what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files from Netanel Rubin

First Active2014-02-19
Last Active2016-06-03
Magento 2.0.6 Unserialize Remote Code Execution
Posted Jun 3, 2016
Authored by agix, Netanel Rubin | Site metasploit.com

This Metasploit module exploits a PHP object injection vulnerability in Magento 2.0.6 or prior.

tags | exploit, php
advisories | CVE-2016-4010
SHA-256 | 0f4a54fd7327964f36b2aa61027c88bb06c66470231cb05fee46900549f0def5
vBulletin 5.1.2 Unserialize Code Execution
Posted Nov 13, 2015
Authored by Netanel Rubin, cutz, Julien (jvoisin) Voisin | Site metasploit.com

This Metasploit module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9

tags | exploit, php
advisories | CVE-2015-7808
SHA-256 | 3d697e9884f896d99ec27c73b56469d04ac0450703c51290468ce41cd7c38ae0
Bugzilla Unauthorized Account Creation
Posted Sep 10, 2015
Authored by Frederic Buclin, Byron Jones, Netanel Rubin | Site bugzilla.org

Bugzilla versions 2.0 to 4.2.14, 4.3.1 to 4.4.9, and 4.5.1 to 5.0 suffer from an unauthorized account creation vulnerability.

tags | advisory
advisories | CVE-2015-4499
SHA-256 | 9b1272725e4045835294ef9f644a6664c5657f9a14374d95b6685f5bdc61cc69
TWiki Debugenableplugins Remote Code Execution
Posted Mar 19, 2015
Authored by h0ng10, Netanel Rubin | Site metasploit.com

TWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution.

tags | exploit, remote, perl, code execution
advisories | CVE-2014-7236
SHA-256 | 850efe714be5e6548a264c1cce672a60aa1ae5a53559548aa9e9d66cf64f53b5
Bugzilla Account Creation / XSS / Information Leak
Posted Oct 7, 2014
Authored by Frederic Buclin, Byron Jones, David Lawrence, Netanel Rubin, Simon Green, James Kettle, Matt Tyson | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 2.23.3 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, and 4.5.1 to 4.5.5 suffer from unauthorized account creation, cross site scripting, and information leak vulnerabilities.

tags | advisory, vulnerability, xss, info disclosure
advisories | CVE-2014-1571, CVE-2014-1572, CVE-2014-1573
SHA-256 | 0d0e7c27532f6562403faf6ddb1249c6fce16ba6525feadfe7c92217191a6748
MediaWiki Thumb.php Remote Command Execution
Posted Feb 19, 2014
Authored by Brandon Perry, Ben Harris, Netanel Rubin | Site metasploit.com

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote unauthenticated users to execute arbitrary commands via shell metacharacters. If no target file is specified this module will attempt to log in with the provided credentials to upload a file (.DjVu) to use for exploitation.

tags | exploit, remote, arbitrary, shell, file upload
advisories | CVE-2014-1610
SHA-256 | 853d2b2d7b1ab2575d40f73544cf31c3010f47bbfc35b70e1a2faa0dfdf9204d
Page 1 of 1
Back1Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close