exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files from Nicob

Email addressnicob at nicob.net
First Active2005-05-27
Last Active2012-08-28
Zabbix Server Arbitrary Command Execution
Posted Aug 28, 2012
Authored by Nicob, juan vazquez | Site metasploit.com

This Metasploit module abuses the "Command" trap in Zabbix Server to execute arbitrary commands without authentication. By default the Node ID "0" is used, if it doesn't work, the Node ID is leaked from the error message and exploitation retried. According to the vendor versions prior to 1.6.9 are vulnerable. The vulnerability has been successfully tested on Zabbix Server 1.6.7 on Ubuntu 10.04.

tags | exploit, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-4498, OSVDB-60965
SHA-256 | c4c37ca2fbeb9dc136f6ed37edc9e1410341536d23168c981616809399bccf93
Kojoney 0.0.4.1 Denial Of Service
Posted Feb 25, 2010
Authored by Nicob

Kojoney versions prior to 0.0.4.2 suffer from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | a877fb5d19fecba22603df6557ffba4026cac256b572c537cf59dc8df9a77783
Zabbix Server Code Execution / SQL Injection
Posted Dec 15, 2009
Authored by Nicob

Zabbix Server suffers from code execution and remote SQL injection vulnerabilities. Code execution is patched in version 1.8 and SQL injection is patched in 1.6.8. A couple of denial of service vulnerabilities were also addressed.

tags | advisory, remote, denial of service, vulnerability, code execution, sql injection
SHA-256 | 84a607aba724e8f8a6fdc18f1dec5e0dfc3bdde2737bca88ab0a43d3c6ce8a46
Zabbix Agent Code Execution
Posted Dec 15, 2009
Authored by Nicob

Zabbix Agent versions prior to 1.6.7 suffer from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | e2030524e07abdd33c9e9a78db8cc442ef828f1fae7394e48ba12760686c38b1
SquirrelMail PGP Plugin Command Execution
Posted Oct 30, 2009
Authored by Nicob

This Metasploit module exploits a command execution vulnerability in the PGP plugin of SquirrelMail.

tags | exploit
advisories | CVE-2003-0990
SHA-256 | e9f76a373cf2b76303d467d4d1a6fc540c5d667126b63377a38fb49df378c89c
novelledir-dos.txt
Posted May 6, 2008
Authored by Nicob

Novell eDirectory versions below 8.7.3 SP 10 and versions below 8.8.2 suffer from a denial of service related vulnerability. Details are provided.

tags | exploit, denial of service
advisories | CVE-2008-0927
SHA-256 | eeea4524358956b07a0e7eeded52faf98ec81fc4f410f5baddfeed09f6a64217
novelledir-soap.txt
Posted May 6, 2008
Authored by Nicob

Novell eDirectory versions 8.7.x through 8.8.1 suffer from an arbitrary access vulnerability due to client-side access control when using the SOAP interface.

tags | advisory, arbitrary
advisories | CVE-2008-0926
SHA-256 | d8c1e0d178bbdf6fe231b6d7a8501982ac654b9dcb8aa71c053c93e60e6ed971
apache_modjk_overflow.rb.txt
Posted Jul 10, 2007
Authored by Nicob

Metasploit module for the buffer overflow vulnerability in Apache mod_jk version 1.2.20. Written to work on Win23.

tags | exploit, overflow
advisories | CVE-2007-0774
SHA-256 | efe145dee4b7080b59ab059e6c8b9dd4a32fc76e8f62346dc54be9192176437f
phpmyvisites-xss.txt
Posted Feb 13, 2007
Authored by Nicob

phpMyVisites versions prior to 2.2 stable suffer from cross site scripting, HTTP response splitting, and local file inclusion flaws.

tags | exploit, web, local, xss, file inclusion
SHA-256 | 34f74cdcafeaf7a2c88c13c040bac637888b5cbfab8d3963056479c384f38e34
cattools-traverse.txt
Posted Feb 13, 2007
Authored by Nicob

Kiwi CatTools versions below 3.2.0 Beta suffer from a tftp directory traversal flaw.

tags | exploit, file inclusion
SHA-256 | f24b397c3a60f7cac26cc72cf4d151f5a77f52aa1cf369d990ece2310ac3b320
r3-stealer-1.0.pl.txt
Posted Feb 13, 2007
Authored by Nicob

SAP Web AS version 6.40 enserver.exe file downloader exploit.

tags | exploit, web
SHA-256 | 6fc6be7f8634a3f1767a2c1d7f800816395514d2a9e81ed5454ab706e121fcd3
sapwebas-dos.txt
Posted Feb 13, 2007
Authored by Nicob

Multiple vulnerabilities exist in SAP Web AS version 6.40 below patch 136 and 7.00 below patch 66. These flaws allow for remote file disclosure, remote denial of service attacks, and local privilege escalation.

tags | advisory, remote, web, denial of service, local, vulnerability
SHA-256 | 6d8c1611200e2a882c87da2d5ee436861cc00c8981f1be917241380181404cdd
r3mote_unix_wrapper.sh.txt
Posted Nov 14, 2006
Authored by Nicob

Linux port of the exploit for the gwrd bug in SAP versions below 4.6D patch 1767 and versions below 6.40 patch 4. Allows for remote command execution. Shell script version.

tags | exploit, remote, shell
systems | linux
SHA-256 | a55846c9b05cc9ff91e04c28793f07962b4beb73e490fe87b6e190bb5bb7e3fe
r3mote_unix_UDPexec.pl.txt
Posted Nov 14, 2006
Authored by Nicob

Linux port of the exploit for the gwrd bug in SAP versions below 4.6D patch 1767 and versions below 6.40 patch 4. Allows for remote command execution. Perl version.

tags | exploit, remote, perl
systems | linux
SHA-256 | df146978b0f9a1b8ac7a1f5975813e0c7bf897e1d0e696c46d6776c344a2cb75
sapchk.c
Posted Nov 14, 2006
Authored by Nicob

Utility to test users and passwords with RfcOpenEx on SAP systems. Now deprecated in favor of THC Hydra.

tags | exploit
SHA-256 | 1946d7911a05a58e4cf9b1d70b1079af14fb8417e1bdb2b35075b7435c397425
sap-banner.c
Posted Nov 14, 2006
Authored by Nicob

SAP RFC_SYSTEM_INFO information disclosure exploit that leaks OS type, real IP address, SAP version, and more.

tags | exploit, info disclosure
SHA-256 | ca1725ccfc90166e4942d16984052e553aa51c664b897e451b960846453bdb8d
SAP_WebAS_UDP_DoS.c
Posted Nov 14, 2006
Authored by Nicob

Two byte UDP denial of service exploit for SAP version below 6.40 patch 6.

tags | exploit, denial of service, udp
SHA-256 | e42dd9d291b31a04e667954b494c51fa65832c345991b7336dd4ea1b98caf196
SAP-multiple.txt
Posted Nov 6, 2006
Authored by Nicob

The SAP Web Application Server suffers from denial of service, remote file disclosure, and local privilege escalation vulnerabilities.

tags | advisory, remote, web, denial of service, local, vulnerability
SHA-256 | de3975dce143466971026afe72001d10efca62500cacd7004d823edece217251
ethereal-SMB-DoS.c
Posted May 27, 2005
Authored by vade79, Nicob

Ethereal versions 0.10.10 and below SMB dissector remote denial of service exploit. Tested on 0.9.4 and 0.10.10.

tags | exploit, remote, denial of service
SHA-256 | 4bfdc3de77cde29503fcc4e4486eb5b7f814eb9ba623b7c983982dfc0e0ee4fa
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close