Showing 1 - 22 of 22

Files from Francesco Ongaro

Email address	ascii at ush.it
First Active	2005-10-27
Last Active	2015-10-09

Veeam Backup And Replication 6 / 7 / 8 Privilege Escalation: Posted Oct 9, 2015; Authored by Francesco Ongaro, Antonio Parata, Pasquale Florillo; Veeam Backup and Replications versions 6 through 8 suffer from log disclosure and broken password security vulnerabilities.; tags | exploit, vulnerability; advisories | CVE-2015-5742; SHA-256 | 297149a77606ab6deac1de2bb98b0f033747ba6db8266944dfe68b46fdffd256; Download | Favorite | View

Nginx, Varnish, Cherokee, etc Log Injection: Posted Jan 11, 2010; Authored by Francesco Ongaro, Alessandro Tanasi, Giovanni Pellerano | Site ush.it; Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to log escape sequence injection vulnerabilities.; tags | exploit, vulnerability; advisories | CVE-2009-4487, CVE-2009-4488, CVE-2009-4489, CVE-2009-4490, CVE-2009-4491, CVE-2009-4492, CVE-2009-4493, CVE-2009-4494, CVE-2009-4495, CVE-2009-4496; SHA-256 | ca929167a6a430b66650857a093ae76e47f6db643eb8bafffa59b6ebc10896d0; Download | Favorite | View

Jetty 6.x / 7.x Information Disclosure / XSS: Posted Oct 26, 2009; Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it; Jetty versions 6.x and 7.x suffer from cross site scripting, injection, and information disclosure vulnerabilities.; tags | exploit, vulnerability, xss, info disclosure; SHA-256 | 5f6bdd64a6596d46cbd0a5ae2448106b4656a8543eb8f07317ef5d4b92ae82d9; Download | Favorite | View

Vtiger CRM 5.0.4 Code Exection / XSS / XSRF / LFI: Posted Aug 18, 2009; Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it; Vtiger CRM version 5.0.4 suffers from code execution, local file inclusion, cross site scripting, and cross site request forgery vulnerabilities.; tags | exploit, local, vulnerability, code execution, xss, file inclusion, csrf; SHA-256 | a0599a490c531c182849299f81372c277f5eeeadc04bccdc6e9da1eb256e8a74; Download | Favorite | View

PHP Filesystem Attack Vectors - Part Two: Posted Jul 28, 2009; Authored by Francesco Ongaro, Giovanni Pellerano | Site ush.it; Whitepaper discussing a large amount of PHP filesystem attack vectors. Take Two.; tags | paper, php; SHA-256 | 50ea2f5921192ef048630929273e79e8dc80d288a30593b6b7ef6639a9180257; Download | Favorite | View

SugarCRM 5.2.0e Code Execution: Posted Jun 15, 2009; Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it; SugarCRM versions 5.2.0e and below suffer from a remote code execution vulnerability.; tags | exploit, remote, code execution; SHA-256 | b46bbb1752deb1c9295ffea5807d2e474bb3c4c6de135549995c2c9d75270085; Download | Favorite | View

FormMail 1.92 XSS / HTTP Response Splitting: Posted May 13, 2009; Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it; FormMail version 1.92 suffers from cross site scripting, header injection, and HTTP response splitting vulnerabilities.; tags | exploit, web, vulnerability, xss; SHA-256 | dda541988029f268bc02136426254f2b6bbc63e0e3c487848827415005cc289e; Download | Favorite | View

Zabbix 1.6.2 XSRF / LFI / Code Execution: Posted Mar 3, 2009; Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it; Zabbix version 1.6.2 suffers from remote code execution, cross site request forgery, and local file inclusion vulnerabilities.; tags | exploit, remote, local, vulnerability, code execution, file inclusion, csrf; SHA-256 | 6fc6a1f1b3df47f2608e299ed5ea4014c5c4b5292607adb72d978c18e293dc26; Download | Favorite | View

PHP Filesystem Attack Vectors: Posted Feb 9, 2009; Authored by Francesco Ongaro, Giovanni Pellerano | Site ush.it; Whitepaper discussing a large amount of PHP filesystem attack vectors.; tags | paper, php; SHA-256 | cf9fb603acb1135b3f8a595653d1d18a8937d01270074b11448182d48a251260; Download | Favorite | View

Moodle 1.9.3 Remote Code Execution: Posted Dec 12, 2008; Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it; Moodle version 1.9.3 suffers from a remote code execution vulnerability. Full details provided.; tags | exploit, remote, code execution; SHA-256 | 604fed1136c665e395b41c51641f80c673942dba92e616551632c7f5f1aac44e; Download | Favorite | View

Collabtive 0.4.8 Multiple Vulnerabilities: Posted Nov 10, 2008; Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it; Collabtive version 0.4.8 suffers from cross site scripting, authentication bypass, and shell upload vulnerabilities.; tags | exploit, shell, vulnerability, xss; SHA-256 | 79b3e4b4ba18d65ce36a36f1ab3e00c7d5d25169f28c965cb0522f75f65a1536; Download | Favorite | View

Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities: Posted May 20, 2008; Authored by Francesco Ongaro, Antonio Parata | Site ush.it; Mantis Bug Tracker version 1.1.1 suffers from remote code execution, cross site scripting, and cross site request forgery vulnerabilities.; tags | exploit, remote, vulnerability, code execution, xss, csrf; SHA-256 | f69ef268367fecefac3205565ba9c1d3f5e36237f4b833741139a9350750a069; Download | Favorite | View

WiKID wClient-PHP 3.0-2 Cross Site Scripting: Posted Apr 11, 2008; Authored by Francesco Ongaro, Antonio Parata | Site ictsc.it; WiKID wClient-PHP versions 3.0-2 and below suffer from multiple cross site scripting vulnerabilities.; tags | advisory, php, vulnerability, xss; SHA-256 | 67d10cd0b31c2647b3ef2d33f5dd1920c1101c3453e62e3516e332f15ae75f08; Download | Favorite | View

Cacti 0.8.7a Multiple Vulnerabilities: Posted Feb 12, 2008; Authored by Francesco Ongaro, Antonio Parata | Site ictsc.it; Multiple security vulnerabilities such as cross site scripting and SQL injection have been discovered in Cacti versions 0.8.7a and below. Full exploitation details provided.; tags | exploit, vulnerability, xss, sql injection; SHA-256 | 40eeb2e3bd758718bab24d1dda1ef1a8de3acea488b2f6daa45622393b146ba0; Download | Favorite | View

Original Photo Gallery Remote Command Execution: Posted Oct 3, 2007; Authored by Francesco Ongaro, Antonio Parata | Site ush.it; Original Photo Gallery versions 0.11.2 and below suffer from a remote command execution vulnerability.; tags | exploit, remote; SHA-256 | 6b9f382d9d8b5fa95f99764ba3fda63a36150fe8da621a53e0b5a82ae7f6bb06; Download | Favorite | View

Php Nuke POST Cross Site Scripting On Steroids: Posted Mar 13, 2007; Authored by Stefano Di Paola, Francesco Ongaro | Site ush.it; PHP Nuke version 8.0, and possibly lower versions, are susceptible to a POST cross site scripting vulnerability.; tags | exploit, php, xss; SHA-256 | 240246141b63832150858dd16b81a45662e47408b15b013ca75d852b41f72486; Download | Favorite | View

PHP import_request_variables() Arbitrary Variable Overwrite: Posted Mar 9, 2007; Authored by Stefano Di Paola, Francesco Ongaro | Site wisec.it; PHP versions greater than or equal to 4.0.7 and less than or equal to 5.2.1 suffer from an arbitrary variable overwrite in import_request_variables().; tags | exploit, arbitrary, php; SHA-256 | 5fa15988075ab903a6fb5db15ca53a4cf5cbc587310a227e5c83e5aa6494637b; Download | Favorite | View

Milkeyway-0.1.1.txt: Posted Mar 20, 2006; Authored by Francesco Ongaro | Site ush.it; Milkeyway Captive Portal versions 0.1 and 0.1.1 are vulnerable to many SQL injection and XSS vulnerabilities. Detailed POC included.; tags | exploit, vulnerability, sql injection; SHA-256 | ac204592ba8d46b51a0cd05581ac6ff707420ab9e164e86a54872fef2b8f131e; Download | Favorite | View

WebCalendar Multiple Vulnerabilities: Posted Dec 1, 2005; Authored by Francesco Ongaro | Site ush.it; WebCalendar 1.0.1 is susceptible to SQL injection attacks.; tags | advisory, sql injection; SHA-256 | 23e27c95c7836fb9ed4b91fc3f6d56dabd8ce00e2c70c418b4563aabab3e4fb9; Download | Favorite | View

PHP Web Statistik Multiple Vulnerabilities: Posted Dec 1, 2005; Authored by Francesco Ongaro | Site ush.it; PHP Web Statistik version 1.4 suffers from injection vulnerabilities.; tags | advisory, web, php, vulnerability; SHA-256 | 1254628e2da8b1b1b6f411da297d1ea9e16f19f55e843ac8d21250c14532a6ef; Download | Favorite | View

FreeWebStat Multiple Cross Site Scripting: Posted Dec 1, 2005; Authored by Francesco Ongaro | Site ush.it; FreeWebStat version 1.0 rev37 is vulnerable to multiple cross site scripting flaws.; tags | advisory, xss; SHA-256 | 0020303ba5ebcc0da8d674752ec0c2c826555fce3288cdd245981ad3915983ad; Download | Favorite | View

PHP iCalendar Cross Site Scripting: Posted Oct 27, 2005; Authored by Francesco Ongaro | Site ush.it; PHP iCalendar versions 2.0a2, 2.0b, 2.0c, and 2.0.1 are susceptible to a cross site scripting vulnerability. Exploitation details provided.; tags | exploit, php, xss; SHA-256 | 9f0ca61b9a7c8067bc32bf77050ea673995d4a2229d755fff83257c3138fc38e; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Files from Francesco Ongaro

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems