exploit the possibilities
Showing 1 - 10 of 10 RSS Feed

Files from Jack Misiura

First Active2020-05-05
Last Active2021-02-12
SolarWinds Serv-U FTP Server 15.2.1 Cross Site Scripting
Posted Feb 12, 2021
Authored by Jack Misiura

SolarWinds Serv-U FTP Server versions through 15.2.1 do not correctly sanitize and validate the user-supplied directory names, allowing malicious users to create directories that when clicked on (in the breadcrumb menu) will trigger cross site scripting payloads.

tags | exploit, xss
advisories | CVE-2020-28001
MD5 | 7b4d92cd96ecbdf9bbfd42665ba4d3b8
SolarWinds Serv-U FTP Server 15.2.1 Path Traversal
Posted Feb 12, 2021
Authored by Jack Misiura

SolarWinds Serv-U File Server versions through 15.2.1 do not correctly validate path information, allowing the disclosure of files and directories outside of the user's home directory via a specially crafted GET request.

tags | exploit, file inclusion
advisories | CVE-2020-27994
MD5 | bcff8e686a6d68a1e71f68016c03b076
OpenAsset Digital Asset Management SQL Injection
Posted Dec 11, 2020
Authored by Jack Misiura

OpenAsset Digital Asset Management suffers from an authenticated blind remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2020-28860
MD5 | 104a24c90358f7b176c601947844d418
OpenAsset Digital Asset Management Cross Site Request Forgery
Posted Dec 11, 2020
Authored by Jack Misiura

OpenAsset Digital Asset Management suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2020-28858
MD5 | 4ef799a57a5bebf1c7686ee9e8bb591b
OpenAsset Digital Asset Management Insecure Direct Object Reference
Posted Dec 11, 2020
Authored by Jack Misiura

OpenAsset Digital Asset Management was found to provide several endpoints which allowed for unauthenticated data retrieval in a CSV format. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

tags | exploit
advisories | CVE-2020-28861
MD5 | dcbdd080e561d84592ffec066c3a8472
OpenAsset Digital Asset Management Cross Site Scripting
Posted Dec 11, 2020
Authored by Jack Misiura

The OpenAsset Digital Asset Management web application suffers from multiple reflected and persistent cross site scripting vulnerabilities. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

tags | exploit, web, vulnerability, xss
advisories | CVE-2020-28857, CVE-2020-28859
MD5 | 35b3d6bf27bfcacaa597e0ed89c5cc54
OpenAsset Digital Asset Management IP Access Control Bypass
Posted Dec 11, 2020
Authored by Jack Misiura

The OpenAsset Digital Asset Management web application allowed for spoofing of IP addresses by using X-Forwarded-For header. By default, the web application would allow all traffic in for 127.0.0.1, in order to prevent users from accidentally blocking themselves. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

tags | exploit, web, spoof, bypass
advisories | CVE-2020-28856
MD5 | b1d09f4404b1268792fe1602be620242
WordPress DirectoriesPro 1.3.45 Cross Site Scripting
Posted Dec 11, 2020
Authored by Jack Misiura

WordPress DirectoriesPro plugin version 1.3.45 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-29303, CVE-2020-29304
MD5 | ea91243869739ae676c39bebb79d51c4
WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass
Posted Aug 20, 2020
Authored by Jack Misiura

WordPress NAB Transact WooCommerce plugin version 2.1.0 suffers from a payment bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2020-11497
MD5 | 580b8c08be425934c55c29d9872fc490
WordPress WooCommerce Advanced Order Export 3.1.3 Cross Site Scripting
Posted May 5, 2020
Authored by Jack Misiura

WordPress WooCommerce Advanced Order Export plugin version 3.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-11727
MD5 | 4d813f18afcf977d88533a85efc4c0bf
Page 1 of 1
Back1Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close