exploit the possibilities
Showing 1 - 25 of 32 RSS Feed

Files from Adrian Pastor

Email addressap at gnucitizen.org
First Active2005-09-05
Last Active2009-10-23
Attacking Magstripe Gift Cards
Posted Oct 23, 2009
Authored by Adrian Pastor

This whitepaper is called Attacking Magstripe Gift Cards. It is based on research conducted on a large number of UK gift cards. The paper also provides a series of guidelines and tips for developers and systems architects who are involved in the process of implementing their own gift card technology.

tags | paper
SHA-256 | e1042460007fc647cda1299c7fadd72f83df07ca8b4a49cf309e5009f1a5993b
ProCheckUp Security Advisory 2008.21
Posted Jan 30, 2009
Authored by Adrian Pastor, ProCheckUp | Site procheckup.com

Novell GroupWise WebAccess suffers from a cross site request forgery vulnerability. Version 7.0.3 is affected.

tags | advisory, csrf
advisories | CVE-2009-0272
SHA-256 | 720e54a18ca643bcc529127da3cfa1c3758769a635c402db883befa22705bec0
ProCheckUp Security Advisory 2008.19
Posted Jan 15, 2009
Authored by Adrian Pastor, ProCheckUp | Site procheckup.com

The Cisco IOS HTTP server is vulnerable to cross site scripting within invalid parameters processed by the "/ping" server-side binary/script.

tags | exploit, web, xss
systems | cisco
SHA-256 | 9ae67732eb54093c6544c63e2953cba56031df7cd73a205c4ce458b69783a88a
ProCheckUp Security Advisory 2007.40
Posted Nov 19, 2008
Authored by Adrian Pastor, ProCheckUp | Site procheckup.com

The 3Com AP 8760 suffers from authentication bypass, password leakage, and SNMP injection vulnerabilities. Details provided.

tags | exploit, vulnerability
SHA-256 | 23b5cdcfae6b89704fccdcebd00d1ae55e3f48331216d43a26e85f5664b02003
ProCheckUp Security Advisory 2007.11
Posted Nov 19, 2008
Authored by Adrian Pastor, ProCheckUp, Jan Fry | Site procheckup.com

Sun Java System Identity suffers from a cross site request forgery vulnerability. Proof of concept code included.

tags | exploit, java, proof of concept, csrf
SHA-256 | aab83ef3374bf90d0fdb9403e4cc641a2e45c39abb67680b7db155ef488b8ca9
cups-dos.txt
Posted Nov 19, 2008
Authored by Adrian Pastor

CUPS version 1.3.7 cross site request forgery remote crash exploit that makes use of the add rss subscription functionality.

tags | exploit, remote, denial of service, csrf
SHA-256 | 6e4f00554a897ed6be22f88ed7198949f40913f4b34db7670960d0d1d9a7cf8f
Zero Day Initiative Advisory 08-070
Posted Oct 31, 2008
Authored by Adrian Pastor, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute a script injection attack on arbitrary sites through vulnerable installations of SonicWALL. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious web link. SonicWALL Pro 2040 is affected.

tags | advisory, remote, web, arbitrary
SHA-256 | 680063bf9eaca59b8914a7661552098e4550767aec39e8e52fb7d8fc7ff6e15e
SNMP_injection.pdf
Posted Oct 22, 2008
Authored by Adrian Pastor | Site procheckup.com

Whitepaper entitled SNMP Injection - Achieving Persistent HTML Injection via SNMP on Embedded Devices.

tags | paper
SHA-256 | ace95e6e015bcde9714bec5eb0612843f605b3cd71d3b207aaadcab78367c8ad
ProCheckUp Security Advisory 2007.31
Posted Oct 9, 2008
Authored by Adrian Pastor, ProCheckUp | Site procheckup.com

Remote SQL injection, cross site scripting, and user enumeration vulnerabilities exist in DPSnet Case Progress.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 0a2e10b125f92c734c445d338f2ce29f6235b3cd82345ce56eea2fbf2cda1c5d
bthub-password.txt
Posted May 22, 2008
Authored by Adrian Pastor | Site gnucitizen.org

The BT Home Hub has now changed the default access password from admin to the serial number of the device, but allows retrieval of the number via a simple MDAP request in the same network.

tags | advisory
SHA-256 | 5a3ba5771f669f0d36e2e14d02605ae45cde0985a569ac6b24a5e403fcc692c7
defaultkey-bt.txt
Posted Apr 23, 2008
Authored by Adrian Pastor | Site gnucitizen.org

Write up discussing the default key algorithm used in Thompson and BT Home Hub routers.

tags | tool, wireless
SHA-256 | e9078db23cd811510dd6bf8d8871f2705feaf45194a34d289de4ad6fd8aa3564
Hacking_Plone_CMS.pdf
Posted Mar 13, 2008
Authored by Adrian Pastor | Site procheckup.com

The Plone CMS is susceptible to cross site request forgery attacks and suffers from other vulnerabilities such as credentials being stored in cookies, a lack of authentication state on the server side, and session cookies never changing.

tags | advisory, vulnerability, csrf
advisories | CVE-2008-0164
SHA-256 | 9fa210737534dab70aad652659316b887c987b046c5b5aec3193ff894d27743d
Hacking_ZyXEL_Gateways.pdf
Posted Feb 20, 2008
Authored by Adrian Pastor | Site procheckup.com

Hacking ZyXEL Gateways - This paper is the result of various security assessments performed on several ZyXEL Prestige devices in both, a controlled environment (computer lab) and production environments during several penetration tests.

tags | paper
SHA-256 | 600401012d7e58dd3e96b349711e77fedae3680aed73812bb47cdc6783b6a6d3
ProCheckUp Security Advisory 2006.12
Posted Feb 20, 2008
Authored by Adrian Pastor, ProCheckUp, Jan Fry | Site procheckup.com

BEA Plumtree Foundation portal version 6.0 and BEA AquaLogic Interaction version 6.1 are both vulnerable to a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7a08c7f2e308d21418659bf94d530748edc0e377060fe39dc2ceed70fa329e2a
ProCheckUp Security Advisory 2007.60708091012
Posted Jan 10, 2008
Authored by Adrian Pastor, ProCheckUp, Jan Fry | Site procheckup.com

Sun Java System Identity Manager version 6.0, Sun Java System Identity Manager version 7.0, and Sun Java System Identity Manager version 7.1 are susceptible to cross domain redirection, cross site scripting, and frame injection vulnerabilities.

tags | advisory, java, vulnerability, xss
SHA-256 | d6006a16a69c00bd066f6cb36ecb14b95ece02d9fc7932ef0a831f29ef9988fd
ProCheckUp Security Advisory 2007.39
Posted Dec 6, 2007
Authored by Adrian Pastor, ProCheckUp, Richard Brain, Jan Fry | Site procheckup.com

Directory traversal, cross site scripting, and SQL injection vulnerabilities exist in the Absolute News Manager .NET version 5.1.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | c20201b4d8c8d24e7310c36b1d34160f498e4b267278ba9e50ad2889cd7016c1
ProCheckUp Security Advisory 2006.9
Posted Dec 4, 2007
Authored by Adrian Pastor, ProCheckUp, Richard Brain, Jan Fry | Site procheckup.com

By performing an advanced search, unauthenticated users can enumerate valid usernames with a single HTTP request on the BEA Plumtree Portal.

tags | advisory, web
SHA-256 | 776de6dc499e6ebfc575f8b19a3ac66c6953bcc956cb6a8b5c59f0a43584290a
ProCheckUp Security Advisory 2006.8
Posted Dec 4, 2007
Authored by Adrian Pastor, ProCheckUp, Jan Fry | Site procheckup.com

BEA Plumtree Portal is vulnerable to a internal hostname disclosure vulnerability.

tags | advisory
SHA-256 | 866b56dd83ba8330356f8847ee9d66d1be2f67a4336cc14f44ee0a485a6a593a
ProCheckUp Security Advisory 2007.37
Posted Dec 2, 2007
Authored by Adrian Pastor, ProCheckUp, Amir Azam | Site procheckup.com

A cross site scripting vulnerability has been discovered in Apache versions 2.2.x and 2.0.x using a malformed HTTP request with 413 error pages.

tags | exploit, web, xss
SHA-256 | 5e5ecae2dd8650f2334b76ce5c8c11c07a739563e20ab71119ce66af66f4b72c
ProCheckUp Security Advisory 2007.14
Posted Dec 2, 2007
Authored by Adrian Pastor, ProCheckUp, Jan Fry | Site procheckup.com

The F5 FirePass 4100 SSL VPN is susceptible to cross site scripting vulnerabilities in my.activation.php3.

tags | exploit, vulnerability, xss
SHA-256 | f93567dd019619dc99df7b77129c40ab79f517ee69a40dd6ed1e64a113c580e3
ProCheckUp Security Advisory 2007.2
Posted Nov 16, 2007
Authored by Adrian Pastor, ProCheckUp | Site procheckup.com

The Liferay Portal login page is vulnerable to a cross site scripting vulnerability within the "login" field processed by the "/c/portal/login" server-side script.

tags | exploit, xss
SHA-256 | c5b4c300ba8f9b20584c800933c0325a4d4d46f7e96b287d9a80d0e033cff5fd
ProCheckUp Security Advisory 2007.13
Posted Nov 13, 2007
Authored by Adrian Pastor, ProCheckUp, Jan Fry | Site procheckup.com

A cross site scripting vulnerability exists in F5 Networks FirePass versions 5.4 through 5.5.2 and versions 6.0 through 6.0.1.

tags | advisory, xss
SHA-256 | 51540fba61ee07c114e319066190f0cda6e0b78c22a023ed48a9ce08149e0dd6
ProCheckUp Security Advisory 2007.29
Posted Nov 1, 2007
Authored by Adrian Pastor, ProCheckUp | Site procheckup.com

Two cross site scripting vulnerabilities have been discovered in the Blue coat ProxySG Management Console. Versions below 4.2.6.1 and 5.2.2.5 are susceptible.

tags | exploit, vulnerability, xss
SHA-256 | 3727cb9c34a1696c8c0b76accc01046338bd92bc0f1d21fd1d216fbf171502a4
Vulnerability_Axis_2100_research.pdf
Posted Oct 31, 2007
Authored by Adrian Pastor, Amir Azam | Site procheckup.com

Whitepaper discussing multiple vulnerabilities discovered against the AXIS 2100 IP camera system.

tags | exploit, vulnerability
SHA-256 | 986692b6f4654c94d63979c6dd3fda4e17b01269b1945b047ee8d945a1bdd005
ProCheckUp Security Advisory 2007.21
Posted Jul 25, 2007
Authored by Adrian Pastor, ProCheckUp

Webbler CMS version 3.1.3 forms are susceptible to spamming and phishing abuse.

tags | advisory
SHA-256 | 5503488e23f6c7be676955ef2ffeb9270118cf81117c979021082d3a7f4cb7b9
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close