exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files from Paulos Yibelo

Email addressprivate
First Active2014-09-15
Last Active2017-10-12
View User Profile
PHP Melody 2.7.3 Cross Site Scripting / SQL Injection
Posted Oct 12, 2017
Authored by Paulos Yibelo

PHP Melody version 2.7.3 suffers from cross site scripting and SQL injection vulnerabilities.

tags | exploit, php, vulnerability, xss, sql injection
SHA-256 | 5614049b822636ce667292c3cab2231cc4225e1397f912386bf5a79eb8d44faa
eFront 3.6.15 Code Execution
Posted Nov 5, 2016
Authored by Paulos Yibelo

eFront version 3.6.15 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | c6e64f257f167f7852a80672b6b5fc8b3f905cade9a0fe5ef321c1c60367e8ba
PHPSYSINFO 3.1.12 Local File Disclosure
Posted Feb 2, 2016
Authored by Paulos Yibelo

PHPSYSINFO versions 3.1.12 and below suffer from a local file disclosure vulnerability.

tags | exploit, local, file inclusion
SHA-256 | b91e2c3deff78812557e1059259cdd4c9d9b19aee77d73d5577ab98c615f3ab5
Magento eCommerce Vulnerable Adobe Flex SDK
Posted Apr 10, 2015
Authored by Paulos Yibelo

Magento eCommerce versions 1.9.0 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking.

tags | advisory
advisories | CVE-2011-2461
SHA-256 | 2abdab09c60b62e14aaa6b4c47c3f0c149c4561cf4f13a7a1514da1b9474cc0a
AfterLogic WebMail Lite Authentication Bypass
Posted Mar 27, 2015
Authored by Paulos Yibelo

AfterLogic WebMail Lite allows for an unauthenticated user to set an administrative password.

tags | exploit, bypass
SHA-256 | bf60678dc4156a2c4163e6ba2c9b3dc300a0635313915e2001465b0a83a9262a
Program-O 2.4.6 XSS / LFI / HTTP Response Splitting
Posted Jan 23, 2015
Authored by Paulos Yibelo, Vulnerability Laboratory | Site vulnerability-lab.com

Program-O version 2.4.6 suffers from http response splitting, cross site scripting, and local file inclusion vulnerabilities.

tags | exploit, web, local, vulnerability, xss, file inclusion
SHA-256 | 76658244af3e987274e86b16084fa6ffaf0d26aebcfead558ea9f4ca01983a80
Banana Dance Wiki CMS b2.x LFI / SQL Injection
Posted Jan 19, 2015
Authored by Paulos Yibelo, Vulnerability Laboratory | Site vulnerability-lab.com

Banana Dance Wiki CMS version b2.x suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | 5aea54712b3fcfc9bb62181feb0c7c2c80bfa25156dc0a43ef48f5ca566ca84a
Facebook Mobile Parameter Tampering Bypass
Posted Jan 16, 2015
Authored by Paulos Yibelo, Vulnerability Laboratory | Site vulnerability-lab.com

Facebook Mobile allowed for a name change prior to the 60 day limit.

tags | exploit
SHA-256 | e9022186bc9182406a9f7e6e9807d1d8c75ccb9ffbc563e752cb736aac563f8b
CatBot 0.4.2 SQL Injection
Posted Jan 16, 2015
Authored by Paulos Yibelo, Vulnerability Laboratory | Site vulnerability-lab.com

CatBot version 0.4.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8ca8d8041febb4bd7e87451a3b49b4a0db8053b94320613163e2349fd83ba080
Facebook Insecure Direct Object Reference
Posted Dec 26, 2014
Authored by Paulos Yibelo, Vulnerability Laboratory | Site vulnerability-lab.com

Facebook suffered from an insecure direct object reference vulnerability.

tags | advisory
SHA-256 | 331056674239d4a2b8597c783a977751033ec9efe723bf4173cf02c9fb7e6878
Facebook Studio Cross Site Scripting
Posted Dec 19, 2014
Authored by Paulos Yibelo, Vulnerability Laboratory | Site vulnerability-lab.com

Facebook Studio suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6c44cbb682aafd6daec44b1de42940894bcdb8d43089d73242d17f4e0333676d
Morfy CMS 1.05 Remote Command Execution
Posted Dec 17, 2014
Authored by Paulos Yibelo, Vulnerability Laboratory | Site vulnerability-lab.com

Morfy CMS version 1.05 suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2014-9185
SHA-256 | 58989d19395dfd9366042fa905b02009b55fe443fc5713b823583113c2af8e3a
Monstra 3.0.1 Bruteforce Mitigation Bypass
Posted Nov 12, 2014
Authored by Paulos Yibelo

Monstra versions 3.0.1 and below keep a tally client side in a cookie to count login attempts, allowing an attacker to completely bypass their abuse functionality.

tags | exploit, bypass
advisories | CVE-2014-9006
SHA-256 | e559a6fc29b5452cf0090e6cc326b4afa0c52ebd83000579ad0a03b5b75fae8a
Monstra 3.0.1 HTTP Response Splitting
Posted Nov 10, 2014
Authored by Paulos Yibelo

Monstra versions 3.0.1 and below suffer from an HTTP response splitting vulnerability.

tags | exploit, web
SHA-256 | 333a7cbaeed3cb481b4ccd4a7866dfecf3b66efe774dfea04879157048aaa69e
Anchor CMS 0.9.2 Header Injection
Posted Nov 10, 2014
Authored by Paulos Yibelo

Anchor CMS versions 0.9.2 and below suffer from a header injection vulnerability.

tags | exploit
advisories | CVE-2014-9182
SHA-256 | d1627d2ea7402acbd8c551b616bb1440bb991963b32d178d425ebbb7de626061
ZXDSL 831CII Cross Site Request Forgery
Posted Nov 10, 2014
Authored by Paulos Yibelo

ZXDSL 831CII suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-9027
SHA-256 | 843e8f18a1aecb19a3193b0c21a2f4b43254e1c19a3543a86ca96e33f9b2994a
ZTE ZXDSL 831 Cross Site Scripting
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE ZXDSL 831 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-9021, CVE-2014-9020
SHA-256 | fea9ea0557fdb4cf4949d6b661ca6949f9f891e48e62dfa0a42fcc32b6ace91e
ZTE 831CII Hardcoded Credential / XSS / CSRF
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE 831CII suffers from cross site request forgery, hardcoded administrative credential, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-9020, CVE-2014-9019, CVE-2014-9183
SHA-256 | 71cb47b2c17ef7f0dfffab54cfb391823034e3c990567867983eacd51e01d6ca
ZTE ZXDSL 831CII Insecure Direct Object Reference
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE ZXDSL 831CII suffers from an insecure direct object reference vulnerability that allows for authentication bypass.

tags | exploit
advisories | CVE-2014-9184
SHA-256 | 1f03cc0b111dd69b400b5bc45c9417e5af28680d6acb649fecfb52fffe14bd19
DVWA Cross Site Request Forgery
Posted Sep 15, 2014
Authored by Paulos Yibelo

Damn Vulnerable Web Application, which is meant to be a vulnerable web application for security testing, can be leveraged by attackers to compromise your system when in use. This is a good reminder to only use DVWA on an air-gapped network. This exploits demonstrates the ability to gain code execution on the system.

tags | exploit, web, code execution, csrf
SHA-256 | 75399c599af8214d734313a75983c0648c16b80932511c55319919111ea07883
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close