Exploit the possiblities
Showing 1 - 25 of 94 RSS Feed

Files from James Bercegay

Real NameJames Bercegay
Email addressprivate
Websitewww.gulftech.org
First Active2003-12-23
Last Active2011-07-21
View User Profile
vBulletin Search UI SQL Injection
Posted Jul 21, 2011
Authored by James Bercegay | Site gulftech.org

vBulletin suffers from a Search UI remote SQL injection vulnerability. Proof of concept code included.

tags | exploit, remote, sql injection, proof of concept
MD5 | 7d664fa19eb64e52314a715a3d633977
Joomla 1.6.x Administrator PHP Code Execution
Posted May 31, 2011
Authored by James Bercegay | Site gulftech.org

This Metasploit module can be used to gain a remote shell to a Joomla! 1.6.x install when administrator credentials are known. This is achieved by uploading a malicious component which is used to execute the selected payload.

tags | exploit, remote, shell
MD5 | 770f64482cd13284a81000f0afe6bddb
Joomla 1.6.0 SQL Injection
Posted May 31, 2011
Authored by James Bercegay | Site gulftech.org

A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage the SQL Injection to extract admin credentials, and then store those credentials within the notes_db. The vulnerability is due to a validation issue in /components/com_content/models/category.php that erroneously uses the "string" type whenever filtering the user supplied input. This issue was fixed by performing a whitelist check of the user supplied order data against the allowed order types, and also escaping the input.

tags | exploit, php, sql injection
advisories | CVE-2011-1151
MD5 | b819205651e4caec804b0148a1d22d71
vBulletin 4.1.2 search.php SQL Injection
Posted May 30, 2011
Authored by James Bercegay | Site gulftech.org

vBulletin versions 4 through 4.1.2 are vulnerable to a preauth SQL Injection issue that may be used by an attacker to extract user credentials, and potentially gain administrative access, potentially leading to remote PHP code execution.

tags | exploit, remote, php, code execution, sql injection
MD5 | 23ef7ac73e51aaed5fc2776d5e7fcf9f
Joomla 1.6.0 SQL Injection / PHP Execution
Posted Apr 29, 2011
Authored by James Bercegay | Site metasploit.com

A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage the SQL Injection to extract admin credentials, and use those credentials to execute arbitrary PHP code against the target. The vulnerability is due to a validation issue in /components/com_content/models/category.php that erroneously uses the "string" type whenever filtering the user supplied input. This issue was fixed by performing a whitelist check of the user supplied order data against the allowed order types, and also escaping the input.

tags | exploit, arbitrary, php, sql injection
advisories | CVE-2011-1151
MD5 | 1ad33dfea9c4661343e83233196f0d96
NING Application Self Replicating Malware
Posted Aug 31, 2010
Authored by James Bercegay

This is a proof of concept, self replicating, social network based malware for NING.

tags | exploit, proof of concept
MD5 | 5a18d712327fbb7191111ebeddc05e49
Facebook Friend Finder Email Leakage
Posted Aug 26, 2010
Authored by James Bercegay | Site gulftech.org

Facebook's Friend Finder feature suffers from an email enumeration vulnerability.

tags | exploit
MD5 | 6158f10761eb2fba6cd2616d0b091e94
websvn-xssfhce.txt
Posted Oct 24, 2008
Authored by James Bercegay | Site gulftech.org

WebSVN versions 2.0 and below suffer from cross site scripting, file handling, and php code execution vulnerabilities.

tags | exploit, php, vulnerability, code execution, xss
MD5 | 6d3a4813d36a18de3c5e23c4ed62596d
advancedelectron-exec.txt
Posted Sep 20, 2008
Authored by James Bercegay | Site gulftech.org

Advanced Electron Forum (AEF) versions 1.0.6 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 149d312005a43c391eb12f80f64f506c
zencart138a-sql.txt
Posted Sep 4, 2008
Authored by James Bercegay | Site gulftech.org

Zen Cart versions 1.3.8a and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7093fce21347e1a9db8392feb13b7783
cscart-sql.txt
Posted Sep 3, 2008
Authored by James Bercegay | Site gulftech.org

CS-Cart versions 1.3.5 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2539ec2ee648f00c9b99455b7d11256e
crafty-sql.txt
Posted Aug 26, 2008
Authored by James Bercegay | Site gulftech.org

Crafty Syntax Live Help versions 2.14.6 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e6945d67ffc3bf702f8bca9d13e35ddf
vanilla-xss.txt
Posted Aug 20, 2008
Authored by James Bercegay | Site gulftech.org

Vanilla versions 1.1.4 and below suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 552e94d8d070f33db34993d1978ff265
sunshop414-sql.txt
Posted Aug 19, 2008
Authored by James Bercegay | Site gulftech.org

SunShop versions 4.1.4 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d7f5536589db1381f92aeb91ac136e5b
phplivehelper-sqlexec.txt
Posted Aug 18, 2008
Authored by James Bercegay | Site gulftech.org

PHP Live Helper versions 2.0.1 and below suffer from SQL injection and code execution vulnerabilities.

tags | exploit, php, vulnerability, code execution, sql injection
MD5 | c466c5e1dbec1078f714b0ae1d32d5c0
kayako-sqlxss.txt
Posted Aug 13, 2008
Authored by James Bercegay | Site gulftech.org

Kayako SupportSuite versions below 3.30.00 suffer from cross site scripting and SQL injection vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
MD5 | a8ea970dad3f68bfcf8218c9404f1afd
e107-varoverwrite.txt
Posted Aug 8, 2008
Authored by James Bercegay | Site gulftech.org

e107 versions 0.7.11 and below suffer from an arbitrary variable overwriting vulnerability.

tags | advisory, arbitrary
MD5 | 64f91d10753297771dc6bbc3da37f21e
plogger-sql.txt
Posted Aug 5, 2008
Authored by James Bercegay | Site gulftech.org

Plogger versions 3.0 and below suffer from a SQL injection vulnerability.

tags | exploit, sql injection
MD5 | b573e3ec36f86cb877365c2cb852bb8d
pligg-exec.txt
Posted Jul 31, 2008
Authored by James Bercegay | Site gulftech.org

Pligg versions 9.9 and below remote code execution exploit.

tags | exploit, remote, code execution
MD5 | 48f192b98b7e0813651772beee33a5bb
pligg99-sqlxss.txt
Posted Jul 31, 2008
Authored by James Bercegay | Site gulftech.org

Pligg versions 9.9 and below suffer from cross site scripting, arbitrary file access, and SQL injection vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, sql injection
MD5 | 32bbd3741f287522ca607c70fb37baee
gregarius-sql.txt
Posted Jul 29, 2008
Authored by James Bercegay | Site gulftech.org

Gregarius versions 0.5.4 and below suffer from a SQL injection vulnerability.

tags | exploit, sql injection
MD5 | 191d45fc5354fe121b9a2dbccbb4f10a
viart-sql.txt
Posted Jul 29, 2008
Authored by James Bercegay | Site gulftech.org

ViArt Shop versions 3.5 and below suffer from a SQL injection vulnerability.

tags | exploit, sql injection
MD5 | 007c4ce209ac4733b089a90f93161554
talldude-bypass.txt
Posted Jul 28, 2008
Authored by James Bercegay | Site gulftech.org

Jamroom versions 3.3.8 and below from Talldude Networks, LLC suffers from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 6d1490c0a9efa99da6ceba626d8ad32d
gallery202.txt
Posted Mar 6, 2006
Authored by James Bercegay | Site gulftech.org

Gallery2 versions 2.0.2 and below suffer from IP spoofing, script injection, and arbitrary file access flaws.

tags | advisory, arbitrary, spoof
MD5 | 7d0a2dda5502843362cd35e72b4b2455
phpRPC07.txt
Posted Mar 2, 2006
Authored by James Bercegay | Site gulftech.org

phpRPC versions 0.7 and below suffer from a remote code execution flaw.

tags | advisory, remote, code execution
MD5 | 2a2c757620622b7e39fa6130886818de
Page 1 of 4
Back1234Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close