exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 37 RSS Feed

Files from Dhiraj Mishra

Email addressmishra.dhiraj95 at gmail.com
First Active2017-09-02
Last Active2022-03-03
Polkit pkexec Local Privilege Escalation
Posted Mar 3, 2022
Authored by Qualys Security Advisory, Dhiraj Mishra, bwatters-r7, Andris Raugulis | Site metasploit.com

This is a Metasploit module for the argument processing bug in the polkit pkexec binary. If the binary is provided with no arguments, it will continue to process environment variables as argument variables, but without any security checking. By using the execve call we can specify a null argument list and populate the proper environment variables. This exploit is architecture independent.

tags | exploit
advisories | CVE-2021-4034
SHA-256 | 45168e34096e858ea0c2f1c2c12695c4121ec633a36c09aef6de9a8d95de3371
Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution
Posted Oct 25, 2021
Authored by Dhiraj Mishra, Ramella Sebastien, Ash Daulton | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013).

tags | exploit, remote, arbitrary, cgi, root, code execution
advisories | CVE-2021-41773, CVE-2021-42013
SHA-256 | a75779abdd3a9f2a319a34c0efbba4f95b420f39624081c3a13752641b7c8d6d
Zen Load Balancer 3.10.1 Directory Traversal
Posted Apr 23, 2020
Authored by Dhiraj Mishra, Basim Alabdullah | Site metasploit.com

This Metasploit module exploits an authenticated directory traversal vulnerability in Zen Load Balancer version 3.10.1. The flaw exists in index.cgi not properly handling the filelog= parameter which allows a malicious actor to load arbitrary file path.

tags | exploit, arbitrary, cgi, file inclusion
SHA-256 | 235cfaea63888533e4913051ad738896e2564cdbfb458391c3f2c2d2c0432e38
VLC For iOS Insecure Direct Object Reference
Posted Mar 27, 2020
Authored by Dhiraj Mishra

VLC for iOS was vulnerable to an unauthenticated insecure direct object reference vulnerability allowing for an attacker to compromise media. This issue was patched in the March, 2020 release.

tags | advisory
systems | ios
SHA-256 | 659914d9efc7ff4458622d27c5cf28ce29be80b5ebb58157129b4c7297c0d139
Wing FTP Server 6.2.3 Cross Site Request Forgery
Posted Mar 11, 2020
Authored by Dhiraj Mishra

Wing FTP Server version 2.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 124fca20874002626f2d8946acbd25924520c3250f40f9e33e051e1f1bc5a1bf
Fuzzing VIM
Posted Mar 5, 2020
Authored by Dhiraj Mishra

This is a brief whitepaper that discusses fuzzing the VIM editor.

tags | paper
SHA-256 | b961ee5f08adf14aeb3683b15f97a4a747d4d428142b2f7ac487d4c97fc8d786
VIM 8.2 Denial Of Service
Posted Feb 6, 2020
Authored by Dhiraj Mishra

VIM version 8.2 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | a3c8101320cac1a692fc67929911f629814fff48f2fc8ab1066f6343826be239
Citrix ADC / Gateway Path Traversal
Posted Jan 16, 2020
Authored by Dhiraj Mishra

This is an nmap nse script to test for the path traversal vulnerability in Citrix Application Delivery Controller (ADC) and Gateway.

tags | exploit, file inclusion
advisories | CVE-2019-19781
SHA-256 | 078997b326852f40549231510ea278d6e98e39608b88703f2a45f6a9734b1d28
VIM 8.1.2135 Use-After-Free
Posted Oct 17, 2019
Authored by Dhiraj Mishra

VIM version 8.1.2135 suffers from a heap use-after-free vulnerability using freed memory with autocmd.

tags | exploit
SHA-256 | 4c96c1b707150c62f170d081c709f5113fd68839f8775298501fd594a3ebb4d2
libyal libfwsi Buffer Overread
Posted Oct 8, 2019
Authored by Dhiraj Mishra

In libyal libfwsi versions prior to 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported.

tags | advisory
advisories | CVE-2019-17263
SHA-256 | 46e852d4c7c1971b5e6984b6483409bbb11e258031a5a6fb7803147f5c7a344d
Xpdf 4.02 NULL Pointer Dereference
Posted Oct 2, 2019
Authored by Dhiraj Mishra

Xpdf version 4.02 suffers from a null pointer dereference vulnerability.

tags | advisory
advisories | CVE-2019-17064
SHA-256 | 714323324124447a3720e4acecefa4a5621bc11ef45ca9e104d7bc6b946bbddd
Supra Smart Cloud TV Remote File Inclusion
Posted Jun 6, 2019
Authored by Dhiraj Mishra

Supra Smart Cloud TV suffers from an openLiveURL() remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
advisories | CVE-2019-12477
SHA-256 | 36d9b0b5cd1b087e4e8ad3e10950200b370a681e06ac888c6f0a7087cf752c68
Typora 0.9.9.24.6 Directory Traversal
Posted May 27, 2019
Authored by Dhiraj Mishra

Typora version 0.9.9.24.6 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2019-12137
SHA-256 | d701e0872d46eff9fc856c8428a213430d7d1c726d700916ecbb1772e5e4f60e
Spring Cloud Config 2.1.x Path Traversal
Posted Apr 30, 2019
Authored by Dhiraj Mishra | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability which exists in Spring Cloud Config versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6. Spring Cloud Config listens by default on port 8888.

tags | exploit, file inclusion
advisories | CVE-2019-3799
SHA-256 | 39f19c1a165c51512a1ca99f92c17456b0d2f8470dbf6c008d92f912f1f1c01c
Apache Pluto 3.0.0 / 3.0.1 Cross Site Scripting
Posted Apr 26, 2019
Authored by Dhiraj Mishra

Apache Pluto versions 3.0.0 and 3.0.1 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-0186
SHA-256 | bc0a3e0163f2496ba695cd031c4936411fb61ecb6d3dd26b359fcdc291d07788
Evernote 7.9 Path Traversal / Code Execution
Posted Apr 18, 2019
Authored by Dhiraj Mishra

Evernote version 4.9 suffers from a path traversal that can allow for code execution.

tags | exploit, code execution, file inclusion
advisories | CVE-2019-10038
SHA-256 | b08c7a210842b3ac5ca0df6b59fe9b17d6c7def80cc11bf9635441acb2c7e805
GattLib 0.2 Stack Buffer Overflow
Posted Jan 21, 2019
Authored by Dhiraj Mishra

GattLib version 0.2 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2019-6498
SHA-256 | abc54a3ecb91a2f0c11413922e317fa0853914846776f05005e2f5cdc2583758
aria2 1.33.1 Password Disclosure
Posted Jan 2, 2019
Authored by Dhiraj Mishra

aria2 version 1.33.1 suffers from a password disclosure vulnerability when logging URLs with secrets in them.

tags | exploit, info disclosure
advisories | CVE-2019-3500
SHA-256 | c9a89b510de5819685313fe5c01392487764e5029cdba9ab6aea6eed65444c6a
Poppler 0.62.0-2ubuntu2.2 Null Pointer Dereference
Posted Nov 12, 2018
Authored by Dhiraj Mishra

Poppler version 0.62.0-2ubuntu2.2 suffers from a null pointer dereference vulnerability.

tags | advisory
SHA-256 | eefc34085f4ae1117d3cf2f9e4ef43c05e5c4c134c9f2b2201329c21bec52935
libIEC61850 Buffer Overflow
Posted Nov 6, 2018
Authored by Dhiraj Mishra

libIEC61850 suffers from a buffer overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2018-18957
SHA-256 | 7f345c76433a18e2415c145a0b4a203c7bfde49a86b342505ad7abbea0fb0469
Microsoft Windows SetImeInfoEx Win32k NULL Pointer Dereference
Posted Oct 19, 2018
Authored by Dhiraj Mishra, unamer, bigric3, Anton Cherepanov | Site metasploit.com

This Metasploit module exploits an elevation of privilege vulnerability that exists in Windows 7 and 2008 R2 when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This Metasploit module is tested against windows 7 x86, windows 7 x64 and windows server 2008 R2 standard x64.

tags | exploit, arbitrary, x86, kernel
systems | windows
advisories | CVE-2018-8120
SHA-256 | 79eca834aca76d7c9dcfa923affa9994710ca886d5626b9d0a2674dfb96f1d76
Telegram Desktop 1.3.14 Denial Of Service
Posted Sep 20, 2018
Authored by Dhiraj Mishra

Telegram Desktop (aka tdesktop) version 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition.

tags | advisory, denial of service
SHA-256 | 403d589cc6a5ea07271b82c1735eb2b83f8bd8d26b73314ba14ca09778438e33
phpMyAdmin Credential Stealer
Posted Sep 9, 2018
Authored by Dhiraj Mishra | Site metasploit.com

This Metasploit module gathers phpMyAdmin credentials from a target linux machine.

tags | exploit
systems | linux
SHA-256 | 5ff70db330dfb5a4f9e077101c4ac494e8ecbbd010bd2c1ee7d93939ca5de46d
MIWiFi Xiaomi_55DD 2.8.50 Out-Of-Band Resource Load
Posted Sep 2, 2018
Authored by Dhiraj Mishra

An out-of-band resource load issue was discovered on Xiaomi MIWiFi Xiaomi_55DD version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response.

tags | exploit, web, arbitrary
advisories | CVE-2018-16307
SHA-256 | 3009618569c7f9a4821f3bb06ab287272fdc30831703a02f10b8723b781740ae
Epiphany Web Browser 3.28.1 Denial Of Service
Posted Aug 23, 2018
Authored by Dhiraj Mishra

Epiphany Web Browser version 3.28.1 suffers from a denial of service vulnerability.

tags | exploit, web, denial of service
SHA-256 | 1758cccd73bc21ff82407736bbffd17f7a0ef7a1313cd5c9281a9c53d20c7165
Page 1 of 2
Back12Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close