exploit the possibilities
Showing 1 - 25 of 35 RSS Feed

Files from Dhiraj Mishra

Email addressmishra.dhiraj95 at gmail.com
First Active2017-09-02
Last Active2020-04-23
Zen Load Balancer 3.10.1 Directory Traversal
Posted Apr 23, 2020
Authored by Dhiraj Mishra, Basim Alabdullah | Site metasploit.com

This Metasploit module exploits an authenticated directory traversal vulnerability in Zen Load Balancer version 3.10.1. The flaw exists in index.cgi not properly handling the filelog= parameter which allows a malicious actor to load arbitrary file path.

tags | exploit, arbitrary, cgi, file inclusion
MD5 | 098e961d63357b612d0c1f8c93294ae0
VLC For iOS Insecure Direct Object Reference
Posted Mar 27, 2020
Authored by Dhiraj Mishra

VLC for iOS was vulnerable to an unauthenticated insecure direct object reference vulnerability allowing for an attacker to compromise media. This issue was patched in the March, 2020 release.

tags | advisory
systems | ios
MD5 | 52a01cca3181149c144ed635f762179e
Wing FTP Server 6.2.3 Cross Site Request Forgery
Posted Mar 11, 2020
Authored by Dhiraj Mishra

Wing FTP Server version 2.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | ab4742c9e716d9fd238b8943baf4504b
Fuzzing VIM
Posted Mar 5, 2020
Authored by Dhiraj Mishra

This is a brief whitepaper that discusses fuzzing the VIM editor.

tags | paper
MD5 | cbf9769b6b0bca565ecb0c138d7549e2
VIM 8.2 Denial Of Service
Posted Feb 6, 2020
Authored by Dhiraj Mishra

VIM version 8.2 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 69c2d58121478b3c8b9c4332cbb17ac6
Citrix ADC / Gateway Path Traversal
Posted Jan 16, 2020
Authored by Dhiraj Mishra

This is an nmap nse script to test for the path traversal vulnerability in Citrix Application Delivery Controller (ADC) and Gateway.

tags | exploit, file inclusion
advisories | CVE-2019-19781
MD5 | 3d57f69e4e44a43b2e99e03017ca3b2f
VIM 8.1.2135 Use-After-Free
Posted Oct 17, 2019
Authored by Dhiraj Mishra

VIM version 8.1.2135 suffers from a heap use-after-free vulnerability using freed memory with autocmd.

tags | exploit
MD5 | f3d0f14378ae93da6326e33fb2192c33
libyal libfwsi Buffer Overread
Posted Oct 8, 2019
Authored by Dhiraj Mishra

In libyal libfwsi versions prior to 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported.

tags | advisory
advisories | CVE-2019-17263
MD5 | 023163a259126ce043d5da57e3883280
Xpdf 4.02 NULL Pointer Dereference
Posted Oct 2, 2019
Authored by Dhiraj Mishra

Xpdf version 4.02 suffers from a null pointer dereference vulnerability.

tags | advisory
advisories | CVE-2019-17064
MD5 | 11136b48c6527d8a784e8aa585d8cdee
Supra Smart Cloud TV Remote File Inclusion
Posted Jun 6, 2019
Authored by Dhiraj Mishra

Supra Smart Cloud TV suffers from an openLiveURL() remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
advisories | CVE-2019-12477
MD5 | 25ecf7c683b48930b3f5f26642c4927a
Typora 0.9.9.24.6 Directory Traversal
Posted May 27, 2019
Authored by Dhiraj Mishra

Typora version 0.9.9.24.6 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2019-12137
MD5 | c7a81878c4f374eb5bf47253e526c750
Spring Cloud Config 2.1.x Path Traversal
Posted Apr 30, 2019
Authored by Dhiraj Mishra | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability which exists in Spring Cloud Config versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6. Spring Cloud Config listens by default on port 8888.

tags | exploit, file inclusion
advisories | CVE-2019-3799
MD5 | 4cec9f77b2ac836a1fef57d954b7fa22
Apache Pluto 3.0.0 / 3.0.1 Cross Site Scripting
Posted Apr 26, 2019
Authored by Dhiraj Mishra

Apache Pluto versions 3.0.0 and 3.0.1 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-0186
MD5 | 5b4d482e4f11f898eeb856751db97337
Evernote 7.9 Path Traversal / Code Execution
Posted Apr 18, 2019
Authored by Dhiraj Mishra

Evernote version 4.9 suffers from a path traversal that can allow for code execution.

tags | exploit, code execution, file inclusion
advisories | CVE-2019-10038
MD5 | d4904d2fd1cf06efcec045568d6f2691
GattLib 0.2 Stack Buffer Overflow
Posted Jan 21, 2019
Authored by Dhiraj Mishra

GattLib version 0.2 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2019-6498
MD5 | 5e660817d7bb750ffdf15cc68bd1810b
aria2 1.33.1 Password Disclosure
Posted Jan 2, 2019
Authored by Dhiraj Mishra

aria2 version 1.33.1 suffers from a password disclosure vulnerability when logging URLs with secrets in them.

tags | exploit, info disclosure
advisories | CVE-2019-3500
MD5 | 6faf3e5ab90997fdc7deea262c1d499c
Poppler 0.62.0-2ubuntu2.2 Null Pointer Dereference
Posted Nov 12, 2018
Authored by Dhiraj Mishra

Poppler version 0.62.0-2ubuntu2.2 suffers from a null pointer dereference vulnerability.

tags | advisory
MD5 | fe320abd280f1716903cf12cf0451ebe
libIEC61850 Buffer Overflow
Posted Nov 6, 2018
Authored by Dhiraj Mishra

libIEC61850 suffers from a buffer overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2018-18957
MD5 | 9876a14a850e92552a086d08a1031ee8
Microsoft Windows SetImeInfoEx Win32k NULL Pointer Dereference
Posted Oct 19, 2018
Authored by Dhiraj Mishra, unamer, bigric3, Anton Cherepanov | Site metasploit.com

This Metasploit module exploits an elevation of privilege vulnerability that exists in Windows 7 and 2008 R2 when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This Metasploit module is tested against windows 7 x86, windows 7 x64 and windows server 2008 R2 standard x64.

tags | exploit, arbitrary, x86, kernel
systems | windows, 7
advisories | CVE-2018-8120
MD5 | 967e04838b302049cc237c549437ccec
Telegram Desktop 1.3.14 Denial Of Service
Posted Sep 20, 2018
Authored by Dhiraj Mishra

Telegram Desktop (aka tdesktop) version 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition.

tags | advisory, denial of service
MD5 | 31d080533f64618434fcb4a98727b3e6
phpMyAdmin Credential Stealer
Posted Sep 9, 2018
Authored by Dhiraj Mishra | Site metasploit.com

This Metasploit module gathers phpMyAdmin credentials from a target linux machine.

tags | exploit
systems | linux
MD5 | 82c4bd6adf62d917164aef95e6b99aa7
MIWiFi Xiaomi_55DD 2.8.50 Out-Of-Band Resource Load
Posted Sep 2, 2018
Authored by Dhiraj Mishra

An out-of-band resource load issue was discovered on Xiaomi MIWiFi Xiaomi_55DD version 2.8.50 devices. It is possible to induce the application to retrieve the contents of an arbitrary external URL and return those contents in its own response. If a domain name (containing a random string) is used in the HTTP Host header, the application performs an HTTP request to the specified domain. The response from that request is then included in the application's own response.

tags | exploit, web, arbitrary
advisories | CVE-2018-16307
MD5 | 6ac1762d0861842f9b5cefc05f6c1c0e
Epiphany Web Browser 3.28.1 Denial Of Service
Posted Aug 23, 2018
Authored by Dhiraj Mishra

Epiphany Web Browser version 3.28.1 suffers from a denial of service vulnerability.

tags | exploit, web, denial of service
MD5 | b861883dd67141c86e6d706650ff3c80
cgit Directory Traversal
Posted Aug 14, 2018
Authored by Dhiraj Mishra | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in cgit versions prior to 1.2.1.

tags | exploit
advisories | CVE-2018-14912
MD5 | 9cb22f90ff6602ff71d0f3a6065eb878
Oracle GlassFish Server 4.1 Directory Traversal
Posted Aug 13, 2018
Authored by Dhiraj Mishra | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability which exits in administration console of Oracle GlassFish Server version 4.1, which is listening by default on port 4848/TCP.

tags | exploit, tcp
advisories | CVE-2017-1000028
MD5 | fd16dd7193f3dbf77f3cec17df7260fc
Page 1 of 2
Back12Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close