Twenty Year Anniversary
Showing 1 - 25 of 102 RSS Feed

Files from James Bercegay

Real NameJames Bercegay
Email addressprivate
Websitewww.gulftech.org
First Active2003-12-23
Last Active2018-01-15
View User Profile
D-Link DNS-325 ShareCenter 1.05B03 Shell Upload / Command Injection
Posted Jan 15, 2018
Authored by James Bercegay | Site gulftech.org

D-Link DNS-325 ShareCenter versions 1.05B03 and below suffer from remote shell upload and command injection vulnerabilities.

tags | exploit, remote, shell, vulnerability
MD5 | 9b97afd3b186a9159133894550ec5482
D-Link DNS-343 ShareCenter 1.05 Command Injection
Posted Jan 15, 2018
Authored by James Bercegay | Site gulftech.org

D-Link DNS-343 ShareCenter versions 1.05 and below suffer from a remote command injection vulnerability.

tags | exploit, remote
MD5 | 18ebdcec537f88c6770de9601f29002d
Synology PhotoStation 6.7.2-3429 SQL Injection / File Disclosure
Posted Jan 9, 2018
Authored by James Bercegay | Site gulftech.org

Synology PhotoStation versions 6.7.2-3429 and below suffer from file disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 83195bb339c2ac6977f6130a5414402a
Synology PhotoStation 6.7.2-3429 Remote Root
Posted Jan 9, 2018
Authored by James Bercegay | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in Synology PhotoStation. When combined these issues can be leveraged to gain a remote root shell.

tags | exploit, remote, shell, root, vulnerability
MD5 | b4f5208c794052067b20c6cf8801580a
WDMyCloud 2.30.165 CSRF / File Upload / Code Execution / Backdoor / DoS
Posted Jan 5, 2018
Authored by James Bercegay | Site gulftech.org

WDMyCloud versions 2.30.165 and below suffer from file upload, hard coded backdoor, command injection, cross site request forgery, denial of service, and information disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure, file upload, csrf
MD5 | 237300fca05d76ae09ec41cf79aeccf9
D-Link DNS-320L 'mydlinkBRionyg' Backdoor
Posted Jan 5, 2018
Authored by James Bercegay | Site metasploit.com

This Metasploit module exploits two issues. The first issue is that there is a hard coded backdoor within DNS-320L devices. Using this backdoor access we can then reach buggy code which is vulnerable to command injection. Root shell will be spawned upon successful exploitation. Firmware versions 1.0 (2012/6/15) to 6.0 (2015/07/28) are vulnerable.

tags | exploit, shell, root
MD5 | 14d1fdea7ee67fedccba8b171ff90c2a
Western Digital WDMyCloud 'mydlinkBRionyg' Backdoor
Posted Jan 5, 2018
Authored by James Bercegay | Site metasploit.com

This Metasploit module exploits two issues. The first issue is that there is a hard coded backdoor within WDMyCloud devices. Using this backdoor access we can then reach buggy code which is vulnerable to command injection. A root shell will be spawned upon successful exploitation.

tags | exploit, shell, root
MD5 | 484e2c31ef009345ea0787457d66bfe8
D-Link DNS-320L ShareCenter Backdoor Account / Remote Root
Posted Jan 5, 2018
Authored by James Bercegay | Site gulftech.org

D-Link DNS-320L ShareCenter contains a backdoor account that allows for remote root command execution.

tags | exploit, remote, root
MD5 | d24809c3e2e8217c390f17c1f99d1b9c
vBulletin Search UI SQL Injection
Posted Jul 21, 2011
Authored by James Bercegay | Site gulftech.org

vBulletin suffers from a Search UI remote SQL injection vulnerability. Proof of concept code included.

tags | exploit, remote, sql injection, proof of concept
MD5 | 7d664fa19eb64e52314a715a3d633977
Joomla 1.6.x Administrator PHP Code Execution
Posted May 31, 2011
Authored by James Bercegay | Site gulftech.org

This Metasploit module can be used to gain a remote shell to a Joomla! 1.6.x install when administrator credentials are known. This is achieved by uploading a malicious component which is used to execute the selected payload.

tags | exploit, remote, shell
MD5 | 770f64482cd13284a81000f0afe6bddb
Joomla 1.6.0 SQL Injection
Posted May 31, 2011
Authored by James Bercegay | Site gulftech.org

A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage the SQL Injection to extract admin credentials, and then store those credentials within the notes_db. The vulnerability is due to a validation issue in /components/com_content/models/category.php that erroneously uses the "string" type whenever filtering the user supplied input. This issue was fixed by performing a whitelist check of the user supplied order data against the allowed order types, and also escaping the input.

tags | exploit, php, sql injection
advisories | CVE-2011-1151
MD5 | b819205651e4caec804b0148a1d22d71
vBulletin 4.1.2 search.php SQL Injection
Posted May 30, 2011
Authored by James Bercegay | Site gulftech.org

vBulletin versions 4 through 4.1.2 are vulnerable to a preauth SQL Injection issue that may be used by an attacker to extract user credentials, and potentially gain administrative access, potentially leading to remote PHP code execution.

tags | exploit, remote, php, code execution, sql injection
MD5 | 23ef7ac73e51aaed5fc2776d5e7fcf9f
Joomla 1.6.0 SQL Injection / PHP Execution
Posted Apr 29, 2011
Authored by James Bercegay | Site metasploit.com

A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage the SQL Injection to extract admin credentials, and use those credentials to execute arbitrary PHP code against the target. The vulnerability is due to a validation issue in /components/com_content/models/category.php that erroneously uses the "string" type whenever filtering the user supplied input. This issue was fixed by performing a whitelist check of the user supplied order data against the allowed order types, and also escaping the input.

tags | exploit, arbitrary, php, sql injection
advisories | CVE-2011-1151
MD5 | 1ad33dfea9c4661343e83233196f0d96
NING Application Self Replicating Malware
Posted Aug 31, 2010
Authored by James Bercegay

This is a proof of concept, self replicating, social network based malware for NING.

tags | exploit, proof of concept
MD5 | 5a18d712327fbb7191111ebeddc05e49
Facebook Friend Finder Email Leakage
Posted Aug 26, 2010
Authored by James Bercegay | Site gulftech.org

Facebook's Friend Finder feature suffers from an email enumeration vulnerability.

tags | exploit
MD5 | 6158f10761eb2fba6cd2616d0b091e94
websvn-xssfhce.txt
Posted Oct 24, 2008
Authored by James Bercegay | Site gulftech.org

WebSVN versions 2.0 and below suffer from cross site scripting, file handling, and php code execution vulnerabilities.

tags | exploit, php, vulnerability, code execution, xss
MD5 | 6d3a4813d36a18de3c5e23c4ed62596d
advancedelectron-exec.txt
Posted Sep 20, 2008
Authored by James Bercegay | Site gulftech.org

Advanced Electron Forum (AEF) versions 1.0.6 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 149d312005a43c391eb12f80f64f506c
zencart138a-sql.txt
Posted Sep 4, 2008
Authored by James Bercegay | Site gulftech.org

Zen Cart versions 1.3.8a and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7093fce21347e1a9db8392feb13b7783
cscart-sql.txt
Posted Sep 3, 2008
Authored by James Bercegay | Site gulftech.org

CS-Cart versions 1.3.5 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2539ec2ee648f00c9b99455b7d11256e
crafty-sql.txt
Posted Aug 26, 2008
Authored by James Bercegay | Site gulftech.org

Crafty Syntax Live Help versions 2.14.6 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e6945d67ffc3bf702f8bca9d13e35ddf
vanilla-xss.txt
Posted Aug 20, 2008
Authored by James Bercegay | Site gulftech.org

Vanilla versions 1.1.4 and below suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 552e94d8d070f33db34993d1978ff265
sunshop414-sql.txt
Posted Aug 19, 2008
Authored by James Bercegay | Site gulftech.org

SunShop versions 4.1.4 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d7f5536589db1381f92aeb91ac136e5b
phplivehelper-sqlexec.txt
Posted Aug 18, 2008
Authored by James Bercegay | Site gulftech.org

PHP Live Helper versions 2.0.1 and below suffer from SQL injection and code execution vulnerabilities.

tags | exploit, php, vulnerability, code execution, sql injection
MD5 | c466c5e1dbec1078f714b0ae1d32d5c0
kayako-sqlxss.txt
Posted Aug 13, 2008
Authored by James Bercegay | Site gulftech.org

Kayako SupportSuite versions below 3.30.00 suffer from cross site scripting and SQL injection vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
MD5 | a8ea970dad3f68bfcf8218c9404f1afd
e107-varoverwrite.txt
Posted Aug 8, 2008
Authored by James Bercegay | Site gulftech.org

e107 versions 0.7.11 and below suffer from an arbitrary variable overwriting vulnerability.

tags | advisory, arbitrary
MD5 | 64f91d10753297771dc6bbc3da37f21e
Page 1 of 5
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    7 Files
  • 21
    Apr 21st
    10 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close