed... skipping.[0m
788[91m + -- --=[Port 389 closed... skipping.[0m
789[93m + -- --=[Port 443 opened... running tests...[0m
790[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
791[91m CHECKING HTTP HEADERS AND METHODS [0m
792[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
793HTTP/2 404
794content-type: text/html;charset=utf-8
795content-length: 964
796vary: Accept-Encoding
797server: DPS/1.7.0
798x-siteid: 3000
799set-cookie: dps_site_id=3000; path=/; secure
800date: Sat, 25 Jan 2020 19:07:02 GMT
801
802[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
803[91m DISPLAYING META GENERATOR TAGS [0m
804[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
805icon
806[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
807[91m DISPLAYING COMMENTS [0m
808[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
809[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
810[91m DISPLAYING SITE LINKS [0m
811[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
812text/css
813text/javascript
814[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
815[91m CHECKING FOR WAF [0m
816[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
817
818 [1;97m______
819 [1;97m/ \
820 [1;97m( W00f! )
821 [1;97m\ ____/
822 [1;97m,, [1;92m__ [1;93m404 Hack Not Found
823 [1;96m|`-.__ [1;92m/ / [1;91m __ __
824 [1;96m/" _/ [1;92m/_/ [1;91m\ \ / /
825 [1;94m*===* [1;92m/ [1;91m\ \_/ / [1;93m405 Not Allowed
826 [1;96m/ )__// [1;91m\ /
827 [1;96m/| / /---` [1;93m403 Forbidden
828 [1;96m\\/` \ | [1;91m/ _ \
829 [1;96m`\ /_\\_ [1;93m502 Bad Gateway [1;91m/ / \ \ [1;93m500 Internal Error
830 [1;96m`_____``-` [1;91m/_/ \_\
831
832 [1;96m~ WAFW00F : [1;94mv2.0.0 ~[1;97m
833 The Web Application Firewall Fingerprinting Toolkit
834 [0m
835[*] Checking https://fenixfinancialsolutions.com
836[+] Generic Detection results:
837[-] No WAF detected by the generic detection
838[~] Number of requests: 7
839
840[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
841[91m GATHERING HTTP INFO [0m
842[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
843[1m[34mhttps://fenixfinancialsolutions.com[0m [200 OK] [1m[37mCookies[0m[[37mdps_site_id[0m], [1m[37mCountry[0m[[37mSINGAPORE[0m][[1m[31mSG[0m], [1m[37mHTML5[0m, [1m[37mHTTPServer[0m[[1m[36mDPS/1.7.0[0m], [1m[37mIP[0m[[37m182.50.132.242[0m], [1m[37mMeta-Author[0m[[37mFenix Financial Solutions[0m], [1m[37mMetaGenerator[0m[[37mStarfield Technologies; Go Daddy Website Builder 8.0.0000[0m], [1m[37mOpen-Graph-Protocol[0m[[1m[32mwebsite[0m], [1m[37mScript[0m[[37mtext/javascript[0m], [1m[37mTitle[0m[[1m[33mFenix Financial Solutions[0m], [1m[37mUncommonHeaders[0m[[37mlink,content-security-policy,x-siteid[0m], [1m[37mWebsiteTonight[0m, [1m[37mX-UA-Compatible[0m[[37mIE=edge[0m]
844[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
845[91m GATHERING SERVER INFO [0m
846[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
847
848wig - WebApp Information Gatherer
849
850
851[31;1mScanning https://fenixfinancialsolutions.com...[0m
852[34;1m_________________ SITE INFO _________________[0m
853[32mIP Title [0m
854[m182.50.132.242 Fenix Financial Solutions [0m
855[34;1m [0m
856[34;1m__________________ VERSION __________________[0m
857[32mName Versions Type [0m
858[mdps 1.7.0 Platform [0m
859[34;1m [0m
860[34;1m_____________________________________________[0m
861[mTime: 2.6 sec Urls: 600 Fingerprints: 40401[0m
862[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
863[91m GATHERING WEB FINGERPRINT [0m
864[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
865 Polyfill
866 Server: DPS/1.7.0
867 X-SiteId: 3000
868[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
869[91m RUNNING NMAP HTTP SCRIPTS [0m
870[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
871Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-25 19:07 UTC
872NSE: Loaded 162 scripts for scanning.
873NSE: Script Pre-scanning.
874Initiating NSE at 19:07
875Completed NSE at 19:07, 0.00s elapsed
876Initiating NSE at 19:07
877Completed NSE at 19:07, 0.00s elapsed
878Initiating Parallel DNS resolution of 1 host. at 19:07
879Completed Parallel DNS resolution of 1 host. at 19:07, 0.00s elapsed
880Initiating SYN Stealth Scan at 19:07
881Scanning fenixfinancialsolutions.com (182.50.132.242) [1 port]
882Discovered open port 443/tcp on 182.50.132.242
883Completed SYN Stealth Scan at 19:07, 0.01s elapsed (1 total ports)
884Initiating Service scan at 19:07
885Scanning 1 service on fenixfinancialsolutions.com (182.50.132.242)
886Completed Service scan at 19:07, 12.03s elapsed (1 service on 1 host)
887Initiating OS detection (try #1) against fenixfinancialsolutions.com (182.50.132.242)
888Retrying OS detection (try #2) against fenixfinancialsolutions.com (182.50.132.242)
889Initiating Traceroute at 19:07
890Completed Traceroute at 19:07, 3.01s elapsed
891Initiating Parallel DNS resolution of 7 hosts. at 19:07
892Completed Parallel DNS resolution of 7 hosts. at 19:07, 0.00s elapsed
893NSE: Script scanning 182.50.132.242.
894Initiating NSE at 19:07
895Completed NSE at 19:07, 10.12s elapsed
896Initiating NSE at 19:07
897Completed NSE at 19:07, 0.05s elapsed
898Nmap scan report for fenixfinancialsolutions.com (182.50.132.242)
899Host is up (0.0020s latency).
900rDNS record for 182.50.132.242: ip-182-50-132-242.ip.secureserver.net
901
902PORT STATE SERVICE VERSION
903443/tcp open ssl/http Samsung AllShare httpd
904| http-brute:
905|_ Path "/" does not require authentication
906|_http-chrono: Request times for /; avg: 124.49ms; min: 48.89ms; max: 196.34ms
907|_http-csrf: Couldn't find any CSRF vulnerabilities.
908|_http-date: Sat, 25 Jan 2020 19:07:37 GMT; 0s from local time.
909|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
910|_http-dombased-xss: Couldn't find any DOM based XSS.
911|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
912|_http-errors: Couldn't find any error pages.
913|_http-feed: Couldn't find any feeds.
914|_http-fetch: Please enter the complete path of the directory to save data in.
915| http-fileupload-exploiter:
916|
917| Couldn't find a file-type field.
918|
919| Couldn't find a file-type field.
920|
921|_ Couldn't find a file-type field.
922|_http-generator: Starfield Technologies; Go Daddy Website Builder 8.0.0000
923| http-headers:
924| Link: <https://img1.wsimg.com/poly/v2/polyfill.min.js?unknown=polyfill&flags=gated&features=default%2Cfetch%2CArray.prototype.%40%40iterator%2CArray.prototype.find%2CArray.prototype.findIndex%2CFunction.name%2CNumber.isFinite%2CPromise%2CString.prototype.repeat%2CMath.sign%2CMath.trunc%2CArray.prototype.includes%2CObject.entries%2CObject.values%2CIntersectionObserver%2CIntl.~locale.en-US>; rel=preload; as=script; crossorigin,<//img1.wsimg.com/blobby/go/gpub/e645c3e6fe995b50/script.js>; rel=preload; as=script; crossorigin,<//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.3.55.6.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/zillaslab/v5/dFa5ZfeM_74wlPZtksIFYskZ6HOpXg.ttf>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v13/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18E.ttf>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v13/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDc.ttf>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v13/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18E.ttf>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v13/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdr.ttf>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v13/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7g.ttf>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/sourcesanspro/v13/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdr.ttf>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin
925| Cache-Control: max-age=30
926| Content-Security-Policy: frame-ancestors 'self'
927| Content-Type: text/html;charset=utf-8
928| Vary: Accept-Encoding
929| Content-Encoding: raw
930| Server: DPS/1.7.0
931| X-SiteId: 3000
932| Set-Cookie: dps_site_id=3000; path=/; secure
933| ETag: 188fe404b1d9710f4b866fa1eb6503e6
934| Date: Sat, 25 Jan 2020 19:07:38 GMT
935| Connection: close
936| Transfer-Encoding: chunked
937|
938|_ (Request type: GET)
939|_http-jsonp-detection: Couldn't find any JSONP endpoints.
940| http-methods:
941|_ Supported Methods: GET HEAD POST OPTIONS
942|_http-mobileversion-checker: No mobile version detected.
943| http-php-version: Logo query returned unknown hash b74afb4a3f5462f548c5a41cc2ba890b
944|_Credits query returned unknown hash b74afb4a3f5462f548c5a41cc2ba890b
945| http-security-headers:
946| Strict_Transport_Security:
947| HSTS not configured in HTTPS Server
948| Cookie:
949|_ Cookies are secured with Secure Flag in HTTPS Connection
950|_http-server-header: DPS/1.7.0
951| http-sitemap-generator:
952| Directory structure:
953| /
954| Other: 3
955| Longest directory structure:
956| Depth: 0
957| Dir: /
958| Total files found (by extension):
959|_ Other: 3
960|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
961|_http-title: Fenix Financial Solutions
962| http-vhosts:
963|_127 names had status 404
964|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
965|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
966|_http-xssed: No previously reported XSS vuln.
967| vulscan: VulDB - https://vuldb.com:
968| [141719] Samsung Device SIMalliance Toolbox Browser SMS Message information disclosure
969| [136176] Samsung GALAXY Apps up to 4.4.01 Signature Validation SSL Certificate Code Execution
970| [135896] Samsung Galaxy S9 up to 1.4.20 GameServiceReceiver Update Code Execution memory corruption
971| [135895] Samsung Galaxy S9 Captive Portal Code Execution memory corruption
972| [135894] Samsung Galaxy S9 ASN.1 Parser Heap-based memory corruption
973| [135557] Samsung SCX-824 swsAlert.sws Parameter cross site scripting
974| [132053] Samsung X7400GX Syncthru V6.A6.25 V11.01.05.25_08-21-2015 Web Service loginView.sws Parameter cross site scripting
975| [132052] Samsung X7400GX Syncthru V6.A6.25 V11.01.05.25_08-21-2015 Web Service networkinformationView.sws Application cross site scripting
976| [132051] Samsung X7400GX Syncthru V6.A6.25 V11.01.05.25_08-21-2015 Web Service /sws/leftmenu.sws Parameter cross site scripting
977| [132050] Samsung X7400GX Syncthru V6.A6.25 V11.01.05.25_08-21-2015 /sws/swsAlert.sws Parameter cross site scripting
978| [131870] Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 bcmdhd4358 Wi-Fi Driver prot_get_ring_space memory corruption
979| [128021] Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 bcmdhd4358 Wi-Fi Driver dhd_pcie.c dhd_bus_flow_ring_create_response memory corruption
980| [128020] Samsung Galaxy S6 bcmdhd4358 Wi-Fi Driver dhd_pcie.c dhd_bus_flow_ring_flush_response memory corruption
981| [128019] Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 bcmdhd4358 Wi-Fi Driver dhd_pcie.c dhd_bus_flow_ring_delete_response memory corruption
982| [128018] Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 Wi-Fi Driver dhd_msgbuf.c dhd_prot_txdata_write_flush denial of service
983| [128017] Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 bcmdhd4358 Wi-Fi Driver dhd_linux.c dhd_rx_frame memory corruption
984| [127726] LibRaw up to 0.18.8 dcraw_common.cpp samsung_load_raw() memory corruption
985| [124772] Samsung SCX-6545X 2.00.03.01 SNMP Service SNMP Request Cleartext information disclosure
986| [124428] Samsung Galaxy S8 G950FXXU1AQL5 IPCP Header Stack-based memory corruption
987| [124425] Samsung Members Intent privilege escalation
988| [124418] Samsung Internet Browser Object privilege escalation
989| [124392] Samsung SmartThings Hub Video-Core HTTP Server HTTP Request Stack-based memory corruption
990| [124391] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core HTTP Server /cameras/XXXX/clips memory corruption
991| [124390] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core HTTP Server memory corruption
992| [124389] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core HTTP Server memory corruption
993| [124388] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core HTTP Server memory corruption
994| [124387] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core HTTP Server memory corruption
995| [124323] Samsung SmartThings Hub STH-ETH-250 0.20.17 WifiScan memory corruption
996| [124322] Samsung SmartThings Hub STH-ETH-250 0.20.17 WifiScan memory corruption
997| [123822] Samsung SmartThings Hub STH-ETH-250 0.20.17 Credentials Stack-based memory corruption
998| [123813] Samsung SmartThings Hub 0.20.17 Video-Core Process /cameras/XXXX/clips memory corruption
999| [123812] Samsung SmartThings Hub 0.20.17 Video-Core Process /cameras/XXXX/clips memory corruption
1000| [123346] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Requests privilege escalation
1001| [123345] Samsung SmartThings Hub STH-ETH-250 0.20.17 /cameras/XXXX/clips memory corruption
1002| [123294] Samsung SmartThings Hub STH-ETH-250 0.20.17 hubCore information disclosure
1003| [123293] Samsung SmartThings Hub STH-ETH-250 0.20.17 hubCore Process HTTP Request denial of service
1004| [123292] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Request Stack-based memory corruption
1005| [123291] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process /cameras/XXXX/clips HTTP Request memory corruption
1006| [123202] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Requests REST privilege escalation
1007| [123201] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Requests JSON privilege escalation
1008| [123195] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process Cookie Heap-based memory corruption
1009| [123194] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Requests Stack-based memory corruption
1010| [123193] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Request Stack-based memory corruption
1011| [123192] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process Stack-based sql injection
1012| [123191] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Request Header Injection privilege escalation
1013| [123190] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Request Stack-based memory corruption
1014| [123189] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Request Stack-based memory corruption
1015| [123188] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Request Stack-based memory corruption
1016| [123187] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Request Stack-based sql injection
1017| [123186] Samsung SmartThings Hub STH-ETH-250 0.20.17 Credentials HTTP Requests JSON sql injection
1018| [123185] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video Core Stack-based memory corruption
1019| [123184] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video Core HTTP Request Stack-based memory corruption
1020| [123183] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video Core HTTP Requests Stack-based memory corruption
1021| [123182] Samsung SmartThings Hub STH-ETH-250 0.20.17 samsungWifiScan JSON Stack-based memory corruption
1022| [123181] Samsung SmartThings Hub STH-ETH-250 0.20.17 Video-Core Process HTTP Request Stack-based memory corruption
1023| [123180] Samsung SmartThings Hub STH-ETH-250 0.20.17 URL Space command injection
1024| [122598] Samsung Syncthru Web Service 4.05.61 printReportSetupView.sws cross site request forgery
1025| [122594] Samsung Syncthru Web Service 4.05.61 Parameter cross site scripting
1026| [119556] Samsung DVR Web Viewer webviewer_login_page cross site scripting
1027| [118345] Samsung S7 Edge OMACP WAP Push Message Integer Overflow memory corruption
1028| [115289] Samsung Mobile Device M(6.0)/N(7.x) sensorhub binder Service Heap-based memory corruption
1029| [115288] Samsung Mobile Device N(7.x) APK privilege escalation
1030| [115287] Samsung Mobile Device L(5.x)/M(6.0)/N(7.x) Gallery BMP File memory corruption
1031| [115286] Samsung Mobile Device M(6.0) Email Application cross site scripting
1032| [115285] Samsung Mobile Device N(7.x) Frame Size Code Execution memory corruption
1033| [114128] Samsung Display Solutions App up to 3.01 on Android B2B Content Man-in-the-Middle weak encryption
1034| [113616] Knox SDS IAM/SDS EMM 16.11 on Samsung Mobile weak encryption
1035| [112195] Samsung Gear Bluetooth weak authentication
1036| [111380] Samsung Mobile Devices N Exynos Chipset Stack-based memory corruption
1037| [111034] Samsung S6 Edge SecEmailComposer/EmailComposer Crafted Application information disclosure
1038| [111060] Samsung Internet Browser 6.2.01.12 IFRAME Cross-Origin privilege escalation
1039| [110950] Samsung Internet Browser Same-Origin Policy privilege escalation
1040| [109165] Samsung SRN-1670D Web Viewer network_ssl_upload.php privilege escalation
1041| [107581] Intel Puma 5/6/7 on Samsung Packet denial of service
1042| [106347] Samsung NVR cgi-bin/main-cgi JSON Data information disclosure
1043| [105699] Samsung S4 GT-I9500 up to 3.4 samsung_extdisp Driver memory corruption
1044| [105698] Samsung S4 GT-I9500 up to 3.4 samsung_extdisp Driver information disclosure
1045| [102728] Samsung Magician 5.0 TLS Certificate weak encryption
1046| [102047] Samsung S6 Edge WifiHs20UtilityService directory traversal
1047| [101886] Samsung SyncThru 6 upload/updateDriver Parameter directory traversal
1048| [99817] Samsung Galaxy S6 SecEmailSync sql injection
1049| [99586] Samsung Galaxy S6 SecEmailUI HTML Email cross site scripting
1050| [98938] Samsung Account up to 1.6/2.1 weak encryption
1051| [98937] Samsung GALAXY Apps weak encryption
1052| [98471] Samsung Phone 6.0/7.0 GPU Driver mali_kbase_core_linux.c kbase_dispatch Out-of-Bounds unknown vulnerability
1053| [96306] Samsung Exynos fimg2d Driver on Android NULL Pointer Dereference denial of service
1054| [95522] Samsung Exynos fimg2d Driver on Android Use-After-Free memory corruption
1055| [95507] Samsung Note 5.0/5.1/6.0 SmartCall Activity Crash denial of service
1056| [95506] Samsung Note 5.0/5.1/6.0 SpamCall Activity Crash denial of service
1057| [95209] Samsung Note 4.4/5.0/5.1/6.0 VR Service Thread Crash denial of service
1058| [95208] Samsung Note 5.0/5.1/6.0/7.0 SystemUI Crash denial of service
1059| [95104] Samsung Mobile Phone 4.4/5.0/5.1/6.0 Application Installation std::bad_alloc denial of service
1060| [94663] Samsung Galaxy S6 Edge Notification Listener information disclosure
1061| [94604] Samsung DVR Web Viewer Cookie weak encryption
1062| [94552] Samsung Note 5.0/5.1/6.0/7.0 Telecom memory corruption
1063| [94551] Samsung Note 5.0/5.1/6.0/7.0 Telecom memory corruption
1064| [94550] Samsung Note 5.0/5.1/6.0/7.0 Telecom memory corruption
1065| [93581] Samsung Note 4.4/5.0/5.1 SystemUI Integer denial of service
1066| [93303] Samsung Mobile L(5.0/5.1)/M(6.0) fimg2d Driver NULL Pointer Dereference memory corruption
1067| [93199] Samsung Galaxy S4/S5/S6/S7 OMACP Message Config privilege escalation
1068| [93198] Samsung Galaxy S4/S5/S6/S7 OMACP Message libomacp.so memory corruption
1069| [93197] Samsung Galaxy S4/S5/S6/S7 OTA WAP PUSH SMS wifi-service.jar WifiServiceImpl denial of service
1070| [93196] Samsung Galaxy S4/S5/S6/S7 BroadcastReceiver wifi-service.jar privilege escalation
1071| [91709] Samsung Mobile Phone L(5.0/5.1)/M(6.0) SystemUI NULL Pointer Dereference denial of service
1072| [80265] Samsung SRN-1670D Web Viewer XOR weak encryption
1073| [80264] Samsung SRN-1670D Web Viewer Credentials information disclosure
1074| [80263] Samsung SRN-1670D Web Viewer File information disclosure
1075| [79057] Samsung Galaxy S6 JPEG Image memory corruption
1076| [79056] Samsung Galaxy S6 GIF Image Crash denial of service
1077| [79053] Samsung Galaxy S6 Bitmap Out-of-Bounds denial of service
1078| [78999] Samsung SmartViewer CNC_Ctrl Control rtsp_getdlsendtime memory corruption
1079| [78998] Samsung SmartViewer DVRSetupSave/SendCustomPacket memory corruption
1080| [76316] Samsung SBeam 15000 NFC Connection information disclosure
1081| [76087] Samsung Galaxy S5 createFromParcel memory corruption
1082| [76021] Swiftkey Keyboard on Samsung Galaxy Language Pack Update /data/dalvik-cache directory traversal
1083| [75985] Samsung Galaxy S4/S5/S6 Swiftkey Keyboard+ Emoji Language Pack privilege escalation
1084| [75176] Samsung Security Manager up to 1.30 HTTP Request privilege escalation
1085| [74288] Samsung iPOLiS Device Manager 1.12.2 OCX ActiveX Control XnsSdkDeviceIpInstaller.ocx WriteConfigValue memory corruption
1086| [74213] Samsung Samsung Security Manager up to 1.29 denial of service
1087| [73144] Samsung SmartViewer ActiveX Control memory corruption
1088| [73143] Samsung SmartViewer ActiveX Control Stack-Based memory corruption
1089| [68234] Samsung Galaxy Ace 4/Note 3/S4/S5 KNOX memory corruption
1090| [68531] Samsung Mobile Devices Remote Control Feature denial of service
1091| [70020] Samsung iPOLiS Device Manager up to 1.8.1 ActiveX Control memory corruption
1092| [69949] Samsung iPOLiS Device Manager up to 1.8.1 ActiveX Control Stack-Based memory corruption
1093| [12842] Samsung TV D7000 SSID Authentication weak authentication
1094| [66860] Samsung Kies 2.5.0.12114 1 ActiveX Control SyncService.dll memory corruption
1095| [12571] Samsung Nexus/Galaxy Modem libsec-ril.so RFS Command privilege escalation
1096| [10120] Infraware Polaris Office/Viewer 4.0.3207.11 on Samsung Galaxy S3/S4 XML Validation denial of service
1097| [64793] Samsung Smart Viewer unknown vulnerability
1098| [64792] Samsung Smart Viewer Web View Cleartext information disclosure
1099| [9717] Samsung PS50C7700 HTTP Request denial of service
1100| [9148] Samsung IP Camera URL Validator cross site scripting
1101| [7892] Samsung UE55ES6800 SOAPACTION denial of service
1102| [63280] Samsung SamsungDive Subsystem unknown vulnerability
1103| [63277] Samsung SamsungDive Subsystem spoofing
1104| [7175] Google Android on Samsung Exynos 4210/4412 Privileges /dev/exynos-mem privilege escalation
1105| [7168] Samsung LED 3D Smart TV memory corruption
1106| [63139] Samsung Kies Air 2.1.210161 Crash denial of service
1107| [63138] Samsung Kies Air 2.1.210161 spoofing
1108| [7027] Samsung Printer 20121030 SNMP Account NetWorkManager.class NetworkManager Community String weak authentication
1109| [6630] Samsung Galaxy S S2/S3 NFC privilege escalation
1110| [61785] Samsung KIES 2.3.2.12074 ActiveX Control MASetupCaller.dll unknown vulnerability
1111| [61634] Samsung NET-i viewer 1.37.120316 denial of service
1112| [61633] Samsung NET-i viewer 1.37.120316 ActiveX Control memory corruption
1113| [61632] Samsung NET-i viewer 1.37.120316 ActiveX Control Stack-based memory corruption
1114| [61562] Samsung NET-i viewer 1.37 OCX ActiveX Control XProcessControl.ocx RequestScreenOptimization memory corruption
1115| [60919] Samsung Chromebox 3 unknown vulnerability
1116| [5259] Samsung TV MAC Address memory corruption
1117| [5258] Samsung TV Controller Packet denial of service
1118| [57396] Samsung Data Management Server up to 1.4.1 Authentication Form sql injection
1119| [44300] Samsung DVR SHR2040 B3.03e-k1.53-v2.19 0705281908 Crash denial of service
1120|
1121| MITRE CVE - https://cve.mitre.org:
1122| [CVE-2013-4890] The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600.
1123| [CVE-2013-2310] SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi routers, SoftBank Android smartphones with the Wi-Fi application before 1.7.1, SoftBank Windows Mobile smartphones with the WISPrClient application before 1.3.1, SoftBank Disney Mobile Android smartphones with the Wi-Fi application before 1.7.1, and WILLCOM Android smartphones with the Wi-Fi application before 1.7.1, does not properly connect to access points, which allows remote attackers to obtain sensitive information by leveraging access to an 802.11 network.
1124| [CVE-2012-6422] The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.
1125| [CVE-2012-6337] The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data.
1126| [CVE-2012-6334] The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
1127| [CVE-2012-5859] Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to cause a denial of service (crash) via a crafted request to www/apps/KiesAir/jws/ssd.php.
1128| [CVE-2012-5858] Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address.
1129| [CVE-2012-4964] The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request.
1130| [CVE-2012-4335] Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. NOTE: some of these details are obtained from third party information.
1131| [CVE-2012-4334] The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.
1132| [CVE-2012-4333] Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information.
1133| [CVE-2012-4330] The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow.
1134| [CVE-2012-4329] The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name.
1135| [CVE-2012-4250] Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument.
1136| [CVE-2012-4050] Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors.
1137| [CVE-2012-2990] The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted HTML document.
1138| [CVE-2012-2980] The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages.
1139| [CVE-2012-2864] Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow."
1140| [CVE-2012-2619] The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.
1141| [CVE-2012-1418] Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
1142| [CVE-2012-0695] Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
1143| [CVE-2011-4719] Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
1144| [CVE-2011-4548] Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
1145| [CVE-2011-3421] Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
1146| [CVE-2011-3420] Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
1147| [CVE-2010-4284] SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
1148| [CVE-2008-4380] The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters.
1149| [CVE-2007-3931] The wrap_setuid_third_party_application function in the installation script for the Samsung SCX-4200 Driver 2.00.95 adds setuid permissions to third party applications such as xsane and xscanimage, which allows local users to gain privileges.
1150| [CVE-2007-3445] Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351.
1151| [CVE-2005-0865] Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) root, (2) admin, or (3) user users, which allows remote attackers to gain privileges via Telnet or an HTTP request to adsl.cgi.
1152| [CVE-2005-0864] The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request.
1153| [CVE-2004-1970] Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message.
1154| [CVE-2001-1177] ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
1155|
1156| SecurityFocus - https://www.securityfocus.com/bid/:
1157| [54055] Samsung AllShare 'Content-Length' HTTP Header Remote Denial Of Service Vulnerability
1158| [102336] Samsung/Seagate Self-Encrypting Drive Protection CVE-2015-7267 Local Security Bypass Vulnerability
1159| [102334] Samsung/Seagate Self-Encrypting Drives Protection CVE-2015-7268 Local Security Bypass Vulnerability
1160| [99081] Samsung Magician CVE-2017-3218 Remote Code Execution Vulnerability
1161| [97703] Multiple Samsung Galaxy Products CVE-2016-4031 Security Bypass Vulnerability
1162| [97701] Multiple Samsung Galaxy Products CVE-2016-4030 Security Bypass Vulnerability
1163| [97658] Samsung SecEmailSync CVE-2016-2565 Information Disclosure Vulnerability
1164| [97654] Samsung SecEmailSync CVE-2016-2566 SQL Injection Vulnerability
1165| [97650] Multiple Samsung Galaxy Products CVE-2016-4032 Security Bypass Vulnerability
1166| [97207] Samsung Account CVE-2015-0864 Information Disclosure Vulnerability
1167| [96360] Multiple Samsung Android Mobile Devices CVE-2016-4547 Denial of Service Vulnerability
1168| [96128] Multiple Samsung Android Mobile Devices InputMethod Application Denial of Service Vulnerability
1169| [95674] Samsung CVE-2017-5538 Remote Memory Corruption Vulnerability
1170| [95424] Multiple Samsung Android Mobile Devices CVE-2017-5350 Denial of Service Vulnerability
1171| [95418] Multiple Samsung Android Mobile Devices CVE-2017-5351 Denial of Service Vulnerability
1172| [95319] Multiple Samsung Android Mobile Phones CVE-2017-5217 Denial of Service Vulnerability
1173| [95134] Multiple Samsung Devices 'OTP' Service Remote Heap Buffer Overflow Vulnerability
1174| [95092] Multiple Samsung Galaxy Product Information Disclosure Vulnerability
1175| [94955] Samsung Mobile Phones Multiple Denial of Service Vulnerabilities
1176| [94494] Multiple Samsung Galaxy Product CVE-2016-9567 Security Bypass Vulnerability
1177| [94292] Samsung Mobile Phones SystemUI CVE-2016-9277 Denial of Service Vulnerability
1178| [94283] Samsung Mobile Phones Information Disclosure and Denial of Service Vulnerabilities
1179| [94120] Samsung Mobile Phones CVE-2016-7160 Null Pointer Dereference Denial of Service Vulnerability
1180| [94088] Multiple Samsung Galaxy Product CVE-2016-7991 Security Bypass Vulnerability
1181| [94086] Multiple Samsung Galaxy Devices CVE-2016-7990 Integer Overflow Vulnerability
1182| [94082] Multiple Samsung Galaxy Devices CVE-2016-7989 Denial of Service Vulnerability
1183| [94081] Samsung Mobile Phones CVE-2016-7988 Denial of Service Vulnerability
1184| [92539] Samsung Security Manager Multiple Remote Command Execution and Denial of Service Vulnerabilities
1185| [92349] Samsung 'fimg2d' Driver Null Pointer Deference Local Denial of Service Vulnerability
1186| [92330] Samsung Android Phone Multiple Privilege Escalation Vulnerabilities
1187| [91191] Samsung SW Update Software Local Privilege Escalation Vulnerability
1188| [90104] Samsung Mobile Phones 'IAndroidShm' Service Denial of Service Vulnerability
1189| [90100] Samsung Mobile Phones 'TvoutService_C' Service Denial of Service Vulnerability
1190| [86366] Samsung 'msm_sensor_config' Function CVE-2016-4038 Remote Memory Corruption Vulnerability
1191| [86278] Samsung KNOX CVE-2016-3996 Information Disclosure Vulnerability
1192| [84287] Samsung SW Update Tool Security Bypass Vulnerability
1193| [84284] Samsung SW Update Tool Information Disclosure Vulnerability
1194| [81063] Samsung KNOX CVE-2016-1920 Man in the Middle Information Disclosure Vulnerability
1195| [81056] Samsung KNOX CVE-2016-1919 Weak Encryption Security Weakness
1196| [80381] Samsung SRN-1670D Camera Multiple Security Vulnerabilities
1197| [79675] Samsung SmartTV and Printers CVE-2015-5729 Weak Password Security Vulnerability
1198| [77431] Samsung SecEmailUI CVE-2015-7893 Security Vulnerability
1199| [77430] Samsung Galaxy S6 CVE-2015-7898 Denial of Service Vulnerability
1200| [77429] Samsung Galaxy S6 CVE-2015-7895 Denial of Service Vulnerability
1201| [77425] Samsung LibQjpeg CVE-2015-7896 Remote Memory Corruption Vulnerability
1202| [77423] Samsung LibQjpeg CVE-2015-7894 Remote Memory Corruption Vulnerability
1203| [77422] Samsung Galaxy S6 CVE-2015-7897 Memory Corruption Vulnerability
1204| [77339] Samsung SecEmailComposer CVE-2015-7889 Local Privilege Escalation Vulnerability
1205| [77338] Samsung Galaxy S6 CVE-2015-7888 Directory Traversal Vulnerability
1206| [77337] Samsung m2m1shot Driver CVE-2015-7892 Local Buffer Overflow Vulnerability
1207| [77336] Samsung Sieren Kernel Driver CVE-2015-7890 Local Buffer Overflow Vulnerability
1208| [77335] Samsung Fimg2d CVE-2015-7891 Local Race Condition Security Bypass Vulnerability
1209| [77084] Samsung SmartViewer 'CNC_Ctrl' ActiveX Control Remote Code Execution Vulnerability
1210| [77083] RETIRED: Samsung SmartViewer 'SendCustomPacket' Method Remote Code Execution Vulnerability
1211| [77079] Samsung SmartViewer CVE-2015-8039 Multiple Remote Code Execution Vulnerabilities
1212| [76946] Samsung XNS ActiveX SDK ActiveX Control Multiple Remote Code Execution Vulnerabilities
1213| [76807] Samsung S4 GT-I9500 Memory Corruption and Information Disclosure Vulnerabilities
1214| [75912] Samsung SyncThru CVE-2015-5473 Multiple Directory Traversal Vulnerabilities
1215| [75404] Samsung SBeam CVE-2015-4033 Information Disclosure Vulnerability
1216| [75403] Samsung Galaxy S5 CVE-2015-4034 Remote Code Execution Vulnerability
1217| [75229] RETIRED: Samsung Galaxy S Phones CVE-2015-2865 Man in The Middle Security Bypass Vulnerability
1218| [74877] Samsung iPOLiS Device Manager ActiveX Control CVE-2015-0555 Multiple Buffer Overflow Vulnerabilities
1219| [74400] Samsung Security Manager ActiveMQ Broker Service Multiple Remote Code Execution Vulnerabilities
1220| [72598] Samsung Security Manager CVE-2015-1499 Security Bypass Vulnerability
1221| [71489] Samsung SmartViewer 'STWConfig' ActiveX Remote Code Execution Vulnerability
1222| [71486] Samsung SmartViewer 'CNC_Ctrl' ActiveX Stack Buffer Overflow Vulnerability
1223| [71148] Multiple Samsung Galaxy Devices KNOX Arbitrary Code Execution Vulnerability
1224| [67823] Samsung iPOLiS Device Manager 'FindConfigChildeKeyList()' Method Stack Buffer Overflow Vulnerability
1225| [67822] Samsung iPOLiS Device Manager ActiveX Control Multiple Remote Code Execution Vulnerabilities
1226| [66192] Samsung Proprietary Android Backdoor Unauthorized Access Vulnerability
1227| [63726] Samsung Galaxy S4 Unspecified Security Vulnerability
1228| [61942] Samsung DVR CVE-2013-3585 Information Disclosure Vulnerability
1229| [61938] Samsung DVR CVE-2013-3586 Cookie Authentication Bypass Vulnerability
1230| [61881] Samsung DVR Multiple Access Bypass Vulnerabilities
1231| [61391] Samsung PS50C7700 3D Plasma-TV CVE-2013-4890 Denial of Service Vulnerability
1232| [61281] Samsung Galaxy S3 And S4 CVE-2013-4764 Local Security Bypass Vulnerability
1233| [61280] Samsung Galaxy S3 And S4 CVE-2013-4763 Local Security Bypass Vulnerability
1234| [60756] Samsung Galaxy S4 SMS Spoofing Vulnerability
1235| [60527] Samsung SHR-5162 and SHR-5082 CVE-2013-3964 Unspecified Cross Site Scripting Vulnerability
1236| [58320] Samsung TV 'SOAPACTION' Denial of Service Vulnerability
1237| [58312] Samsung Galaxy S3 Full Lock Screen Security Bypass Vulnerability
1238| [58123] Samsung Galaxy S3 Screen Lock Security Bypass Vulnerability
1239| [57249] Samsung Kies CVE-2012-6429 Remote Buffer Overflow Vulnerability
1240| [57131] SamsungDive for Android CVE-2012-6337 Spoofing Vulnerability
1241| [57127] SamsungDive for Android CVE-2012-6334 Spoofing Vulnerability
1242| [56955] Samsung SmartPhones Local Privilege Escalation Vulnerability
1243| [56692] Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability
1244| [56560] Samsung Kies Air Denial of Service and Security Bypass Vulnerabilities
1245| [55936] Samsung Kies Multiple Security Vulnerabilities
1246| [55053] Samsung Galaxy S2 Epic 4G Touch Multiple Insecure Temporary File Creation Vulnerabilities
1247| [55047] Multiple Samsung and HTC Devices Information Disclosure Vulnerability
1248| [53317] Samsung NET-i Viewer 'msls31.dll' ActiveX Buffer Overflow Vulnerability
1249| [53193] Samsung NET-i ware Multiple Remote Vulnerabilities
1250| [53161] Samsung TV and BD Products Multiple Denial Of Service Vulnerabilities
1251| [50682] Samsung Omnia 7 'RapidConfig.exe' XML Provision Remote Code Execution Vulnerability
1252| [47746] Samsung Integrated Management System DMS SQL Injection Vulnerability
1253| [34705] Multiple Samsung Devices SMS Provisioning Messages Authentication Bypass Vulnerability
1254| [31047] Samsung DVR SHR-2040 HTTPD Denial of Service Vulnerability
1255| [24953] Samsung Linux Printer Driver SetUID Script Local Privilege Escalation Vulnerability
1256| [16517] Samsung E730 Phone Remote Denial of Service Vulnerability
1257| [12864] Samsung DSL Modem Multiple Remote Vulnerabilities
1258| [10219] Samsung SmartEther Switch Firmware Authentication Bypass Vulnerability
1259| [3008] Samsung ml85p Printer Utility Insecure Temporary File Creation Vulnerability
1260|
1261| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1262| [85904] Samsung PS50C7700 TV denial of service
1263| [85190] Samsung Galaxy S4 spoofing
1264| [84925] Samsung SHR Series IP cameras unspecified cross-site scripting
1265| [82662] Samsung TV SOAPACTION denial of service
1266| [82602] Samsung Galaxy S III Lock Screen security bypass
1267| [82352] Samsung Galaxy S III Passcode Lock security bypass
1268| [80926] Samsung Galaxy security bypass
1269| [80923] Samsung Galaxy SamsungDive information disclosure
1270| [80886] Samsung SmartPhones privilege escalation
1271| [80709] Samsung Galaxy S2 kernel privilege escalation
1272| [80336] Samsung printers backdoor
1273| [80092] Samsung Kies Air security bypass
1274| [80091] Samsung Kies Air GET denial of service
1275| [79445] Samsung Kies ActiveX Control registry key security bypass
1276| [79443] Samsung Kies ActiveX Control security bypass
1277| [79284] Samsung Kies ActiveX Control CmdAgentLib() security bypass
1278| [79283] Samsung Kies ActiveX CmdAgent.dll code execution
1279| [79268] Samsung Kies Samsung.Device Service ActiveX control denial of service
1280| [79193] Samsung Galaxy S III sandbox privilege escalation
1281| [79192] Samsung Galaxy S III document viewer code execution
1282| [78904] Samsung Galaxy S III USSD denial of service
1283| [77811] Samsung Galaxy S2 Epic 4G Touch symlink
1284| [76396] AllShare libpin3_dll.dll denial of service
1285| [75310] Samsung NET-i viewer ActiveX control buffer overflow
1286| [75070] Samsung NET-i ware ActiveX control buffer overflow
1287| [75069] Samsung NET-i ware ActiveX control code execution
1288| [75066] Samsung NET-i ware Master and Storage denial of service
1289| [74928] Multiple Samsung TV and BD products string denial of service
1290| [74927] Multiple Samsung TV and BD products controller packet denial of service
1291| [71316] Samsung Omnia 7 RapiConfig.exe code execution
1292| [67315] Samsung Integrated Management System DMS authentication form SQL Injection
1293| [50110] Samsung SMS messages authentication bypass
1294| [44995] Samsung DVR SHR2040 Web interface denial of service
1295| [35502] Samsung SCX-4200 driver installation script privilege escalation
1296| [19927] Samsung default accounts and passwords allow unauthorized access
1297| [19925] Samsung ADSL Router information disclosure
1298| [15973] Samsung SmartEther allows administrative access
1299| [6845] Samsung ML-85G printer driver /tmp symlink
1300|
1301| Exploit-DB - https://www.exploit-db.com:
1302| [19289] Samsung AllShare 2.1.1.0 NULL Pointer Deference
1303| [27753] Samsung DVR Firmware 1.10 - Authentication Bypass
1304| [27043] Samsung PS50C7700 TV - Denial of Service
1305| [22007] Samsung Kies 2.3.2.12054_20 - Multiple Vulnerabilities
1306| [21001] Samsung ml85p Printer Driver 1.0 Insecure Temporary File Creation Vulnerability (3)
1307| [21000] Samsung ml85p Printer Driver 1.0 Insecure Temporary File Creation Vulnerability (2)
1308| [20999] Samsung ml85p Printer Driver 1.0 Insecure Temporary File Creation Vulnerability (1)
1309| [19027] Samsung NET-i viewer Multiple ActiveX BackupToAvi() Remote Overflow
1310| [18808] SAMSUNG NET-i Viewer 1.37 SEH Overwrite
1311| [18765] samsung net-i ware <= 1.37 - Multiple Vulnerabilities
1312| [18751] Samsung D6000 TV Multiple Vulnerabilities
1313| [6394] Samsung DVR SHR2040 HTTPD Remote Denial of Service DoS PoC
1314|
1315| OpenVAS (Nessus) - http://www.openvas.org:
1316| [902935] Samsung Printer SNMP Hardcoded Community String Authentication Bypass Vulnerability
1317|
1318| SecurityTracker - https://www.securitytracker.com:
1319| [1028821] Samsung PS50C7700 TV Web Server Processing Flaw Lets Remote Users Deny Service
1320| [1027894] Samsung Phone '/dev/exynos-mem' Lets Local Users Gain Root Privileges
1321| [1027819] Samsung Printers Hardcoded Password Lets Remote Users Gain Administrative Access
1322| [1027571] Samsung Galaxy Phones Android Dialer Lets Remote Users Deny Service
1323| [1026976] Samsung TV Bug in Remote Control Feature Lets Remote Users Deny Service
1324| [1025508] Samsung Data Management Server Input Validation Flaw Lets Remote Users Inject SQL Commands
1325| [1013615] Samsung ADSL Router Discloses Files to Remote Users and May Grant Root Access Via Common Default Passwords
1326| [1009947] Samsung SmartEther Authentication Failure Lets Remote Users Gain Administrative Access
1327| [1002019] Samsung ML-85G Printer Driver Allows Local Users to Obtain Root Level Access on the Host
1328|
1329| OSVDB - http://www.osvdb.org:
1330| [83012] Samsung AllShare libpin3_dll.dll Content-Length HTTP Header Parsing NULL Pointer Dereference Remote DoS
1331| [95574] Samsung PS50C7700 TV Crafted HTTP GET Request Handling Remote DoS
1332| [95437] Samsung Galaxy S3/S4 sCloudBackupProvider.apk SMS Content Injection
1333| [95436] Samsung Galaxy S3/S4 sCloudBackupProvider.apk SMS Message Restoration Disclosure
1334| [94520] Samsung Galaxy S4 Cloud Backup Function SMS Spoofing Weakness
1335| [94223] Samsung Multiple IP Camera URI XSS
1336| [91499] Google Android on Samsung Multiple Unspecified Information Disclosure
1337| [91498] Google Android on Samsung Multiple Unspecified DoS
1338| [91497] Google Android on Samsung Multiple Unspecified Phone Setting Manipulation Issues
1339| [91496] Google Android on Samsung Unspecified Phone Action Hijacking Issue
1340| [91495] Google Android on Samsung Unspecified Unprivileged Arbitrary SMS Message Sending
1341| [91494] Google Android on Samsung Unspecified Privileged Application Installation (Issue 2)
1342| [91493] Google Android on Samsung Unspecified Privileged Application Installation (Issue 1)
1343| [90918] Samsung TV UE55ES6800 Malformed SOAPACTION Handling Remote Overflow DoS
1344| [90581] Samsung Galaxy S3 Emergency Contacts / S-Voice PIN Lock Bypass
1345| [89118] Samsung Kies SyncService.dll ActiveX PrepareSync() Method Buffer Overflow
1346| [88885] SamsungDive for Android Track My Mobile Function Location API Spoofing Weakness
1347| [88882] SamsungDive for Android Track My Mobile Function Security Feature Disclosure Weakness
1348| [88467] Samsung Galaxy Multiple Devices /dev/exynos-mem Local Privilege Escalation
1349| [88379] Samsung LED 3D TV Unspecified Remote Command Execution
1350| [87970] Samsung S3 Kies Air (com.samsung.swift.app.kiesair) /www/apps/KiesAir/jws/ssd.php Malformed Request Remote DoS
1351| [87969] Samsung S3 Kies Air (com.samsung.swift.app.kiesair) Crafted Request Remote Session Hijack
1352| [87872] Samsung Multiple Printers Hardcoded Admin Credentials
1353| [86626] Samsung Galaxy S2 Multiple Application Information Disclosure
1354| [86501] Samsung Kies CmdAgent.dll ICommandAgent Interface Multiple Method Remote Privilege Escalation
1355| [86500] Samsung Kies Samsung.DeviceService.DCA.DeviceDataParagonATGM.1 ActiveX (DCAPARAGONGM.dll) GetDataTable() Method NULL-Pointer Dereference DoS
1356| [86197] Samsung Galaxy S3 Unspecified Local Privilege Escalation
1357| [86083] Samsung Galaxy S3 Near Field Communication (NFC) Memory Corruption
1358| [84925] Samsung Galaxy S dmesg Buffer Touch Coordinate Application Handling Information Disclosure
1359| [81222] Samsung Multiple Product MAC Address Field Parsing Remote Overflow DoS
1360| [81221] Samsung Multiple Product Controller Packet String Field Parsing Remote DoS
1361| [79398] Samsung DWCD Web Interface Default Password (Femtocell)
1362| [77158] Samsung Omnia 7 RapiConfig.exe Traversal Provisioning XML File Execution
1363| [72255] Samsung Data Management Server Default Hardcoded root Password
1364| [72227] Samsung Data Management Server Unspecified SQL Injection
1365| [64369] Samsung PC Studio for Mobile Phones fun_avcodec.dll Malformed AVI File Handling DoS
1366| [54692] Samsung M8800 Innov8 / SGH-J750 Multiple Method SMS Provisioning Spoofing
1367| [54690] Samsung G3210 Web Interface Default Password
1368| [54689] Samsung G3210 rc.conf.tmp Cleartext ISP Password Local Disclosure
1369| [54688] Samsung G3210 FTP-Server Default Credentials
1370| [47976] Samsung DVR SHR2040 Web Interface Request Handling DoS
1371| [45404] SJphone on Samsung SCH-i730 Phone Malformed SIP INVITE Message Remote Overflow DoS
1372| [38214] Samsung SCX-4200 Driver Installation Script wrap_setuid_third_party_application Function Local Privilege Escalation
1373| [16684] Samsung SmartEther Long Password Forced Authentication
1374| [15023] Samsung ADSL Modem Multiple Default Accounts
1375| [1898] Samsung ml85p Printer Utility Symlink Local Privilege Escalation
1376|_
1377Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1378Device type: general purpose
1379Running (JUST GUESSING): Linux 4.X|3.X (87%)
1380OS CPE: cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:3
1381Aggressive OS guesses: Linux 4.4 (87%), Linux 3.10 - 4.11 (87%), Linux 3.16 - 4.6 (87%), Linux 3.2 - 4.9 (87%), Linux 4.10 (87%)
1382No exact OS matches for host (test conditions non-ideal).
1383Uptime guess: 0.005 days (since Sat Jan 25 18:59:55 2020)
1384Network Distance: 9 hops
1385TCP Sequence Prediction: Difficulty=259 (Good luck!)
1386IP ID Sequence Generation: All zeros
1387
1388TRACEROUTE (using port 443/tcp)
1389HOP RTT ADDRESS
13901 0.01 ms 172.18.0.1
13912 0.04 ms 172.17.0.1
13923 3.01 ms 216.239.35.175
13934 1.30 ms 108.170.240.176
13945 2.38 ms 26496.sgw.equinix.com (27.111.228.105)
13956 2.32 ms 148.72.204.1
13967 ... 8
13979 1.82 ms ip-182-50-132-242.ip.secureserver.net (182.50.132.242)
1398
1399NSE: Script Post-scanning.
1400Initiating NSE at 19:07
1401Completed NSE at 19:07, 0.00s elapsed
1402Initiating NSE at 19:07
1403Completed NSE at 19:07, 0.00s elapsed
1404Read data files from: /usr/bin/../share/nmap
1405OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1406Nmap done: 1 IP address (1 host up) scanned in 30.49 seconds
1407 Raw packets sent: 83 (7.792KB) | Rcvd: 29 (1.872KB)
1408[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
1409[91m SCANNING FOR VIRTUAL HOSTS [0m
1410[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
1411===============================================================
1412Gobuster v3.0.1
1413by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
1414===============================================================
1415[+] Url: https://fenixfinancialsolutions.com
1416[+] Threads: 10
1417[+] Wordlist: /usr/share/sniper/wordlists/vhosts.txt
1418[+] User Agent: gobuster/3.0.1
1419[+] Timeout: 10s
1420===============================================================
14212020/01/25 19:07:41 Starting gobuster
1422===============================================================
1423Found: www.fenixfinancialsolutions.com (Status: 301) [Size: 0]
1424===============================================================
14252020/01/25 19:07:41 Finished
1426===============================================================
1427[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
1428[91m GATHERING SSL/TLS INFO [0m
1429[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
1430Version: [32m1.11.13-static[0m
1431OpenSSL 1.0.2-chacha (1.0.2g-dev)
1432[0m
1433[32mConnected to 182.50.132.242[0m
1434
1435Testing SSL server [32mfenixfinancialsolutions.com[0m on port [32m443[0m using SNI name [32mfenixfinancialsolutions.com[0m
1436
1437 [1;34mTLS Fallback SCSV:[0m
1438Server [32msupports[0m TLS Fallback SCSV
1439
1440 [1;34mTLS renegotiation:[0m
1441Session renegotiation [32mnot supported[0m
1442
1443 [1;34mTLS Compression:[0m
1444Compression [32mdisabled[0m
1445
1446 [1;34mHeartbleed:[0m
1447TLS 1.2 [32mnot vulnerable[0m to heartbleed
1448TLS 1.1 [32mnot vulnerable[0m to heartbleed
1449TLS 1.0 [32mnot vulnerable[0m to heartbleed
1450
1451 [1;34mSupported Server Cipher(s):[0m
1452[32mPreferred[0m TLSv1.2 [32m128[0m bits [32mECDHE-RSA-AES128-GCM-SHA256 [0m Curve P-256 DHE 256
1453Accepted TLSv1.2 [32m256[0m bits [32mECDHE-RSA-AES256-GCM-SHA384 [0m Curve P-256 DHE 256
1454Accepted TLSv1.2 [32m128[0m bits [32mDHE-RSA-AES128-GCM-SHA256 [0m DHE 2048 bits
1455Accepted TLSv1.2 [32m256[0m bits [32mDHE-RSA-AES256-GCM-SHA384 [0m DHE 2048 bits
1456
1457 [1;34mSSL Certificate:[0m
1458Signature Algorithm: [32msha256WithRSAEncryption[0m
1459RSA Key Strength: 2048
1460
1461Subject: fenixfinancialsolutions.com
1462Altnames: DNS:fenixfinancialsolutions.com, DNS:www.fenixfinancialsolutions.com
1463Issuer: Go Daddy Secure Certificate Authority - G2
1464
1465Not valid before: [32mApr 6 18:13:58 2019 GMT[0m
1466Not valid after: [32mMay 6 16:44:08 2020 GMT[0m
1467
1468[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
1469[91m SAVING SCREENSHOTS [0m
1470[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
1471[91m[+][0m Screenshot saved to /usr/share/sniper/loot/workspace/fenixfinancialsolutions.com/screenshots/fenixfinancialsolutions.com-port443.jpg
1472webscreenshot.py version 2.2.1
1473
1474[+] 1 URLs to be screenshot
1475[+] 1 actual URLs screenshot
1476[+] 0 error(s)
1477[91m + -- --=[Port 445 closed... skipping.[0m
1478[91m + -- --=[Port 500 closed... skipping.[0m
1479[91m + -- --=[Port 512 closed... skipping.[0m
1480[91m + -- --=[Port 513 closed... skipping.[0m
1481[91m + -- --=[Port 514 closed... skipping.[0m
1482[91m + -- --=[Port 1099 closed... skipping.[0m
1483[91m + -- --=[Port 1433 closed... skipping.[0m
1484[91m + -- --=[Port 2049 closed... skipping.[0m
1485[91m + -- --=[Port 2181 closed... skipping.[0m
1486[91m + -- --=[Port 3306 closed... skipping.[0m
1487[91m + -- --=[Port 3310 closed... skipping.[0m
1488[91m + -- --=[Port 3128 closed... skipping.[0m
1489[91m + -- --=[Port 3389 closed... skipping.[0m
1490[91m + -- --=[Port 3632 closed... skipping.[0m
1491[91m + -- --=[Port 5432 closed... skipping.[0m
1492[91m + -- --=[Port 5555 closed... skipping.[0m
1493[91m + -- --=[Port 5800 closed... skipping.[0m
1494[91m + -- --=[Port 5900 closed... skipping.[0m
1495[91m + -- --=[Port 5984 closed... skipping.[0m
1496[91m + -- --=[Port 6000 closed... skipping.[0m
1497[91m + -- --=[Port 6667 closed... skipping.[0m
1498[91m + -- --=[Port 7001 closed... skipping.[0m
1499[91m + -- --=[Port 8000 closed... skipping.[0m
1500[91m + -- --=[Port 8001 closed... skipping.[0m
1501[91m + -- --=[Port 9495 closed... skipping.[0m
1502[91m + -- --=[Port 10000 closed... skipping.[0m
1503[91m + -- --=[Port 16992 closed... skipping.[0m
1504[91m + -- --=[Port 27017 closed... skipping.[0m
1505[91m + -- --=[Port 27018 closed... skipping.[0m
1506[91m + -- --=[Port 27019 closed... skipping.[0m
1507[91m + -- --=[Port 28017 closed... skipping.[0m
1508[91m + -- --=[Port 49180 closed... skipping.[0m
1509[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
1510[91m SCANNING FOR COMMON VULNERABILITIES [0m
1511[92m====================================================================================[0m•x[92m[2020-01-25](19:07)[0mx•
1512#########################################################################################
1513 oooooo oooo .o. .oooooo..o ooooo ooo .oooooo.
1514 `888. .8' .888. d8P' `Y8 `888' `8' d8P' `Y8b
1515 `888. .8' .88888. Y88bo. 888 8 888 888
1516 `888.8' .8' `888. `ZY8888o. 888 8 888 888
1517 `888' .88ooo8888. `0Y88b 888 8 888 888
1518 888 .8' `888. oo .d8P `88. .8' `88b d88'
1519 o888o o88o o8888o 88888888P' `YbodP' `Y8bood8P'
1520Welcome to Yasuo v2.3
1521Author: Saurabh Harit (@0xsauby) | Contribution & Coolness: Stephen Hall (@logicalsec)
1522#########################################################################################
1523
1524I, [2020-01-25T19:07:44.337278 #3343] INFO -- : Initiating port scan
1525I, [2020-01-25T19:08:01.487734 #3343] INFO -- : Using nmap scan output file logs/nmap_output_2020-01-25_19-07-44.xml
1526I, [2020-01-25T19:08:01.489223 #3343] INFO -- : Discovered open port: 182.50.132.242:80
1527I, [2020-01-25T19:08:01.506816 #3343] INFO -- : Discovered open port: 182.50.132.242:443
1528I, [2020-01-25T19:08:01.557639 #3343] INFO -- : <<<Enumerating vulnerable applications>>>
1529
1530
1531--------------------------------------------------------
1532[1m[32m<<<Yasuo discovered following vulnerable applications>>>[0m
1533--------------------------------------------------------
1534+----------+--------------------+-------------------+----------+----------+
1535| App Name | URL to Application | Potential Exploit | Username | Password |
1536+----------+--------------------+-------------------+----------+----------+
1537+----------+--------------------+-------------------+----------+----------+
1538[92m====================================================================================[0m•x[92m[2020-01-25](19:08)[0mx•
1539[91m SKIPPING FULL NMAP PORT SCAN [0m
1540[92m====================================================================================[0m•x[92m[2020-01-25](19:08)[0mx•
1541[92m====================================================================================[0m•x[92m[2020-01-25](19:08)[0mx•
1542[91m SKIPPING BRUTE FORCE [0m
1543[92m====================================================================================[0m•x[92m[2020-01-25](19:08)[0mx•
1544[92m====================================================================================[0m•x[92m[2020-01-25](19:08)[0mx•
1545[91m SCAN COMPLETE! [0m
1546[92m====================================================================================[0m•x[92m[2020-01-25](19:08)[0mx•
1547[91m ____ [0m
1548[91m _________ / _/___ ___ _____[0m
1549[91m / ___/ __ \ / // __ \/ _ \/ ___/[0m
1550[91m (__ ) / / // // /_/ / __/ / [0m
1551[91m /____/_/ /_/___/ .___/\___/_/ [0m
1552[91m /_/ [0m
1553
1554[94m[*][0m Opening loot directory /usr/share/sniper/loot/workspace/fenixfinancialsolutions.com [94m[[0m[92mOK[0m[94m][0m
1555[93m + -- --=[ Generating reports...[0m
1556[92m[[94m|[92m][0m
1557[93m + -- --=[ Parsing NMap Ports... [0m
1558[92m[[94m|[92m][0m
1559[93m + -- --=[ Sorting all files...[0m
1560[93m + -- --=[ Removing blank screenshots and files...[0m
1561[91m + -- --=[ Sn1per Professional is not installed. To download Sn1per Professional, go to https://xerosecurity.com. [0m
1562[93m + -- --=[ Done![0m