the original cloud security
Showing 1 - 25 of 35 RSS Feed

Files from Han Sahin

Email addresshan.sahin at securify.nl
First Active2015-03-11
Last Active2017-04-30
HideMyAss Pro VPN Client 3.3.0.3 Privilege Escalation
Posted Apr 30, 2017
Authored by Han Sahin

HideMyAss Pro VPN client version 3.3.0.3 for OS X suffers from a helper binary (com.privax.hmaprovpn.helper) local privilege escalation vulnerability.

tags | exploit, local
systems | apple, osx
MD5 | dbab384b2c2cf9076d625633efca65ab
HideMyAss Pro VPN Client 2.2.7.0 Privilege Escalation
Posted Apr 29, 2017
Authored by Han Sahin

HideMyAss Pro VPN client version 2.2.7.0 for OS X suffers from a helper binary (HMAHelper) local privilege escalation vulnerability.

tags | exploit, local
systems | apple, osx
MD5 | 4e9c69f81809b928fa5fb9a01e6fd6c7
WordPress NewStatPress 1.2.4 Cross Site Scripting
Posted Mar 3, 2017
Authored by Han Sahin

WordPress NewStatPress plugin version 1.2.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f2fd38b71b380c6af9a9110449ad562f
osTicket 1.9.12 Cross Site Scripting
Posted Mar 1, 2017
Authored by Han Sahin

osTicket version 1.9.12 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | a11db04acf9963a5de4465717e9442ba
WordPress 4.5.3 Cross Site Scripting
Posted Sep 9, 2016
Authored by Han Sahin

WordPress version 4.5.3 suffers from a cross site scripting vulnerability when an uploaded image filename has a malicious payload inserted.

tags | exploit, xss
MD5 | 0161ac0b585bf93aafacc9cd06d0582a
WordPress WooCommerce 2.6.2 Cross Site Scripting
Posted Jul 21, 2016
Authored by Han Sahin

WordPress WooCommerce plugin version 2.6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 128f43aecf47badf4272571710225474
WordPress Ninja Forms 2.9.51 Cross Site Scripting
Posted Jul 19, 2016
Authored by Han Sahin

WordPress Ninja Forms plugin version 2.9.51 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 004445f8baf4060508c00de52f0c52e2
WordPress Activity Log 2.3.1 Persistent Cross Site Scripting
Posted Jul 11, 2016
Authored by Han Sahin

WordPress Activity Log plugin version 2.3.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 736e891187f3de875921d045817d118b
WordPress Live Chat Support 6.2.00 Cross Site Scripting
Posted Jul 11, 2016
Authored by Han Sahin

WordPress Live Chat Support plugin version 6.2.00 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9145a57994ede874ba32eef668b65779
Synology Download Station 3.5-2956 / 3.5-2962 Cross Site Scripting
Posted Sep 10, 2015
Authored by Securify B.V., Han Sahin

Synology Download Station versions 3.5-2956 and 3.5-2962 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
systems | linux
MD5 | a796d2461c7e924ed0d96630e9e71583
Synology Video Station 1.5-0757 Command Injection / SQL Injection
Posted Sep 10, 2015
Authored by Securify B.V., Han Sahin

Synology Video Station version 1.5-0757 suffers from remote command injection and SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 2d70ccd0c21c161323f8483a0c458393
EMC Secure Remote Services Virtual Edition Insecure Certificate Check
Posted Aug 18, 2015
Authored by Securify B.V., Han Sahin

It was discovered that the server certificate validation checks performed by EMC Secure Remote Services Virtual Edition are insecure. Weak certificate validation allows attackers to perform a man in the middle attack against ESRS connections. This allows for eavesdropping on, and spoofing of provisioned devices in ESRS VE (including but not limited to home calls to the ESRS portal esrs.emc.com). Versions 3.02, 3.03, and 3.04 are affected.

tags | advisory, remote, spoof
advisories | CVE-2015-0543
MD5 | 7422644d438f591155d98b9d637802f4
Citrix NITRO SDK Command Injection
Posted Mar 20, 2015
Authored by Han Sahin

A command injection vulnerability in Citrix NITRO SDK's xen_hotfix page was discovered. The attacker-supplied command is executed with elevated privileges (nsroot). This issue can be used to compromise of the entire Citrix SDX appliance along with all underlying applications and data.

tags | exploit
MD5 | b7c5905da53dbedf0252c0e0eaf31a32
Citrix NetScaler VPX Cross Site Scripting
Posted Mar 20, 2015
Authored by Han Sahin

It was discovered that the help pages of Citrix VPX are vulnerable to cross site scripting.

tags | exploit, xss
MD5 | 50c91a8bdcdd159b0b9034e8ccc241ed
Citrix NITRO SDK xen_hotfix Cross Site Scripting
Posted Mar 20, 2015
Authored by Han Sahin

A cross site scripting vulnerability was found in the xen_hotfix page of the Citrix NITRO SDK.

tags | exploit, xss
MD5 | 1579db71b1b93c28ae8678b57f16a887
Citrix Command Center Configuration Disclosure
Posted Mar 20, 2015
Authored by Han Sahin

It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.

tags | exploit, web
MD5 | 9874325f86bef49d1ece9fd0d75e93be
EMC Secure Remote Services Virtual Edition SQL Injection
Posted Mar 20, 2015
Authored by Han Sahin

An SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself.

tags | exploit, remote, arbitrary, sql injection
advisories | CVE-2015-0524
MD5 | 38ab9bd223d35a3ae4036a23e8101091
EMC Secure Remote Services Virtual Edition Command Injection
Posted Mar 20, 2015
Authored by Han Sahin

A command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE.

tags | exploit, remote, arbitrary
advisories | CVE-2015-0525
MD5 | 1ce9eb0a674b58ee302cff1521c315ad
EMC M&R (Watch4net) Device Discovery Path Traversal
Posted Mar 20, 2015
Authored by Han Sahin

A path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.

tags | exploit, file inclusion
advisories | CVE-2015-0516
MD5 | 8b88774ea14080fe5e9b90b7285e9723
EMC M&R (Watch4net) MIB Browser Path Traversal
Posted Mar 20, 2015
Authored by Han Sahin

A path traversal vulnerability was found in EMC M&R (Watch4net) MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.

tags | exploit, file inclusion
advisories | CVE-2015-0516
MD5 | 75c8cf8cad96cde32de2124ca6a7d13f
EMC M&R (Watch4net) Alerting Frontend XSS
Posted Mar 20, 2015
Authored by Han Sahin

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Alerting Frontend. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.

tags | exploit, arbitrary, xss
advisories | CVE-2015-0513
MD5 | b5a7bb3b7795ea4a02931e1a103d80d6
EMC M&R (Watch4net) Centralized Management Console XSS
Posted Mar 20, 2015
Authored by Han Sahin

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Centralized Management Console. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.

tags | exploit, arbitrary, xss
advisories | CVE-2015-0513
MD5 | 0905638d0042501994a70dc5a5008bea
EMC M&R (Watch4net) Web Portal Report Favorites XSS
Posted Mar 20, 2015
Authored by Han Sahin

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in.

tags | exploit, web, xss
advisories | CVE-2015-0513
MD5 | 3229a84d50ed04e1c73f2ab068557038
Citrx Command Center Advent JMX Servlet Accessible
Posted Mar 20, 2015
Authored by Han Sahin

It was discovered that the Advent JMX Servlet of Citrix Command Center is accessible to unauthenticated users. This issue can be abused by attackers to comprise the entire application. It also suffers from a cross site scripting vulnerability.

tags | exploit, xss, bypass
MD5 | 654ea83b4f8835317d17c06f0d8566f1
EMC M&R (Watch4net) Insecure Credential Storage
Posted Mar 19, 2015
Authored by Han Sahin

It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them.

tags | exploit, remote
advisories | CVE-2015-0514
MD5 | eba368f2ffa4a6d9413f27cae2d20a8f
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close