exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files from Stefano Di Paola

Email addressstefano.dipaola at mindedsecurity.com
First Active2004-09-17
Last Active2011-09-09
Spring Framework Information Disclosure
Posted Sep 9, 2011
Authored by Stefano Di Paola, Arshan Dabirsiaghi, SpringSource Security Team

Spring Framework versions 3.0.0 to 3.0.5, 2.5.0 to 2.5.6.SEC02, and 2.5.0 to 2.5.7.SR01 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2011-2730
SHA-256 | f0dc757e73d89236f2c88698d4791d1317a31be811db0b76dade2bee53c8a3d7
Liferay JSON Service Information Leakage
Posted Aug 13, 2010
Authored by Stefano Di Paola | Site mindedsecurity.com

The Liferay JSON service suffers from multiple remote information disclosure vulnerabilities.

tags | exploit, remote, vulnerability, info disclosure
SHA-256 | 2eefe242df465b532ea4094ef0f4f75673c5d531310f8b98bab39ea2e08b2790
Liferay Calendar exportFileName Path Manipulation
Posted Aug 13, 2010
Authored by Stefano Di Paola | Site mindedsecurity.com

Liferay Calendar suffers from an exportFileName path manipulation vulnerability that allows for arbitrary JSP execution.

tags | exploit, arbitrary
SHA-256 | 364ef10eb3fb5346794a9da1561ef77a228dcdd72f907d0ae2256c91da27a284
Servlet Exec 5.0p06 File Retrieval
Posted Aug 13, 2010
Authored by Stefano Di Paola, Giorgio Fedon | Site mindedsecurity.com

New Atlanta Servlet Exec allows for the reading of system configuration files and unauthorized access to system information.

tags | exploit
SHA-256 | 34a4088e3ba49cb55c3d0a4c393f545d9987745e1a0af51a84ec49da7a867e1f
HTTP Parameter Pollution
Posted May 19, 2009
Authored by Stefano Di Paola, Luca Carettoni | Site ikkisoft.com

This is a presentation called HTTP Parameter Pollution that focuses on manipulation and injection of HTTP GET/POST parameters.

tags | paper, web
SHA-256 | df989e106011230b8418a8adeaad6d36878992bf93ca8fd2ac0c12fef5be85fa
CVE-2008-2370.txt
Posted Aug 1, 2008
Authored by Stefano Di Paola | Site tomcat.apache.org

Tomcat versions 4.1.0 to 4.1.37, 5.5.0 to 5.5.26, and 6.0.0 to 6.0.16 all suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2008-2370
SHA-256 | f8c36b93b9442322e44a0b2612396b39102152d21428d8074fa6dbbc58be85ff
MSA02240108.txt
Posted Mar 21, 2008
Authored by Stefano Di Paola | Site mindedsecurity.com

Internet Explorer 7 allows the overwrite of headers such as Content-Length, Host and Referer, exposing the browser to HTTP request splitting attacks.

tags | advisory, web
SHA-256 | eaea3131591bfb6ccae35e2fe3c39290b35d6c49dc952d056d4a2a8909089880
MSA01240108.txt
Posted Mar 21, 2008
Authored by Stefano Di Paola | Site mindedsecurity.com

Internet Explorer 7 allows the setting of header "Transfer Encoding: chunked" in setRequestHeader exposing the browser to HTTP request splitting/smuggling attacks.

tags | advisory, web
SHA-256 | 27996f8ad05851a84e1ef28e49b50bfdf6fdaa29d8a9736f6f788a883dbc9cff
apachemodneg-splitxss.txt
Posted Jan 23, 2008
Authored by Stefano Di Paola | Site mindedsecurity.com

mod_negotiation as shipped with Apache versions 1.3.39 and below, 2.0.61 and below, and 2.2.6 and below suffers from cross site scripting and http response splitting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | 7f86ee48aeabb8b145f34046e06f37b34c3aa28b2b9640c2e4a27e73d169a460
swfintruder-0.9.tgz
Posted Dec 6, 2007
Authored by Stefano Di Paola | Site mindedsecurity.com

SWFIntruder (pronounced Swiff Intruder) is the first tool specifically developed for analyzing and testing security of Flash applications at runtime. Some features include predefined attack patterns, highly customizable attacks, semi-automated cross site scripting checks, and more.

tags | web, xss
SHA-256 | ed7bcff3fefd34be99edafb8554813713aebb26330bb5743201776c9eff34d1e
MSA01110707.txt
Posted Jul 13, 2007
Authored by Stefano Di Paola | Site mindedsecurity.com

By using a specially crafted "flv" video it is possible to trigger an integer overflow inside Adobe Flash interpreter which could lead to client/browser-plugin crash, arbitrary code execution or system denial of service.

tags | advisory, denial of service, overflow, arbitrary, code execution
SHA-256 | b5745d95565e102a3b47c37bae0f9bb5d2ad4eb82226f8857c7805702ddd2ae8
ieff-split.txt
Posted May 2, 2007
Authored by Stefano Di Paola | Site wisec.it

Firefox and Internet Explorer are prone to HTTP request splitting when Digest Authentication occurs.

tags | advisory, web
SHA-256 | edf659ed906fc3bd6c2fc58b554242e8d5cd97e23770a48f1df6a9e2d0681852
Php Nuke POST Cross Site Scripting On Steroids
Posted Mar 13, 2007
Authored by Stefano Di Paola, Francesco Ongaro | Site ush.it

PHP Nuke version 8.0, and possibly lower versions, are susceptible to a POST cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | 240246141b63832150858dd16b81a45662e47408b15b013ca75d852b41f72486
PHP import_request_variables() Arbitrary Variable Overwrite
Posted Mar 9, 2007
Authored by Stefano Di Paola, Francesco Ongaro | Site wisec.it

PHP versions greater than or equal to 4.0.7 and less than or equal to 5.2.1 suffer from an arbitrary variable overwrite in import_request_variables().

tags | exploit, arbitrary, php
SHA-256 | 5fa15988075ab903a6fb5db15ca53a4cf5cbc587310a227e5c83e5aa6494637b
adobeplugin.txt
Posted Jan 4, 2007
Authored by Stefano Di Paola | Site wisec.it

The Adobe Acrobat Reader plugin is susceptible to session riding and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 6f8787159ec262edcfdaedc27ea3b2c37a154fdd74c3dce34a6fc9e8817c536d
mysqlExec.txt
Posted May 5, 2006
Authored by Stefano Di Paola | Site wisec.it

MySQL server versions 5.0.20 and below suffer from information leakage and arbitrary command execution flaws.

tags | advisory, arbitrary
SHA-256 | 73926f323fd235433143abd52ed6b9430e45c62875f010bf2cd9188857a7813d
my_com_table_dump_exploit.c
Posted May 5, 2006
Authored by Stefano Di Paola | Site wisec.it

Exploit for MySQL server versions 5.0.20 and below which suffer from information leakage and arbitrary command execution flaws.

tags | exploit, arbitrary
SHA-256 | dff58328a3f1ca93623e9a8886b9d869d4f877a0b500615da4f050b4bbaf2ad2
mysqlLeak.txt
Posted May 5, 2006
Authored by Stefano Di Paola | Site wisec.it

MySQL server versions 4.1.18 and below and 5.0.20 and below suffer from an information leakage issue.

tags | advisory
SHA-256 | eb1d10694aff57e15a622b021c3784bf24605040a4da6933d54eafaa3b59792c
my_anon_db_leak.c
Posted May 5, 2006
Authored by Stefano Di Paola | Site wisec.it

Proof of concept exploit that demonstrates an information leakage vulnerability in MySQL server version 4.1.18 and below and 5.0.20 and below.

tags | exploit, proof of concept
SHA-256 | 8660944cf077440334eb208ca4159d9608657b390786c7af9f2b5c70a2a33352
exp3.pl.txt
Posted Mar 15, 2005
Authored by Stefano Di Paola | Site wisec.it

Proof of concept exploit that makes use of functions in libc in order to gain MySQL user privileges. Version 4.1.10 and versions below and equal to 4.0.23 are affected.

tags | exploit, proof of concept
SHA-256 | 883268c86f6fa35f215d28b707d9b6aa5143b2203243c3f53302acab8d0dc34d
mysqlCreatelibc.txt
Posted Mar 15, 2005
Authored by Stefano Di Paola | Site wisec.it

If an authenticated user has INSERT and DELETE privileges on an mysql administrative database, it is possible, by using the CREATE FUNCTION command, to take advantage of functions from libc in order to gain mysql user privileges. Version 4.1.10 and versions below and equal to 4.0.23 are affected.

tags | advisory
SHA-256 | 05ae9e22a0591885b9e526aefabcc601ce81851c4dcec3496411367507e6bb0a
exp2.php.txt
Posted Mar 15, 2005
Authored by Stefano Di Paola | Site wisec.it

Proof of concept exploit that makes use of a library injection flaw in MySQL via the CREATE function. Version 4.1.10 and versions below and equal to 4.0.23 are affected.

tags | exploit, proof of concept
SHA-256 | d74efbde515c47b96c4ca08796c904e378535ec258fbffd7eb05c6774714d9c8
mysqlCreateinject.txt
Posted Mar 15, 2005
Authored by Stefano Di Paola | Site wisec.it

If an authenticated user has INSERT and DELETE privileges on a mysql administrative database, it is possible to use a library located in an arbitrary directory using the CREATE function. Version 4.1.10 and versions below and equal to 4.0.23 are affected.

tags | advisory, arbitrary
SHA-256 | b6cd1438080f20142c162f5f1c30010bcc56c15eeb9a45e72e51b6759e1dc41f
php-shmop.txt
Posted Dec 30, 2004
Authored by Stefano Di Paola

PHP shmop shared memory module has a leak that can lead to Safe Mode bypass. PHP versions 5.0.2 and below and 4.3.9 and below are susceptible.

tags | advisory, php
SHA-256 | dc588853dfb8ad0042d6999abaa9d3b5fc69f9d552e5b678cca0ce19da0a4550
phpPOC.txt
Posted Oct 1, 2004
Authored by Stefano Di Paola | Site wisec.it

PHP proof of concept exploit that makes use of an arbitrary file upload flaw in PHP versions below 4.3.9 and 5.0.2.

tags | exploit, arbitrary, php, proof of concept, file upload
SHA-256 | afff49337f58bcf7a3d4d154ad71cfde47193d319ff6dbeccf14fc280a7b754b
Page 1 of 2
Back12Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close