exploit the possibilities
Showing 1 - 10 of 10 RSS Feed

Files from Daniel Fabian

Email addressd.fabian at sec-consult.com
First Active2004-03-30
Last Active2010-02-23
Xerox WorkCentre 5665/5675/5687 Backdoor
Posted Feb 23, 2010
Authored by Daniel Fabian | Site sec-consult.com

Xerox WorkCentre versions 5665, 5675, and 5687 suffers from backdoor and authentication vulnerabilities.

tags | exploit, vulnerability
MD5 | c92ff24436f953cf17dc018b9002568c
LetoDMS Local File Inclusion / Cross Site Request Forgery
Posted Jan 16, 2010
Authored by Daniel Fabian, Lukas Weichselbaum | Site sec-consult.com

LetoDMS versions 1.7.2 and below suffer from cross site request forgery and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
MD5 | 4ea74d7fa9611a6a57792630447e477e
SEC-20051125-0.txt
Posted Nov 30, 2005
Authored by Daniel Fabian | Site sec-consult.com

SEC-CONSULT Security Advisory 20051125-0 - vTiger versions 4.2 and below have been found susceptible to SQL injection, cross site scripting, code execution, directory traversal, and arbitrary file upload flaws.

tags | exploit, arbitrary, code execution, xss, sql injection, file upload
MD5 | 96d3cb698b8ebc4810a5d40fe39f7827
SEC-20051025-0.txt
Posted Oct 27, 2005
Authored by Daniel Fabian | Site sec-consult.com

SEC-CONSULT Security Advisory 20051025-0 - The Snoop PHP web client is susceptible to a remote command execution vulnerability when a specially crafted URL is supplied. Versions 1.2 and earlier are affected.

tags | exploit, remote, web, php
MD5 | 907f0220f39742e9598e02d67bfe5f84
phpMeta.txt
Posted Dec 30, 2004
Authored by Daniel Fabian

PHP version 4.3.9 is vulnerable to meta character attacks. The bug could enable an attacker to read arbitrary files from the filesystem of a webserver that hosts PHP scripts. In addition PHP versions 4.3.6 until 4.3.9 as well as PHP versions 5.0.0 until 5.0.2 contain a bug that enables an attacker to manipulate the file name of uploaded files to perform directory traversal.

tags | advisory, arbitrary, php
MD5 | 74b268a99f4a6aaefbb8d9e621614730
sugarSales.txt
Posted Dec 30, 2004
Authored by Daniel Fabian

Multiple Vulnerabilities have been found in the open source customer relationship management software SugarSales. These vulnerabilities include full path disclosure, file inclusion, remote command execution, and SQL injection attacks. Versions up to 2.0.1c are susceptible.

tags | exploit, remote, vulnerability, sql injection, file inclusion
MD5 | 6a238c167b455bb722100e71b4d42187
kdeSMB.txt
Posted Dec 11, 2004
Authored by Daniel Fabian

The KDE program Konquerer allows for browsing SMB shares comfortably through the GUI. By placing a shortcut to an SMB share on KDE's desktop, an attacker can disclose his victim's password in plaintext.

tags | advisory
MD5 | 8508f86470ecc4ddc611025de042ceb9
WR850G.txt
Posted Sep 29, 2004
Authored by Daniel Fabian | Site sec-consult.com

The firmware of Motorola's wireless WR850G router has a flaw that enables an attacker to log into the router's web interface without knowing username or password and the ability to gain knowledge of the router's username and password after logging in.

tags | advisory, web
MD5 | 712aa3955a9b39ddb0a41c94a1f45939
phpEscape.txt
Posted Jun 7, 2004
Authored by Daniel Fabian | Site sec-consult.com

PHP offers the function escapeshellarg() to escape arguments to shell commands in a way that makes it impossible for an attacker to execute additional commands. However due to a bug in the function, this does not work with the windows version of PHP. Versions 4.3.6 and below are susceptible.

tags | exploit, shell, php
systems | windows
MD5 | 4c2259467e77e624482ad84e2fe1c526
linbit.txt
Posted Mar 30, 2004
Authored by Daniel Fabian | Site sec-consult.com

SEC-CONSULT Security Advisory - Linbit Linbox is vulnerable to authentication circumvention on its administration portal, password disclosure for all existing users, and using the obtained passwords, any account can be logged into via SSH.

tags | advisory
MD5 | 7492df126274009cc647dd21fc84d3ed
Page 1 of 1
Back1Next

File Archive:

January 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    15 Files
  • 2
    Jan 2nd
    15 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    1 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    24 Files
  • 8
    Jan 8th
    15 Files
  • 9
    Jan 9th
    16 Files
  • 10
    Jan 10th
    23 Files
  • 11
    Jan 11th
    17 Files
  • 12
    Jan 12th
    3 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    33 Files
  • 16
    Jan 16th
    23 Files
  • 17
    Jan 17th
    29 Files
  • 18
    Jan 18th
    15 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close