exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 35 RSS Feed

Files from Han Sahin

Email addresshan.sahin at securify.nl
First Active2015-03-11
Last Active2017-04-30
HideMyAss Pro VPN Client 3.3.0.3 Privilege Escalation
Posted Apr 30, 2017
Authored by Han Sahin

HideMyAss Pro VPN client version 3.3.0.3 for OS X suffers from a helper binary (com.privax.hmaprovpn.helper) local privilege escalation vulnerability.

tags | exploit, local
systems | apple, osx
SHA-256 | 37f5fa5c2d88399f63a027e0edcd1f34ea06dd428dfe8989bd994c0a70a3511e
HideMyAss Pro VPN Client 2.2.7.0 Privilege Escalation
Posted Apr 29, 2017
Authored by Han Sahin

HideMyAss Pro VPN client version 2.2.7.0 for OS X suffers from a helper binary (HMAHelper) local privilege escalation vulnerability.

tags | exploit, local
systems | apple, osx
SHA-256 | afad6aec8c41a7fdc2956fc606d1e979cc75e625296147faf54c0cf49979be05
WordPress NewStatPress 1.2.4 Cross Site Scripting
Posted Mar 3, 2017
Authored by Han Sahin

WordPress NewStatPress plugin version 1.2.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7c108faa4ca8dddf9f064f7783bf3ebce50dfd2ce2aaceaacb9bc81f23b9d71c
osTicket 1.9.12 Cross Site Scripting
Posted Mar 1, 2017
Authored by Han Sahin

osTicket version 1.9.12 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c97da578520b0fab8d0625cbd24015f598369f9b2be34ed0c37ea35a53f87da2
WordPress 4.5.3 Cross Site Scripting
Posted Sep 9, 2016
Authored by Han Sahin

WordPress version 4.5.3 suffers from a cross site scripting vulnerability when an uploaded image filename has a malicious payload inserted.

tags | exploit, xss
SHA-256 | 6c769e43df4a37ca6174acc074f7d745829325d0add7f2fe561108492c4e03bf
WordPress WooCommerce 2.6.2 Cross Site Scripting
Posted Jul 21, 2016
Authored by Han Sahin

WordPress WooCommerce plugin version 2.6.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a5f0af318f11ee0e790f9fb5900db8a34e7b925b850843f7eeed1f9c5e73b2f8
WordPress Ninja Forms 2.9.51 Cross Site Scripting
Posted Jul 19, 2016
Authored by Han Sahin

WordPress Ninja Forms plugin version 2.9.51 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 7736356de45c70b551bfad1e9d2f465f4af57ee30034f6cbddf58e14110df94c
WordPress Activity Log 2.3.1 Persistent Cross Site Scripting
Posted Jul 11, 2016
Authored by Han Sahin

WordPress Activity Log plugin version 2.3.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 44d3c110001dcf64ab0c4de151258da4979819c57f20768b01dda988930324b4
WordPress Live Chat Support 6.2.00 Cross Site Scripting
Posted Jul 11, 2016
Authored by Han Sahin

WordPress Live Chat Support plugin version 6.2.00 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 203bd383c9f3fed80a99fa6ad0b0ad8f03bcf156222eb506d8f5e0754976fc74
Synology Download Station 3.5-2956 / 3.5-2962 Cross Site Scripting
Posted Sep 10, 2015
Authored by Securify B.V., Han Sahin

Synology Download Station versions 3.5-2956 and 3.5-2962 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
systems | linux
SHA-256 | c2bfa3b4753d3bfb8fc02e1ef6ea305c761e7d81544de79d1fd8cda1c49d9791
Synology Video Station 1.5-0757 Command Injection / SQL Injection
Posted Sep 10, 2015
Authored by Securify B.V., Han Sahin

Synology Video Station version 1.5-0757 suffers from remote command injection and SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | ac383a126c2810f16ff4b122239d9b71076731a6600a7af65e183e0544582edc
EMC Secure Remote Services Virtual Edition Insecure Certificate Check
Posted Aug 18, 2015
Authored by Securify B.V., Han Sahin

It was discovered that the server certificate validation checks performed by EMC Secure Remote Services Virtual Edition are insecure. Weak certificate validation allows attackers to perform a man in the middle attack against ESRS connections. This allows for eavesdropping on, and spoofing of provisioned devices in ESRS VE (including but not limited to home calls to the ESRS portal esrs.emc.com). Versions 3.02, 3.03, and 3.04 are affected.

tags | advisory, remote, spoof
advisories | CVE-2015-0543
SHA-256 | 895ec0911f275467cdc882bab4fd519470eb66160a1c9ff1d02204173cd0bc37
Citrix NITRO SDK Command Injection
Posted Mar 20, 2015
Authored by Han Sahin

A command injection vulnerability in Citrix NITRO SDK's xen_hotfix page was discovered. The attacker-supplied command is executed with elevated privileges (nsroot). This issue can be used to compromise of the entire Citrix SDX appliance along with all underlying applications and data.

tags | exploit
SHA-256 | 8363fa8786b4f33fcb611c65253aae741117e855eaa1f0692b41e980dc0efd9e
Citrix NetScaler VPX Cross Site Scripting
Posted Mar 20, 2015
Authored by Han Sahin

It was discovered that the help pages of Citrix VPX are vulnerable to cross site scripting.

tags | exploit, xss
SHA-256 | d441a8929d46f3b81888279baadee2699e3507b40eda951a86945b935b33baac
Citrix NITRO SDK xen_hotfix Cross Site Scripting
Posted Mar 20, 2015
Authored by Han Sahin

A cross site scripting vulnerability was found in the xen_hotfix page of the Citrix NITRO SDK.

tags | exploit, xss
SHA-256 | 33744821fe7b647214982e21e9c2f3008a42466359ddb11e760b84a946ef3f56
Citrix Command Center Configuration Disclosure
Posted Mar 20, 2015
Authored by Han Sahin

It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.

tags | exploit, web
SHA-256 | 85d89d3569e65de31b41ef51ec733b7638c8cddd02e54405362cc915a3cf0ba9
EMC Secure Remote Services Virtual Edition SQL Injection
Posted Mar 20, 2015
Authored by Han Sahin

An SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself.

tags | exploit, remote, arbitrary, sql injection
advisories | CVE-2015-0524
SHA-256 | bb6357690b58aa6a4b191b7aa985885a9140da18129605a49ab28a5d5f94739f
EMC Secure Remote Services Virtual Edition Command Injection
Posted Mar 20, 2015
Authored by Han Sahin

A command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE.

tags | exploit, remote, arbitrary
advisories | CVE-2015-0525
SHA-256 | 25bdb20a5f5b3d42c931790e6cd29e66b72b1f64447adff01728369675f2c580
EMC M&R (Watch4net) Device Discovery Path Traversal
Posted Mar 20, 2015
Authored by Han Sahin

A path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.

tags | exploit, file inclusion
advisories | CVE-2015-0516
SHA-256 | 25a0b7a9df5cc011236dd7a3b788dfc90ab7e490e99ee01ab27b7e427abbf1f4
EMC M&R (Watch4net) MIB Browser Path Traversal
Posted Mar 20, 2015
Authored by Han Sahin

A path traversal vulnerability was found in EMC M&R (Watch4net) MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.

tags | exploit, file inclusion
advisories | CVE-2015-0516
SHA-256 | 7668d0639a82fb6e91ad48888c3d7bd515ca0ed072a654718c3c05f3099551fc
EMC M&R (Watch4net) Alerting Frontend XSS
Posted Mar 20, 2015
Authored by Han Sahin

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Alerting Frontend. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.

tags | exploit, arbitrary, xss
advisories | CVE-2015-0513
SHA-256 | 0b2a8f256d6e1bbff59fe9299dff71fea85a0647f548112aeca2df8c229f8efc
EMC M&R (Watch4net) Centralized Management Console XSS
Posted Mar 20, 2015
Authored by Han Sahin

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Centralized Management Console. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.

tags | exploit, arbitrary, xss
advisories | CVE-2015-0513
SHA-256 | e753a3139ef1cd1757ba424112936d43b543c6cc2b2a4b844aa489ad404f66c3
EMC M&R (Watch4net) Web Portal Report Favorites XSS
Posted Mar 20, 2015
Authored by Han Sahin

A cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in.

tags | exploit, web, xss
advisories | CVE-2015-0513
SHA-256 | 141134491cadd7c74cea4c79f049a63533385f6a32812f238cead4440d47eda3
Citrx Command Center Advent JMX Servlet Accessible
Posted Mar 20, 2015
Authored by Han Sahin

It was discovered that the Advent JMX Servlet of Citrix Command Center is accessible to unauthenticated users. This issue can be abused by attackers to comprise the entire application. It also suffers from a cross site scripting vulnerability.

tags | exploit, xss, bypass
SHA-256 | 65939691ebbc97cc1c48cec0c147e8482d72899a48cea80d719973492c299369
EMC M&R (Watch4net) Insecure Credential Storage
Posted Mar 19, 2015
Authored by Han Sahin

It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them.

tags | exploit, remote
advisories | CVE-2015-0514
SHA-256 | b874a1afbc5b38698999dfd742cae4cdd0e36be6fccb7cf1fd8d2189a3baeebc
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close