what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files from Kenneth F. Belva

Email addresskfb at ftusecurity.com
First Active2005-08-31
Last Active2015-10-13
New Methods In Automated XSS Detection And Dynamic Exploit Creation
Posted Oct 13, 2015
Authored by Kenneth F. Belva

This slide deck consists of three presentations showing both an overall and detailed view of the new patent pending methods to make cross site scripting (XSS) detection more accurate and faster as well as the creation of dynamic exploits. It was presented at OWASP AppSecUSA 2015.

tags | paper, xss
SHA-256 | 32bc66497949946f49a5d475504377f6fb06a5d809e9e46ec66cb3f3191a2b7b
MyConnection Server 8.2b Cross Site Scripting
Posted Feb 23, 2015
Authored by Kenneth F. Belva

MyConnection Server version 8.2b suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-2043
SHA-256 | c9ab77625e1367cca46f4d58fe3c3178212c8c6049ec8e802f27e40fb5e81473
TomatoCart 1.1.8.6.1 Cross Site Scripting
Posted Sep 22, 2014
Authored by Kenneth F. Belva

TomatoCart version 1.1.8.6.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 79fa551178c89cd026702176897012baab890d8c7eba697d2cb60aa11162509c
Pizza Inn Registration Cross Site Scripting
Posted Sep 21, 2014
Authored by Kenneth F. Belva

Pizza Inn Registration suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5a1edb79b7fe3d9798b3fa1e02d42acaf8165ce59f390a7d27dbc6a0528d5111
OKCupid Cross Site Scripting
Posted Sep 21, 2014
Authored by Kenneth F. Belva

OKCupid server error pages suffered from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-3148
SHA-256 | 55b9edd72c42fe42439c54b83648a6ae9a40cbf862490bd921f0a61780685848
Your Online Shop Cross Site Scripting
Posted Sep 20, 2014
Authored by Kenneth F. Belva

Your Online Shop suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8a1368e00d3bdd6c67cc3a0fb225fcffbf5805b7e49ded4b9610a5024c9e2a91
Exponent CMS 2.3.0 Cross Site Scripting
Posted Sep 20, 2014
Authored by Kenneth F. Belva

Exponent CMS version 2.3.0 suffers from a POST reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8de9029830cf1e4c70982c3606140b89c2335ac9e0895a778b8774e36b32e9e2
WordPress 3.6 URL Redirection
Posted Oct 11, 2013
Authored by Kenneth F. Belva

WordPress version 3.6 suffers from multiple URL redirection restriction bypass vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2013-4339
SHA-256 | b7c554cd3d39594ec433361de09accd00a8298b232665ded7801c40c285494bb
OpenDocMan 1.2.6.2 SQL Injection / Access Bypass
Posted Dec 13, 2012
Authored by Kenneth F. Belva

OpenDocMan version 1.2.6.2 suffers from remote SQL injection and multiple access bypass vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, bypass
SHA-256 | b865110065c53e1f31eed37d7378c899a40f17fdecd48dbbcec488cf1491d1be
Addressbook 8.1.24.1 / 8.2.5 Cross Site Scripting
Posted Dec 13, 2012
Authored by Kenneth F. Belva

Addressbook versions 8.1.24.1 and 8.2.5 suffer from a cross site scripting vulnerability in Group Name.

tags | exploit, xss
SHA-256 | 20aebf2bfe9b011017e46733e1177c025ebc2f405f02f295a97fb67315a1919d
Front Account 2.3.13 / OpenDocMan 1.2.6.2 Arbitrary HTML Rendering
Posted Dec 13, 2012
Authored by Kenneth F. Belva

Front Account version 2.3.13 and OpenDocMan version 1.2.6.2 render uploaded HTML in the DOM allowing for malicious javascript insertion that can enable cross site scripting attacks.

tags | advisory, javascript, xss
SHA-256 | 39b7dc1d98dc77b0a1fe1263b285315dc66fe88c63545e29291abfda9cf4a8f1
VT-belva-dekay-final.pdf
Posted Aug 29, 2006
Authored by Kenneth F. Belva, Sam H. Dekay | Site ftusecurity.com

Whitepaper titled "Creating Business Through Virtual Trust: How to Gain and Sustain a Competitive Advantage Using Information Security".

tags | paper
SHA-256 | 61c4df4f6cd97bb1f07965a78034ff548b67189ecc2115b7f28bbf34efe4e5d2
belva-att-unknown.web.vulns.pdf
Posted Jun 29, 2006
Authored by Kenneth F. Belva | Site ftusecurity.com

Presentation entitled "Case Studies in Finding Previously Unknown Vulnerabilities in Web Applications" from the AT&T ISNN Lecture Series. The aim of the presentation is to cover a limited set of web application vulnerability types and show the impact of these vulnerabilities via real world cases.

tags | paper, web, vulnerability
SHA-256 | 864d22be9ea2fbe90fc389e48dd1b7e860db2d314108cd24933a16b4659c7ec8
whatsupwiththat.txt
Posted May 22, 2006
Authored by Kenneth F. Belva | Site ftusecurity.com

Ipswitch What's Up Professional 2006 is vulnerable to a spoofing attack whereby the attacker can trick the application into thinking he/she is making a request from the console (which is considered trusted). This attack will allow the attacker to bypass the authentication mechanism of the application and login without credentials.

tags | advisory, spoof
SHA-256 | c45af487c7e701523e3170d31c0f127bc7bab3856ae1e9d76f301b7c98ab5dcd
FiTechSummit_final_paper.pdf
Posted Sep 26, 2005
Authored by Kenneth F. Belva | Site ftusecurity.com

This presentation was given by the keynote speaker at the FiTech Summit 2005. It is entitled "How It's Difficult to Ruin a Good Name: An Analysis of Reputational Risk".

tags | paper
SHA-256 | 3ab52b06315c51be5592e0eb263596d926684a34f932ce28649184d7e7e1d185
sphpblog_vulns.pl.txt
Posted Aug 31, 2005
Authored by Kenneth F. Belva | Site ftusecurity.com

Exploit that demonstrates a vulnerability in the comment_delete_cgi.php from SimplePHPBlog. The PHP script allows for the arbitrary deletion of files. This vulnerability, in combination with the fact that the installation scripts are left on the server after installation, allows an arbitrary user to reset the admin password to one of the attacker's choosing.

tags | exploit, arbitrary, php
SHA-256 | 0709918fda79c675a96d4652e41493a81d31f543e718af8b4e99466278e268a4
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close