what you don't know can hurt you
Showing 1 - 16 of 16 RSS Feed

Files from Kenneth F. Belva

Email addresskfb at ftusecurity.com
First Active2005-08-31
Last Active2015-10-13
New Methods In Automated XSS Detection And Dynamic Exploit Creation
Posted Oct 13, 2015
Authored by Kenneth F. Belva

This slide deck consists of three presentations showing both an overall and detailed view of the new patent pending methods to make cross site scripting (XSS) detection more accurate and faster as well as the creation of dynamic exploits. It was presented at OWASP AppSecUSA 2015.

tags | paper, xss
MD5 | eea59ae522b2132dc8ea3248dc761a26
MyConnection Server 8.2b Cross Site Scripting
Posted Feb 23, 2015
Authored by Kenneth F. Belva

MyConnection Server version 8.2b suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-2043
MD5 | 8582cebe61c72b09b6feff201ac2135c
TomatoCart 1.1.8.6.1 Cross Site Scripting
Posted Sep 22, 2014
Authored by Kenneth F. Belva

TomatoCart version 1.1.8.6.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 51dfd42291060a613119252447a5c5d3
Pizza Inn Registration Cross Site Scripting
Posted Sep 21, 2014
Authored by Kenneth F. Belva

Pizza Inn Registration suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | a03bec8e4dad6925c3bdbed210d67bb6
OKCupid Cross Site Scripting
Posted Sep 21, 2014
Authored by Kenneth F. Belva

OKCupid server error pages suffered from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-3148
MD5 | ffa4665f1116b47e36a9a99c1c5df504
Your Online Shop Cross Site Scripting
Posted Sep 20, 2014
Authored by Kenneth F. Belva

Your Online Shop suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
MD5 | d0b657cb810c851297288c4f6d53e8d4
Exponent CMS 2.3.0 Cross Site Scripting
Posted Sep 20, 2014
Authored by Kenneth F. Belva

Exponent CMS version 2.3.0 suffers from a POST reflective cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9d6e4373361cca7fcd1d9c029d10bd67
WordPress 3.6 URL Redirection
Posted Oct 11, 2013
Authored by Kenneth F. Belva

WordPress version 3.6 suffers from multiple URL redirection restriction bypass vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2013-4339
MD5 | 221df3bff78c4badddb93234ce5f95a1
OpenDocMan 1.2.6.2 SQL Injection / Access Bypass
Posted Dec 13, 2012
Authored by Kenneth F. Belva

OpenDocMan version 1.2.6.2 suffers from remote SQL injection and multiple access bypass vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, bypass
MD5 | f1085c129f4e3a974656389cb2cdc63c
Addressbook 8.1.24.1 / 8.2.5 Cross Site Scripting
Posted Dec 13, 2012
Authored by Kenneth F. Belva

Addressbook versions 8.1.24.1 and 8.2.5 suffer from a cross site scripting vulnerability in Group Name.

tags | exploit, xss
MD5 | bee3b576bbf9d24baeb4af78b8cd6dc2
Front Account 2.3.13 / OpenDocMan 1.2.6.2 Arbitrary HTML Rendering
Posted Dec 13, 2012
Authored by Kenneth F. Belva

Front Account version 2.3.13 and OpenDocMan version 1.2.6.2 render uploaded HTML in the DOM allowing for malicious javascript insertion that can enable cross site scripting attacks.

tags | advisory, javascript, xss
MD5 | f007776958ccab71968d2bd28ece9330
VT-belva-dekay-final.pdf
Posted Aug 29, 2006
Authored by Kenneth F. Belva, Sam H. Dekay | Site ftusecurity.com

Whitepaper titled "Creating Business Through Virtual Trust: How to Gain and Sustain a Competitive Advantage Using Information Security".

tags | paper
MD5 | 7f6b399cf8ffbbe96ca5477648dc7c60
belva-att-unknown.web.vulns.pdf
Posted Jun 29, 2006
Authored by Kenneth F. Belva | Site ftusecurity.com

Presentation entitled "Case Studies in Finding Previously Unknown Vulnerabilities in Web Applications" from the AT&T ISNN Lecture Series. The aim of the presentation is to cover a limited set of web application vulnerability types and show the impact of these vulnerabilities via real world cases.

tags | paper, web, vulnerability
MD5 | b3cc396f3bac0d4b714d25d59bfb0b3a
whatsupwiththat.txt
Posted May 22, 2006
Authored by Kenneth F. Belva | Site ftusecurity.com

Ipswitch What's Up Professional 2006 is vulnerable to a spoofing attack whereby the attacker can trick the application into thinking he/she is making a request from the console (which is considered trusted). This attack will allow the attacker to bypass the authentication mechanism of the application and login without credentials.

tags | advisory, spoof
MD5 | 5ae2438411d0ab8e2e5ec1d060e2f806
FiTechSummit_final_paper.pdf
Posted Sep 26, 2005
Authored by Kenneth F. Belva | Site ftusecurity.com

This presentation was given by the keynote speaker at the FiTech Summit 2005. It is entitled "How It's Difficult to Ruin a Good Name: An Analysis of Reputational Risk".

tags | paper
MD5 | 5131f07bb7a4df687b2eb4106ce4c174
sphpblog_vulns.pl.txt
Posted Aug 31, 2005
Authored by Kenneth F. Belva | Site ftusecurity.com

Exploit that demonstrates a vulnerability in the comment_delete_cgi.php from SimplePHPBlog. The PHP script allows for the arbitrary deletion of files. This vulnerability, in combination with the fact that the installation scripts are left on the server after installation, allows an arbitrary user to reset the admin password to one of the attacker's choosing.

tags | exploit, arbitrary, php
MD5 | d5a02f6fa42800a232858d4f054b1541
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close