Twenty Year Anniversary
Showing 1 - 10 of 10 RSS Feed

Files from Daniel Fabian

Email addressd.fabian at sec-consult.com
First Active2004-03-30
Last Active2010-02-23
Xerox WorkCentre 5665/5675/5687 Backdoor
Posted Feb 23, 2010
Authored by Daniel Fabian | Site sec-consult.com

Xerox WorkCentre versions 5665, 5675, and 5687 suffers from backdoor and authentication vulnerabilities.

tags | exploit, vulnerability
MD5 | c92ff24436f953cf17dc018b9002568c
LetoDMS Local File Inclusion / Cross Site Request Forgery
Posted Jan 16, 2010
Authored by Daniel Fabian, Lukas Weichselbaum | Site sec-consult.com

LetoDMS versions 1.7.2 and below suffer from cross site request forgery and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
MD5 | 4ea74d7fa9611a6a57792630447e477e
SEC-20051125-0.txt
Posted Nov 30, 2005
Authored by Daniel Fabian | Site sec-consult.com

SEC-CONSULT Security Advisory 20051125-0 - vTiger versions 4.2 and below have been found susceptible to SQL injection, cross site scripting, code execution, directory traversal, and arbitrary file upload flaws.

tags | exploit, arbitrary, code execution, xss, sql injection, file upload
MD5 | 96d3cb698b8ebc4810a5d40fe39f7827
SEC-20051025-0.txt
Posted Oct 27, 2005
Authored by Daniel Fabian | Site sec-consult.com

SEC-CONSULT Security Advisory 20051025-0 - The Snoop PHP web client is susceptible to a remote command execution vulnerability when a specially crafted URL is supplied. Versions 1.2 and earlier are affected.

tags | exploit, remote, web, php
MD5 | 907f0220f39742e9598e02d67bfe5f84
phpMeta.txt
Posted Dec 30, 2004
Authored by Daniel Fabian

PHP version 4.3.9 is vulnerable to meta character attacks. The bug could enable an attacker to read arbitrary files from the filesystem of a webserver that hosts PHP scripts. In addition PHP versions 4.3.6 until 4.3.9 as well as PHP versions 5.0.0 until 5.0.2 contain a bug that enables an attacker to manipulate the file name of uploaded files to perform directory traversal.

tags | advisory, arbitrary, php
MD5 | 74b268a99f4a6aaefbb8d9e621614730
sugarSales.txt
Posted Dec 30, 2004
Authored by Daniel Fabian

Multiple Vulnerabilities have been found in the open source customer relationship management software SugarSales. These vulnerabilities include full path disclosure, file inclusion, remote command execution, and SQL injection attacks. Versions up to 2.0.1c are susceptible.

tags | exploit, remote, vulnerability, sql injection, file inclusion
MD5 | 6a238c167b455bb722100e71b4d42187
kdeSMB.txt
Posted Dec 11, 2004
Authored by Daniel Fabian

The KDE program Konquerer allows for browsing SMB shares comfortably through the GUI. By placing a shortcut to an SMB share on KDE's desktop, an attacker can disclose his victim's password in plaintext.

tags | advisory
MD5 | 8508f86470ecc4ddc611025de042ceb9
WR850G.txt
Posted Sep 29, 2004
Authored by Daniel Fabian | Site sec-consult.com

The firmware of Motorola's wireless WR850G router has a flaw that enables an attacker to log into the router's web interface without knowing username or password and the ability to gain knowledge of the router's username and password after logging in.

tags | advisory, web
MD5 | 712aa3955a9b39ddb0a41c94a1f45939
phpEscape.txt
Posted Jun 7, 2004
Authored by Daniel Fabian | Site sec-consult.com

PHP offers the function escapeshellarg() to escape arguments to shell commands in a way that makes it impossible for an attacker to execute additional commands. However due to a bug in the function, this does not work with the windows version of PHP. Versions 4.3.6 and below are susceptible.

tags | exploit, shell, php
systems | windows
MD5 | 4c2259467e77e624482ad84e2fe1c526
linbit.txt
Posted Mar 30, 2004
Authored by Daniel Fabian | Site sec-consult.com

SEC-CONSULT Security Advisory - Linbit Linbox is vulnerable to authentication circumvention on its administration portal, password disclosure for all existing users, and using the obtained passwords, any account can be logged into via SSH.

tags | advisory
MD5 | 7492df126274009cc647dd21fc84d3ed
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close