Twenty Year Anniversary
Showing 1 - 20 of 20 RSS Feed

Files from Paulos Yibelo

Email addressprivate
First Active2014-09-15
Last Active2017-10-12
View User Profile
PHP Melody 2.7.3 Cross Site Scripting / SQL Injection
Posted Oct 12, 2017
Authored by Paulos Yibelo

PHP Melody version 2.7.3 suffers from cross site scripting and SQL injection vulnerabilities.

tags | exploit, php, vulnerability, xss, sql injection
MD5 | 8d8544bc3a6ba55df5cbb4bfaefe5794
eFront 3.6.15 Code Execution
Posted Nov 5, 2016
Authored by Paulos Yibelo

eFront version 3.6.15 suffers from a code execution vulnerability.

tags | exploit, code execution
MD5 | 4609e1f6d7bf83a1c09fd995c41a1699
PHPSYSINFO 3.1.12 Local File Disclosure
Posted Feb 2, 2016
Authored by Paulos Yibelo

PHPSYSINFO versions 3.1.12 and below suffer from a local file disclosure vulnerability.

tags | exploit, local, file inclusion
MD5 | 470325a61146946ffd3e04b6c1374a14
Magento eCommerce Vulnerable Adobe Flex SDK
Posted Apr 10, 2015
Authored by Paulos Yibelo

Magento eCommerce versions 1.9.0 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking.

tags | advisory
advisories | CVE-2011-2461
MD5 | c08c1fb9f976b19b4163ffe2bf98a199
AfterLogic WebMail Lite Authentication Bypass
Posted Mar 27, 2015
Authored by Paulos Yibelo

AfterLogic WebMail Lite allows for an unauthenticated user to set an administrative password.

tags | exploit, bypass
MD5 | 4d87f913808ad9ff44266e63485355e5
Program-O 2.4.6 XSS / LFI / HTTP Response Splitting
Posted Jan 23, 2015
Authored by Paulos Yibelo | Site vulnerability-lab.com

Program-O version 2.4.6 suffers from http response splitting, cross site scripting, and local file inclusion vulnerabilities.

tags | exploit, web, local, vulnerability, xss, file inclusion
MD5 | c030a1bc76d8a0c8d9edebeee19311ef
Banana Dance Wiki CMS b2.x LFI / SQL Injection
Posted Jan 19, 2015
Authored by Paulos Yibelo | Site vulnerability-lab.com

Banana Dance Wiki CMS version b2.x suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
MD5 | 51706be8fe02f000f9bd442291e7ac2d
Facebook Mobile Parameter Tampering Bypass
Posted Jan 16, 2015
Authored by Paulos Yibelo | Site vulnerability-lab.com

Facebook Mobile allowed for a name change prior to the 60 day limit.

tags | exploit
MD5 | 64e45b0c24557d34f7883ce5c1f58964
CatBot 0.4.2 SQL Injection
Posted Jan 16, 2015
Authored by Paulos Yibelo | Site vulnerability-lab.com

CatBot version 0.4.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c44f43452d0864490da469af0fc8f07e
Facebook Insecure Direct Object Reference
Posted Dec 26, 2014
Authored by Paulos Yibelo | Site vulnerability-lab.com

Facebook suffered from an insecure direct object reference vulnerability.

tags | advisory
MD5 | 99f41cf9db9704a72722ef9ea6cb990d
Facebook Studio Cross Site Scripting
Posted Dec 19, 2014
Authored by Paulos Yibelo | Site vulnerability-lab.com

Facebook Studio suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e2ebb0cb42b3078b8186b914a1bbc5df
Morfy CMS 1.05 Remote Command Execution
Posted Dec 17, 2014
Authored by Paulos Yibelo | Site vulnerability-lab.com

Morfy CMS version 1.05 suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2014-9185
MD5 | 2441feea968e6bdb041ea838c07599f3
Monstra 3.0.1 Bruteforce Mitigation Bypass
Posted Nov 12, 2014
Authored by Paulos Yibelo

Monstra versions 3.0.1 and below keep a tally client side in a cookie to count login attempts, allowing an attacker to completely bypass their abuse functionality.

tags | exploit, bypass
advisories | CVE-2014-9006
MD5 | 51f5aa47c152b41dc76733f929955cb1
Monstra 3.0.1 HTTP Response Splitting
Posted Nov 10, 2014
Authored by Paulos Yibelo

Monstra versions 3.0.1 and below suffer from an HTTP response splitting vulnerability.

tags | exploit, web
MD5 | 6e988b6e78111a3ee34b120d3e7e1c82
Anchor CMS 0.9.2 Header Injection
Posted Nov 10, 2014
Authored by Paulos Yibelo

Anchor CMS versions 0.9.2 and below suffer from a header injection vulnerability.

tags | exploit
advisories | CVE-2014-9182
MD5 | 2d4a2d2524d91e8c13e1ff25457a33ce
ZXDSL 831CII Cross Site Request Forgery
Posted Nov 10, 2014
Authored by Paulos Yibelo

ZXDSL 831CII suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-9027
MD5 | 3f7a681ff157948392797de9eea553e2
ZTE ZXDSL 831 Cross Site Scripting
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE ZXDSL 831 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-9021, CVE-2014-9020
MD5 | 9ad305c0da6a5583fd4d4369ae2e4d5e
ZTE 831CII Hardcoded Credential / XSS / CSRF
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE 831CII suffers from cross site request forgery, hardcoded administrative credential, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-9020, CVE-2014-9019, CVE-2014-9183
MD5 | df8f43f4159d318dcf19e40ea73398e0
ZTE ZXDSL 831CII Insecure Direct Object Reference
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE ZXDSL 831CII suffers from an insecure direct object reference vulnerability that allows for authentication bypass.

tags | exploit
advisories | CVE-2014-9184
MD5 | 86a0b0892af7534612c8be4f2ce5105c
DVWA Cross Site Request Forgery
Posted Sep 15, 2014
Authored by Paulos Yibelo

Damn Vulnerable Web Application, which is meant to be a vulnerable web application for security testing, can be leveraged by attackers to compromise your system when in use. This is a good reminder to only use DVWA on an air-gapped network. This exploits demonstrates the ability to gain code execution on the system.

tags | exploit, web, code execution, csrf
MD5 | 0b363f1fdc45ecfbf33d0391bd239c05
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

May 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    17 Files
  • 3
    May 3rd
    30 Files
  • 4
    May 4th
    29 Files
  • 5
    May 5th
    2 Files
  • 6
    May 6th
    3 Files
  • 7
    May 7th
    13 Files
  • 8
    May 8th
    27 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    15 Files
  • 11
    May 11th
    8 Files
  • 12
    May 12th
    2 Files
  • 13
    May 13th
    8 Files
  • 14
    May 14th
    7 Files
  • 15
    May 15th
    43 Files
  • 16
    May 16th
    19 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    3 Files
  • 20
    May 20th
    6 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    3 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close