what you don't know can hurt you
Showing 1 - 13 of 13 RSS Feed

Files from Jelmer Kuperus

Email addressjkuperus at planet.nl
First Active2004-06-08
Last Active2012-05-15
Liferay 6.1 Cross Site Request Forgery
Posted May 15, 2012
Authored by Jelmer Kuperus

Liferay version 6.1 is vulnerable to JSON-related cross site request forgery attacks. Proof of concept code is included.

tags | exploit, proof of concept, csrf
systems | linux
MD5 | 2b12109503d92e9bf2898884245f4f24
Liferay 6.1 Name / Email Address Disclosure
Posted May 15, 2012
Authored by Jelmer Kuperus

Liferay version 6.1 suffers from a vulnerability where it is possible to retrieve the names and email addresses of all users. Proof of concept code included.

tags | exploit, proof of concept, info disclosure
systems | linux
MD5 | 1c9db5e006b9833dda17ca6d031cba9b
Liferay 5.x / 6.x Cross Site Scripting
Posted May 15, 2012
Authored by Jelmer Kuperus

Liferay versions 5.x and 6.x suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | e109ffd11302435030168f60435e9421
Liferay 6.1 No Account Access Bypass
Posted May 15, 2012
Authored by Jelmer Kuperus

Liferay version 6.1 suffers from a circumvention issue when restricting access to ip blocks. Proof of concept exploit included.

tags | exploit, proof of concept, bypass
systems | linux
MD5 | b45af907ccb22997e62ef3d74a4de98f
Liferay Portal Privilege Escalation
Posted May 14, 2012
Authored by Jelmer Kuperus

Liferay Portal suffers from a privilege escalation issue due to an insufficient permissions check in the updateOrganizations method of UserService.

tags | exploit
MD5 | c1114907b2057f35a15e7d543ef826fd
Liferay 6.0.5 ce WebDAV File Reading
Posted Apr 21, 2012
Authored by Jelmer Kuperus

By creating a specially crafted webdav request that contains an external entity it is possible to read files from Liferay Portal version 6.0.5 ce. Proof of concept code included.

tags | exploit, proof of concept
systems | linux
MD5 | 94d5d9f05f2aca62c5b79765fd0eb61a
Liferay 6.1 Default Configuration Compromise
Posted Apr 21, 2012
Authored by Jelmer Kuperus

By utilizing the json webservices exposed in Liferay Portal version 6.1 you can register a new user with any role in the system, including the built in administrator role. Proof of concept included.

tags | exploit, proof of concept
systems | linux
MD5 | 89a5b7ff48854a6931edae773c704aeb
Liferay JSON Request Control Takeover
Posted Apr 20, 2012
Authored by Jelmer Kuperus

Liferay Portal suffers from a takeover vulnerability due to a single HTTP request allowing an attacker to reconfigure which memcached to use. Proof of concept code included. Version 6.1 ce is confirmed vulnerable.

tags | exploit, web, proof of concept
systems | linux
MD5 | 842f6b4765772a61cdc4b88e3ce9067f
winscpFun.txt
Posted Jun 12, 2006
Authored by Jelmer Kuperus

The URI handler for WinSCP version 3.8.1 allows for extra command line switches to be passed to SCP.

tags | advisory
MD5 | 76c7b7690629fa1c3743ba6b931827ec
cabarc.txt
Posted Oct 13, 2004
Authored by Jelmer Kuperus

Microsoft cabarc suffers from a directory traversal attack.

tags | exploit
MD5 | 20a56be84b1b67938e5b260c392522ac
adobeReader6.txt
Posted Oct 13, 2004
Authored by Jelmer Kuperus

Version 6 of Adobe Acrobat has an issue with the way it handles embedding macromedia flash files directly into a pdf. This allows a malicious website operator to steal local files from a user's hard drive including cookie files.

tags | advisory, local
MD5 | afca4db1b05b72fc6565467b47db3c99
code.zip
Posted Jun 22, 2004
Authored by Jelmer Kuperus | Site jelmer.homedns.org

Some bits of code that show how modified URL encoding can easily bypass restricted zones via Microsoft Internet Explorer.

tags | exploit
MD5 | 5b1945a52edc14026d5441544d608175
analysis.tgz
Posted Jun 8, 2004
Authored by Jelmer Kuperus

Complete analysis of the 180 Solutions trojan along with exploitation tools that demonstrate at least two new unpublished vulnerabilities in Microsoft Internet Explorer 6 that allow for arbitrary code execution.

tags | exploit, arbitrary, trojan, vulnerability, code execution
MD5 | 3673f2d74f6184a4a126bf6b2228c59f
Page 1 of 1
Back1Next

File Archive:

June 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    10 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    15 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close