exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 49 RSS Feed

Files from Kacper Szurek

First Active2014-11-20
Last Active2018-07-17
HomeMatic Zentrale CCU2 Unauthenticated Remote Code Execution
Posted Jul 17, 2018
Authored by Kacper Szurek

HomeMatic Zentrale CCU2 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | b4f6a0c88899f62f3f28993af5b88a42122c638c13259600aa79b07025590e42
Manage Engine Exchange Reporter Plus Unauthenticated Remote Code Execution
Posted Jul 12, 2018
Authored by Kacper Szurek | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability that exists in Exchange Reporter Plus versions 5310 and below, caused by execution of bcp.exe file inside ADSHACluster servlet

tags | exploit, remote, code execution
SHA-256 | 3d8c5a206e655ffc1020ae9dc72f79a8470fd65b1714a8754570a275ba8cf2ad
GitList 0.6.0 Argument Injection
Posted Jul 7, 2018
Authored by Kacper Szurek, Shelby Pace | Site metasploit.com

This Metasploit module exploits an argument injection vulnerability in GitList version 0.6.0. The vulnerability arises from GitList improperly validating input using the php function 'escapeshellarg'.

tags | exploit, php
SHA-256 | 438a7961adff6a24e2b4c17fe41509049358ceda89125f0c70d6808fa38a4266
ManageEngine Exchange Reporter Plus 5310 Remote Code Execution
Posted Jul 3, 2018
Authored by Kacper Szurek

ManageEngine Exchange Reporter Plus versions 5310 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | aaf220225312288ebbab182773feec9a1d00a8bb7d1f6bbb88d336cecfe3291c
GitBucket 4.23.1 Remote Code Execution / Arbitrary File Read
Posted May 21, 2018
Authored by Kacper Szurek

GitBucket version 4.23.1 suffers from remote code execution and arbitrary file read vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution
SHA-256 | 6ffd9bc57428e103c842345d3420be4640d0f4e31753a4d916974caffdc9c31a
GitList 0.6 Remote Code Execution
Posted Apr 26, 2018
Authored by Kacper Szurek

GitList version 0.6 unauthenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 0dd6d31c236e339ea46cf2a96afd06f86a7c41ebbaa4e592b132cc48869c6f13
GitStack 2.3.10 Unsanitized Argument Remote Code Execution
Posted Mar 29, 2018
Authored by Kacper Szurek, Jacob Robles | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability that exists in GitStack versions through 2.3.10, caused by an unsanitized argument being passed to an exec function call. This Metasploit module has been tested on GitStack version 2.3.10.

tags | exploit, remote, code execution
advisories | CVE-2018-5955
SHA-256 | cab234e294c5341ce9967a663c67c38cbd0d00a9c7657d94c2711d9cf5ea275f
GitStack 2.3.10 Remote Code Execution
Posted Jan 18, 2018
Authored by Kacper Szurek

GitStack version 2.3.10 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | a91155d4a07456c807cade69e73f702f36305cb7310a3f143e16efc9df4976ca
Netgear ReadyNAS Surveillance 1.4.3-16 Remote Command Execution
Posted Oct 4, 2017
Authored by Kacper Szurek

Netgear ReadyNAS Surveillance version 1.4.3-16 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | b8d3a063ba3bd0344ed7822ba4e9550c9ff3a801bd5d1a0414ce83b2fc913254
Synology Photo Station 6.7.3-3432 / 6.3-2967 Remote Code Execution
Posted Aug 8, 2017
Authored by Kacper Szurek

Synology Photo Station versions 6.7.3-3432 and 6.3-2967 suffer from a code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2017-11151, CVE-2017-11152, CVE-2017-11153, CVE-2017-11154, CVE-2017-11155
SHA-256 | aee069f51577df77fc6d3c899ca3c89aa1f4c3de9f2251ed8ac15f6a9b582141
ManageEngine Desktop Central 10 Build 100087 Remote Code Execution
Posted Jul 24, 2017
Authored by Kacper Szurek

This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 10. When uploading a file, the FileUploadServlet class does not check the user-controlled fileName parameter. This allows a remote attacker to create a malicious file and place it under a directory that allows server-side scripts to run, which results in remote code execution under the context of SYSTEM. This exploit was successfully tested on version 10, build 100087.

tags | exploit, remote, code execution
SHA-256 | 890ea76a03a7ffc9458899b7ae1381272680a62d4a6c1693ff6dec23f6adde77
QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 Authentication Bypass
Posted May 11, 2017
Authored by Kacper Szurek

QNAP PhotoStation version 5.2.4 and MusicStation version 4.8.4 suffer from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | e4e12a638d7f717f67ffad95e2b0629cfc618118c243ffb76a043bd3e7b2a344
Dell Customer Connect 1.3.28.0 Privilege Escalation
Posted Apr 25, 2017
Authored by Kacper Szurek

Dell Customer Connect (DCCService.exe) version 1.3.28.0 suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 01adb10edf42c5c531eefc99d7226ee312a57ead81179ddea9469321e3875f5e
CyberGhost 6.0.4.2205 Privilege Escalation
Posted Mar 6, 2017
Authored by Kacper Szurek

CyberGhost version 6.0.4.2205 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 3d456168ce5d0ad622591b8fbcb579cf29a2e73fe676d5c92b32fcb45d530172
ShadeYouVPN.com Client For Windows 2.0.1.11 Privilege Escalation
Posted Feb 14, 2017
Authored by Kacper Szurek

ShadeYouVPN.com client for Windows version 2.0.1.11 suffers from a local privilege escalation vulnerability due to executing any file path sent through a socket without verification as the SYSTEM user.

tags | exploit, local
systems | windows
SHA-256 | 4a1d749997a869365fd98d3654f05cc09d6ad345727c1afd4cfe6d7ca72b2a50
IVPN 2.6.6120.33863 Privilege Escalation
Posted Feb 6, 2017
Authored by Kacper Szurek

IVPN client for Windows version 2.6.6120.33863 suffers from a privilege escalation vulnerability.

tags | exploit
systems | windows
SHA-256 | 185ca326d2cd94de8b1329af37794cc1820633da437111c56654fc5ab4c827e5
Viscosity For Windows 1.6.7 Privilege Escalation
Posted Jan 31, 2017
Authored by Kacper Szurek

Viscosity for Windows version 1.6.7 suffers from a privilege escalation vulnerability. It is possible to execute openvpn with a custom dll as SYSTEM using ViscosityService because the path is not correctly validated.

tags | exploit
systems | windows
SHA-256 | 1e165f6606a232bfd4cc34a34c68a7346cb59ed704cf1caf321ea02cee78ab3e
WD My Cloud Mirror 2.11.153 Remote Command Execution / Authentication Bypass
Posted Jan 25, 2017
Authored by Kacper Szurek

WD My Cloud Mirror version 2.11.153 suffers from remote command execution and authentication bypass vulnerabilities.

tags | exploit, remote, vulnerability, bypass
SHA-256 | b6e6e9435d35488c27f70634c1ba1c1a4fb0d74f1203dc7d4d19ef05043a7baf
SentryHD 02.01.12e Privilege Escalation
Posted Jan 18, 2017
Authored by Kacper Szurek

SentryHD version 02.01.12e suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | f64b81388f410459aa468ccb0864c1de86969cc8d0c7e9c102fc5f96b967e82c
WordPress WP Support Plus Responsive Ticket System 7.1.3 Privilege Escalation
Posted Jan 10, 2017
Authored by Kacper Szurek

WordPress WP Support Plus Responsive Ticket System plugin version 7.1.3 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | e1a6d29a3a7d1a6dc4415808a242a113b2856f60bb4ffc8561fc238e458bd0fb
AbanteCart 1.2.7 Cross Site Scripting
Posted Dec 6, 2016
Authored by Kacper Szurek

AbanteCart version 1.2.7 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | cd2c80f0f2e023291ed5e53db6d2e1c91a7f1528bc8a646f1cb9183d97851883
WinPower 4.9.0.4 Privilege Escalation
Posted Nov 29, 2016
Authored by Kacper Szurek

WinPower version 4.9.0.4 suffers from a privilege escalation vulnerability. Proof of concept code included.

tags | exploit, proof of concept
SHA-256 | ec522491360ef2eea63aba812282511dbf4434f0517e72db396d11d570822b22
e107 CMS 2.1.2 Privilege Escalation
Posted Nov 9, 2016
Authored by Kacper Szurek

e107 CMS version 2.1.2 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 73baba47c53c160ce7de24af40be1871e0c32ae23b42c9e50a5f1ec9f610bac5
Dolphin 7.3.0 SQL Injection
Posted Sep 20, 2016
Authored by Kacper Szurek

Dolphin version 7.3.0 suffers from an error-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3f7601ff61e6c2a8e66c765afa277832197db4eb3fe1136bd295b5ff8d0e6de3
Tiki Wiki CMS 15.0 Arbitrary File Download
Posted Jul 11, 2016
Authored by Kacper Szurek

Tiki Wiki CMS version 15.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | 3b5608b99ef2780f0968f1088b711658cbefed9cd86aea883493a210051eea05
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close