the original cloud security
Showing 1 - 25 of 28 RSS Feed

Files from Juan Carlos Garcia

First Active2013-01-13
Last Active2014-05-30
ProtonMail.ch Header Injection / CSRF
Posted May 30, 2014
Authored by Juan Carlos Garcia, Francisco Moraga

ProtonMail.ch suffers from cross site request forgery, header injection, and out of date software vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, vulnerability, csrf
MD5 | 3a3771bd65c50a7abe9a35a69d808576
AOL File Inclusion / Cross Site Scripting
Posted Jan 22, 2014
Authored by Juan Carlos Garcia

America Online (AOL) suffers from cross site scripting and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, file inclusion
MD5 | 0d9462b1f15af5ece7e02a57bd97dabc
Ring Jordan SQL Injection
Posted Dec 13, 2013
Authored by Juan Carlos Garcia

Ring Jordan suffers from a remote SQL injection vulnerability in their administrative functionality. The author has tried to contact the vendor and has received no response. The SQL injection issue allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 4357fcbb8c9695ddc6f9df8cb0c93937
Vatican Web Site Cross Site Scripting
Posted Dec 12, 2013
Authored by Juan Carlos Garcia

The official Vatican web site suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
MD5 | 21d684717d6ca01e510ad6ad7aa1e610
NOAA.gov XSS / CSRF / Clickjacking
Posted Nov 24, 2013
Authored by Juan Carlos Garcia

NOAA.gov suffers from cross site request forgery, cross site scripting, and clickjacking vulnerabilities. The authored has tried to contact them but has received no response.

tags | advisory, vulnerability, xss, csrf
MD5 | 1e70f66258505c5a809d512455fe71e2
Kartoo Search Engine XSS / Remote File Inclusion
Posted Nov 19, 2013
Authored by Juan Carlos Garcia

Kartoo Search Engine suffers from information disclosure, cross site scripting, and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, file inclusion, info disclosure
MD5 | c9325ada48e1316422b4cdb703895fe3
Optomise System Ltd XSS / Information Disclosure
Posted Nov 18, 2013
Authored by Juan Carlos Garcia

Optomise System Ltd suffers from cross site scripting and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | 31b3b4acfeeecd6ce4749bb9e8436233
Adaudit Plus Online Demo CSRF / Poor Password Passing
Posted Oct 18, 2013
Authored by Juan Carlos Garcia

Adaudit Plus Online Demo suffers from multiple vulnerabilities including cross site request forgery, directory listing, and passwords being passed via a GET method.

tags | exploit, vulnerability, csrf
MD5 | cc4e518fbabe9f32665fb04b3c60e57f
Admanager Plus Online Demo XSS / CSRF / Clickjacking
Posted Oct 18, 2013
Authored by Juan Carlos Garcia

Admanager Plus Online Demo suffers from cross site request forgery, directory listing, clickjacking, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 10a0e1da9187b18dd7f141c7e284365c
Pagelime CMS XSS / Credential Disclosure
Posted Oct 14, 2013
Authored by Juan Carlos Garcia

Pagelime CMS suffers from cross site scripting, unencrypted __VIEWSTATE parameter, credentials being sent in the clear, and various other security issues.

tags | exploit, xss
MD5 | d123c3e4973a1200db2d69991057a96c
Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS
Posted Oct 7, 2013
Authored by Juan Carlos Garcia

Opolis.eu suffers from cross site request forgery, cross site scripting, denial of service, and remote blind SQL injection vulnerabilities. The vendor has not responded to the researchers reports of these issues.

tags | exploit, remote, denial of service, vulnerability, xss, sql injection, info disclosure, csrf
MD5 | 129ad4bfa860653849102b0facf37753
S-Mail.com PHP / Apache Issues
Posted Oct 7, 2013
Authored by Juan Carlos Garcia

Secure Mail at s-mail.com actually suffers from dozens of vulnerabilities due to using out of date PHP and Apache versions.

tags | advisory, php, vulnerability
MD5 | e7865d656493c7b1b8db59ef1ef67dad
UniCredit Bank Cross Site Request Forgery / Cross Site Scripting / Shell Upload
Posted Oct 1, 2013
Authored by Juan Carlos Garcia

UniCredit Bank suffers from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities. They have not responded to the authors notifications.

tags | exploit, remote, shell, vulnerability, xss, csrf
MD5 | 0023fc7f3ccbc1d90fdae8a88844708d
Ebuddy Web Messenger Disclosure / CSRF
Posted Sep 4, 2013
Authored by Juan Carlos Garcia

Ebuddy Web Messenger suffers from index disclosure, cross site request forgery, htaccess file disclosure, and insecure credential transport vulnerabilities.

tags | exploit, web, vulnerability, info disclosure, csrf
MD5 | fa1ef2aad35968d19fddc2902272d0a0
Cetelem Online Bank Cross Site Scripting / Clickjacking
Posted Sep 3, 2013
Authored by Juan Carlos Garcia

Cetelem Online bank suffers from cross site scripting and clickjacking vulnerabilities. The vendor had not responded to the researcher after multiple attempts to reach them. The CSIRT team for the bank notified Packet Storm on 10/14/2013 that the issues have been remediated.

tags | exploit, vulnerability, xss
MD5 | 5818daca94acd1d746ab070bf0d00e71
Geonick Social Network Clickjacking / Credential Disclosure
Posted Aug 29, 2013
Authored by Juan Carlos Garcia

Geonick Social Network suffers from a lack of clickjacking protection, it has an insecure crossdomain.xml file, and sends user credentials in the clear.

tags | exploit
MD5 | 88e4ec31c93f6095787092327295bae6
Obehotel CMS Denial Of Service / SQL Injection
Posted Aug 26, 2013
Authored by Juan Carlos Garcia

Obehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities.

tags | exploit, remote, denial of service, vulnerability, sql injection
MD5 | 52a02d8e7a4606235f5dbaffe0ebc240
FICOBank Information Disclosure / Cross Site Scripting
Posted Aug 23, 2013
Authored by Juan Carlos Garcia

FICOBank suffers from exposed directory listing and cross site scripting vulnerabilities. They do not believe any of this is an issue and if you use them, you should change banks immediately.

tags | exploit, vulnerability, xss
MD5 | f6e914a9f3008e9a153eea26c6fd138f
MIT Directory Information Disclosure
Posted Aug 15, 2013
Authored by Juan Carlos Garcia

Massachusetts Institute of Technology suffers form a parent directory information disclosure issue.

tags | exploit, info disclosure
MD5 | 08d68d282a63886a09bdee881612b733
ZZN SQL Injection / XSS / Credential Disclosure
Posted Aug 9, 2013
Authored by Juan Carlos Garcia

ZZN (Web Hosting and Free email accounts) suffers from cross site scripting, remote blind SQL injection, and credential disclosure vulnerabilities.

tags | exploit, remote, web, vulnerability, xss, sql injection, info disclosure
MD5 | 5dbbc60e5281ad835fa94281c2895be6
Zoho Information Disclosure / Mixed Content
Posted Jul 15, 2013
Authored by Juan Carlos Garcia

Zoho suffers from information disclosure due to a lack of a content-type being specified and also appears to use mixed content.

tags | exploit, info disclosure
MD5 | 3dbd0405c3fbd4aa7b5cc61428fdd3e5
YOPMail XSS / Injection / HTTP Response Splitting
Posted Jun 28, 2013
Authored by Juan Carlos Garcia

YOPMail suffers from cross site scripting, HTTP response splitting, CRLF injection, and session token handling vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | a5d9881d634167e06e2db886f4cca8b3
Hostinger Web Hosting Cross Site Scripting
Posted Jun 17, 2013
Authored by Juan Carlos Garcia

Hostinger Web Hosting suffers from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | bf26924765e193a21dd4789ba45cc43a
Self-Bank Cross Site Scripting
Posted Jun 10, 2013
Authored by Juan Carlos Garcia

Selfbank.es suffers from multiple cross site scripting vulnerabilities. The author has tried to contact them multiple times but they still have not addressed the issue.

tags | exploit, vulnerability, xss
MD5 | 91c6876a5c5f9438179b59c6eacc25b2
TESO Web 2.0 SQL Injection
Posted Jun 9, 2013
Authored by Juan Carlos Garcia

TESO Web version 2.0 suffers from a remote SQL injection vulnerability. The author has repeatedly notified the vendor and has received no response.

tags | exploit, remote, web, sql injection
MD5 | 9361e0a688dddaf1da6cd7ffbcf48c1f
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close