Twenty Year Anniversary
Showing 1 - 10 of 10 RSS Feed

Files from Bosko Stankovic

Email addressbosko at defensecode.com
First Active2017-04-13
Last Active2018-03-06
Magento Product Attributes Cross Site Scripting
Posted Mar 6, 2018
Authored by DefenseCode, Bosko Stankovic

Magento suffers from product attribute information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.

tags | exploit, vulnerability, xss
MD5 | d73101b6b0b0b0f02a6ec88ff295af50
Magento Downloadable Products Cross Site Scripting
Posted Mar 6, 2018
Authored by DefenseCode, Bosko Stankovic

Magento suffers from downloadable product information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.

tags | exploit, vulnerability, xss
MD5 | f77d1da16377bd36480710245f667fb2
Magento Backups Cross Site Request Forgery
Posted Mar 6, 2018
Authored by DefenseCode, Bosko Stankovic

Magento Backups suffer from a cross site request forgery vulnerability. Versions affected include Magento Open Source prior to 1.9.3.8, Magento Commerce prior to 1.14.3.8, Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.

tags | exploit, csrf
MD5 | 0adaddcd0d7b534ec114223d7660feb1
Magento User Info Cross Site Scripting
Posted Mar 6, 2018
Authored by DefenseCode, Bosko Stankovic

Magento suffers from user information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.

tags | exploit, vulnerability, xss
MD5 | 91c1b88ab3d81c67800e22cebc73902e
PureVPN 5.19.4.0 Privilege Escalation
Posted Feb 21, 2018
Authored by DefenseCode, Bosko Stankovic

PureVPN versions 5.19.4.0 and below suffer from a privilege escalation vulnerability.

tags | advisory
MD5 | bc09db910165ef220d5ab399ca475c2d
Magento Cross Site Requst Forgery / Cross Site Scripting
Posted Oct 5, 2017
Authored by DefenseCode, Bosko Stankovic

During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.

tags | exploit, vulnerability, xss, csrf
MD5 | b8e9abcbfbba8f6e6349871a393da400
Magento Cross Site Requst Forgery / Cross Site Scripting
Posted Oct 4, 2017
Authored by DefenseCode, Bosko Stankovic

During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. This is a second advisory from DefenseCode for the same software and vulnerabilities. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.

tags | exploit, vulnerability, xss, csrf
MD5 | 6fac5f12b988c5d618dd41e90f4d5591
IBM Informix 12.10 DB-Access Buffer Overflow
Posted Jul 12, 2017
Authored by Leon Juranic, DefenseCode, Bosko Stankovic

IBM Informix DB-Access utility is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. The vulnerability is triggered by providing an overly long file parameter value inside a LOAD statement, which is used to insert data from an operating-system file into an existing table or view. Version 12.10 is affected.

tags | exploit, overflow, arbitrary
MD5 | a6b494ac98eda0f50077d89e22e9c8cf
Stealing Windows Credentials Using Google Chrome
Posted May 18, 2017
Authored by Bosko Stankovic

This paper describes an attack which can lead to Windows credentials theft, affecting the default configuration of the most popular browser in the world today, Google Chrome, as well as all Windows versions supporting it.

tags | paper
systems | windows
MD5 | a16cf3db1d86c6bd43dd6a775f759374
Magento 2.1.6 Shell Upload / Cross Site Request Forgery
Posted Apr 13, 2017
Authored by DefenseCode, Bosko Stankovic

Magento versions 2.1.6 and below suffers from cross site request forgery and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, csrf
MD5 | 7eac7c985713b9e6f32be4da1b6565bb
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    16 Files
  • 17
    Aug 17th
    22 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close