exploit the possibilities
Showing 1 - 7 of 7 RSS Feed

Files from Leandro Barragan

First Active2017-05-24
Last Active2018-06-26
Quest KACE Systems Management Command Injection
Posted Jun 26, 2018
Authored by Brendan Coles, Leandro Barragan, Guido Leo | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Quest KACE Systems Management Appliance version 8.0.318 (and possibly prior). The download_agent_installer.php file allows unauthenticated users to execute arbitrary commands as the web server user www. A valid Organization ID is required. The default value is 1. A valid Windows agent version number must also be provided. If file sharing is enabled, the agent versions are available within the \\kace.local\client\agent_provisioning\windows_platform Samba share. Additionally, various agent versions are listed on the KACE website. This Metasploit module has been tested successfully on Quest KACE Systems Management Appliance K1000 version 8.0 (Build 8.0.318).

tags | exploit, web, arbitrary, local, php
systems | windows
advisories | CVE-2018-11138
MD5 | 48ba6b06f4b01737a61a9c63d90ba594
Quest KACE System Management Appliance 8.0 (Build 8.0.318) XSS / Traversal / Code Execution / SQL Injection
Posted May 31, 2018
Authored by Core Security Technologies, Leandro Barragan, Guido Leo | Site coresecurity.com

Quest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection
advisories | CVE-2018-11132, CVE-2018-11133, CVE-2018-11134, CVE-2018-11135, CVE-2018-11136, CVE-2018-11137, CVE-2018-11138, CVE-2018-11139, CVE-2018-11140, CVE-2018-11141, CVE-2018-11142
MD5 | 40e0fc0c417670b30bccdf9097a9a547
Trend Micro Email Encryption Gateway XSS / Code Execution
Posted Feb 21, 2018
Authored by Core Security Technologies, Maximiliano Vidal, Leandro Barragan | Site coresecurity.com

Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2018-6219, CVE-2018-6220, CVE-2018-6221, CVE-2018-6222, CVE-2018-6223, CVE-2018-6224, CVE-2018-6225, CVE-2018-6226, CVE-2018-6227, CVE-2018-6228, CVE-2018-6229, CVE-2018-6230
MD5 | 223e4ef70d15bf9047b6fde86990def0
Kaspersky Secure Mail Gateway 1.1.0.379 CSRF / Code Execution
Posted Feb 6, 2018
Authored by Core Security Technologies, Leandro Barragan | Site coresecurity.com

Kaspersky Secure Mail Gateway version 1.1.0.379 suffers from code execution and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, code execution, csrf
MD5 | 04398c48a2c352c40a07dcb4a1897e4f
Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure
Posted Dec 22, 2017
Authored by Core Security Technologies, Maximiliano Vidal, Leandro Barragan | Site coresecurity.com

Trend Micro Smart Protection Server version 3.2 suffers from access control bypass, cross site scripting, information disclosure, and various other vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
advisories | CVE-2017-11398, CVE-2017-14094, CVE-2017-14095, CVE-2017-14096, CVE-2017-14097
MD5 | 0e10fe92b1e5418787878b2ed8d69361
Kaspersky Anti-Virus File Server 8.0.3.297 XSS / CSRF / Code Execution
Posted Jun 29, 2017
Authored by Core Security Technologies, Maximiliano Vidal, Leandro Barragan | Site coresecurity.com

Kaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path traversal vulnerabilities.

tags | exploit, remote, vulnerability, code execution, virus, xss, info disclosure, csrf
systems | linux
advisories | CVE-2017-9810, CVE-2017-9811, CVE-2017-9812, CVE-2017-9813
MD5 | 834309bd7c681fce682800c2b27a31c0
Trend Micro ServerProtect Disclosure / CSRF / XSS
Posted May 24, 2017
Authored by Alberto Solino, Core Security Technologies, Maximiliano Vidal, Leandro Barragan | Site coresecurity.com

Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
advisories | CVE-2017-9032, CVE-2017-9033, CVE-2017-9034, CVE-2017-9035, CVE-2017-9036, CVE-2017-9037
MD5 | 351e7980ee3be97f07ceb95ec237ce90
Page 1 of 1
Back1Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    2 Files
  • 18
    Feb 18th
    27 Files
  • 19
    Feb 19th
    32 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close