what you don't know can hurt you
Showing 1 - 13 of 13 RSS Feed

Files from Jelmer Kuperus

Email addressjkuperus at planet.nl
First Active2004-06-08
Last Active2012-05-15
Liferay 6.1 Cross Site Request Forgery
Posted May 15, 2012
Authored by Jelmer Kuperus

Liferay version 6.1 is vulnerable to JSON-related cross site request forgery attacks. Proof of concept code is included.

tags | exploit, proof of concept, csrf
systems | linux
SHA-256 | f0c48ee96cb75fd2a8d5d59f4b09ac01709712a9b3fbfe5a377400b30d006239
Liferay 6.1 Name / Email Address Disclosure
Posted May 15, 2012
Authored by Jelmer Kuperus

Liferay version 6.1 suffers from a vulnerability where it is possible to retrieve the names and email addresses of all users. Proof of concept code included.

tags | exploit, proof of concept, info disclosure
systems | linux
SHA-256 | ffa34db28244865608548350015903d37722b844554e14ccaf7d8347188e784a
Liferay 5.x / 6.x Cross Site Scripting
Posted May 15, 2012
Authored by Jelmer Kuperus

Liferay versions 5.x and 6.x suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 34af56ed2e0c1df197bdb004a38aeb7ac850fd1cbd8725029cf4808908941dcb
Liferay 6.1 No Account Access Bypass
Posted May 15, 2012
Authored by Jelmer Kuperus

Liferay version 6.1 suffers from a circumvention issue when restricting access to ip blocks. Proof of concept exploit included.

tags | exploit, proof of concept, bypass
systems | linux
SHA-256 | 6619bfbbf1dbfa7eb563e65bcabfac916b63c4ac1431da326cb548fddb4f5fdd
Liferay Portal Privilege Escalation
Posted May 14, 2012
Authored by Jelmer Kuperus

Liferay Portal suffers from a privilege escalation issue due to an insufficient permissions check in the updateOrganizations method of UserService.

tags | exploit
SHA-256 | 4c1ad3c260bfe325b9aead7258ea230d32d644be3b58cca2627419a584adc85b
Liferay 6.0.5 ce WebDAV File Reading
Posted Apr 21, 2012
Authored by Jelmer Kuperus

By creating a specially crafted webdav request that contains an external entity it is possible to read files from Liferay Portal version 6.0.5 ce. Proof of concept code included.

tags | exploit, proof of concept
systems | linux
SHA-256 | 3cd00ba5d2fefa08a9eafaa941c8ee4bdbf23dae39cb2ccf5da00cbf88d064e4
Liferay 6.1 Default Configuration Compromise
Posted Apr 21, 2012
Authored by Jelmer Kuperus

By utilizing the json webservices exposed in Liferay Portal version 6.1 you can register a new user with any role in the system, including the built in administrator role. Proof of concept included.

tags | exploit, proof of concept
systems | linux
SHA-256 | 3f6c3c5b9e5e27e968adbe87afc167aa13e200b89a6647cbde10d03c9a021bac
Liferay JSON Request Control Takeover
Posted Apr 20, 2012
Authored by Jelmer Kuperus

Liferay Portal suffers from a takeover vulnerability due to a single HTTP request allowing an attacker to reconfigure which memcached to use. Proof of concept code included. Version 6.1 ce is confirmed vulnerable.

tags | exploit, web, proof of concept
systems | linux
SHA-256 | 52363e44fb0da67d9da2ef19c482ca115b0e60ea50da8776e953b5d028b5ea91
winscpFun.txt
Posted Jun 12, 2006
Authored by Jelmer Kuperus

The URI handler for WinSCP version 3.8.1 allows for extra command line switches to be passed to SCP.

tags | advisory
SHA-256 | 828f6a1d625baa6b089084557ae53093b56cdfd9c41d34af1a786a83a1bd1ea7
cabarc.txt
Posted Oct 13, 2004
Authored by Jelmer Kuperus

Microsoft cabarc suffers from a directory traversal attack.

tags | exploit
SHA-256 | 0da1c6998a5f13827d20d84f85aa434f414f8be738cf5bc9a90c1282bc3e1d21
adobeReader6.txt
Posted Oct 13, 2004
Authored by Jelmer Kuperus

Version 6 of Adobe Acrobat has an issue with the way it handles embedding macromedia flash files directly into a pdf. This allows a malicious website operator to steal local files from a user's hard drive including cookie files.

tags | advisory, local
SHA-256 | 74b47a75453d9dc65dbc5539bba536659320db15cce3b64be03a8b121edc9ce0
code.zip
Posted Jun 22, 2004
Authored by Jelmer Kuperus | Site jelmer.homedns.org

Some bits of code that show how modified URL encoding can easily bypass restricted zones via Microsoft Internet Explorer.

tags | exploit
SHA-256 | 969ea80d5ad83d70772c9700ecf916fdc2e3c5a210e6edf42c960f36f4150530
analysis.tgz
Posted Jun 8, 2004
Authored by Jelmer Kuperus

Complete analysis of the 180 Solutions trojan along with exploitation tools that demonstrate at least two new unpublished vulnerabilities in Microsoft Internet Explorer 6 that allow for arbitrary code execution.

tags | exploit, arbitrary, trojan, vulnerability, code execution
SHA-256 | 633228ca6454a639b5fda36a2efc9fdfa8547bf3667c82b69a3a87a882a0b6d0
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close