Exploit the possiblities
Showing 1 - 20 of 20 RSS Feed

Files from Paulos Yibelo

Email addressprivate
First Active2014-09-15
Last Active2017-10-12
View User Profile
PHP Melody 2.7.3 Cross Site Scripting / SQL Injection
Posted Oct 12, 2017
Authored by Paulos Yibelo

PHP Melody version 2.7.3 suffers from cross site scripting and SQL injection vulnerabilities.

tags | exploit, php, vulnerability, xss, sql injection
MD5 | 8d8544bc3a6ba55df5cbb4bfaefe5794
eFront 3.6.15 Code Execution
Posted Nov 5, 2016
Authored by Paulos Yibelo

eFront version 3.6.15 suffers from a code execution vulnerability.

tags | exploit, code execution
MD5 | 4609e1f6d7bf83a1c09fd995c41a1699
PHPSYSINFO 3.1.12 Local File Disclosure
Posted Feb 2, 2016
Authored by Paulos Yibelo

PHPSYSINFO versions 3.1.12 and below suffer from a local file disclosure vulnerability.

tags | exploit, local, file inclusion
MD5 | 470325a61146946ffd3e04b6c1374a14
Magento eCommerce Vulnerable Adobe Flex SDK
Posted Apr 10, 2015
Authored by Paulos Yibelo

Magento eCommerce versions 1.9.0 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking.

tags | advisory
advisories | CVE-2011-2461
MD5 | c08c1fb9f976b19b4163ffe2bf98a199
AfterLogic WebMail Lite Authentication Bypass
Posted Mar 27, 2015
Authored by Paulos Yibelo

AfterLogic WebMail Lite allows for an unauthenticated user to set an administrative password.

tags | exploit, bypass
MD5 | 4d87f913808ad9ff44266e63485355e5
Program-O 2.4.6 XSS / LFI / HTTP Response Splitting
Posted Jan 23, 2015
Authored by Paulos Yibelo | Site vulnerability-lab.com

Program-O version 2.4.6 suffers from http response splitting, cross site scripting, and local file inclusion vulnerabilities.

tags | exploit, web, local, vulnerability, xss, file inclusion
MD5 | c030a1bc76d8a0c8d9edebeee19311ef
Banana Dance Wiki CMS b2.x LFI / SQL Injection
Posted Jan 19, 2015
Authored by Paulos Yibelo | Site vulnerability-lab.com

Banana Dance Wiki CMS version b2.x suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
MD5 | 51706be8fe02f000f9bd442291e7ac2d
Facebook Mobile Parameter Tampering Bypass
Posted Jan 16, 2015
Authored by Paulos Yibelo | Site vulnerability-lab.com

Facebook Mobile allowed for a name change prior to the 60 day limit.

tags | exploit
MD5 | 64e45b0c24557d34f7883ce5c1f58964
CatBot 0.4.2 SQL Injection
Posted Jan 16, 2015
Authored by Paulos Yibelo | Site vulnerability-lab.com

CatBot version 0.4.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c44f43452d0864490da469af0fc8f07e
Facebook Insecure Direct Object Reference
Posted Dec 26, 2014
Authored by Paulos Yibelo | Site vulnerability-lab.com

Facebook suffered from an insecure direct object reference vulnerability.

tags | advisory
MD5 | 99f41cf9db9704a72722ef9ea6cb990d
Facebook Studio Cross Site Scripting
Posted Dec 19, 2014
Authored by Paulos Yibelo | Site vulnerability-lab.com

Facebook Studio suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e2ebb0cb42b3078b8186b914a1bbc5df
Morfy CMS 1.05 Remote Command Execution
Posted Dec 17, 2014
Authored by Paulos Yibelo | Site vulnerability-lab.com

Morfy CMS version 1.05 suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2014-9185
MD5 | 2441feea968e6bdb041ea838c07599f3
Monstra 3.0.1 Bruteforce Mitigation Bypass
Posted Nov 12, 2014
Authored by Paulos Yibelo

Monstra versions 3.0.1 and below keep a tally client side in a cookie to count login attempts, allowing an attacker to completely bypass their abuse functionality.

tags | exploit, bypass
advisories | CVE-2014-9006
MD5 | 51f5aa47c152b41dc76733f929955cb1
Monstra 3.0.1 HTTP Response Splitting
Posted Nov 10, 2014
Authored by Paulos Yibelo

Monstra versions 3.0.1 and below suffer from an HTTP response splitting vulnerability.

tags | exploit, web
MD5 | 6e988b6e78111a3ee34b120d3e7e1c82
Anchor CMS 0.9.2 Header Injection
Posted Nov 10, 2014
Authored by Paulos Yibelo

Anchor CMS versions 0.9.2 and below suffer from a header injection vulnerability.

tags | exploit
advisories | CVE-2014-9182
MD5 | 2d4a2d2524d91e8c13e1ff25457a33ce
ZXDSL 831CII Cross Site Request Forgery
Posted Nov 10, 2014
Authored by Paulos Yibelo

ZXDSL 831CII suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-9027
MD5 | 3f7a681ff157948392797de9eea553e2
ZTE ZXDSL 831 Cross Site Scripting
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE ZXDSL 831 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-9021, CVE-2014-9020
MD5 | 9ad305c0da6a5583fd4d4369ae2e4d5e
ZTE 831CII Hardcoded Credential / XSS / CSRF
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE 831CII suffers from cross site request forgery, hardcoded administrative credential, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-9020, CVE-2014-9019, CVE-2014-9183
MD5 | df8f43f4159d318dcf19e40ea73398e0
ZTE ZXDSL 831CII Insecure Direct Object Reference
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE ZXDSL 831CII suffers from an insecure direct object reference vulnerability that allows for authentication bypass.

tags | exploit
advisories | CVE-2014-9184
MD5 | 86a0b0892af7534612c8be4f2ce5105c
DVWA Cross Site Request Forgery
Posted Sep 15, 2014
Authored by Paulos Yibelo

Damn Vulnerable Web Application, which is meant to be a vulnerable web application for security testing, can be leveraged by attackers to compromise your system when in use. This is a good reminder to only use DVWA on an air-gapped network. This exploits demonstrates the ability to gain code execution on the system.

tags | exploit, web, code execution, csrf
MD5 | 0b363f1fdc45ecfbf33d0391bd239c05
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    7 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close