exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files from David Maciejak

First Active2005-11-05
Last Active2012-10-15
AjaXplorer checkInstall.php Remote Command Execution
Posted Oct 15, 2012
Authored by David Maciejak, Julien CAYSSOL, sinn3r | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the AjaXplorer 'checkInstall.php' script. All versions of AjaXplorer prior to 2.6 are vulnerable.

tags | exploit, arbitrary, php
advisories | OSVDB-63552
SHA-256 | 32002b0c8c4086baf8a3940e0cae06296538c059e5c62586ee1b23ee757f955b
Password Authentication Cracking!
Posted Oct 3, 2011
Authored by thc, David Maciejak

This article will show how to use Hydra to check for weak passwords. Hydra tries all possible password combination against a server on the Internet until one valid one is found to log in to the server. It is a powerful tool for hackers and network administrators alike.

tags | paper, cracker
SHA-256 | 56171bc530902f8968a9598509262077fabc677e9035e86cc837313228edf75b
MailEnable Authorization Header Buffer Overflow
Posted Nov 26, 2009
Authored by David Maciejak | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the MailEnable web service. The vulnerability is triggered when a large value is placed into the Authorization header of the web request. MailEnable Enterprise Edition versions prior to 1.0.5 and MailEnable Professional versions prior to 1.55 are affected.

tags | exploit, remote, web, overflow
advisories | CVE-2005-1348
SHA-256 | ff2e2ce5c94655dfb9465949f75f90f07c48c21db60b136d56f8315fb6e91c26
Cacti graph_view.php Remote Command Execution
Posted Oct 30, 2009
Authored by David Maciejak

This Metasploit module exploits an arbitrary command execution vulnerability in the Raxnet Cacti 'graph_view.php' script. All versions of Raxnet Cacti prior to 0.8.6-d are vulnerable.

tags | exploit, arbitrary, php
SHA-256 | 77015dcc4a4e48442940b4772f4885d88b39b635512bbe063d6f2de6d3022e2b
Posted Sep 5, 2007
Authored by thc, David Maciejak

Patch for THC's Hydra that adds a dependency checks for openssl needed for the SIP module, modifies checks for libpq.so for Postgresql module, adds a new module for Netware NCP and for Firebird database.

SHA-256 | a644e2e1a9eb85606bd9b9f29ac096834058d72e8ab3dca236b8146d7a98e302
iDEFENSE Security Advisory 2007-07-16.2
Posted Jul 17, 2007
Authored by iDefense Labs, David Maciejak | Site idefense.com

iDefense Security Advisory 07.16.07 - Remote exploitation of an authorization bypass vulnerability in Trend Micro Inc.'s OfficeScan for Windows could allow attackers to login to the management console and alter application settings. The OfficeScan installation includes a web management console that allows administrators to configure the application and the Antivirus clients it manages. The web interface login is handled by cgiChkMasterPwd.exe which is passed a hash and an encrypted version of the password generated by an ActiveX control on the login page. If cgiChkMasterPwd.exe is sent an empty encryption string and empty hash it proceeds to issue the client a valid session id which can then be used to access the web management console. iDefense has confirmed the existence of this vulnerability in OfficeScan for Windows 7.3 with all current patches applied. Previous versions may also be affected.

tags | advisory, remote, web, activex, bypass
systems | windows
advisories | CVE-2007-3455
SHA-256 | a98a64e827c3881c6d7525e8e9f19ca35a49b345f4e980df850b0db80b122c89
Posted May 21, 2006
Authored by David Maciejak

Ipswitch WhatsUp Professional suffers from source disclosure, information disclosure, and cross site scripting flaws. Weaknesses are confirmed in version 2006. Earlier versions may also be susceptible.

tags | exploit, xss, info disclosure
SHA-256 | a9a7a332f27024112aca7776f100288c07c382051fe5ea02a197f2d35645d3f2
Posted May 6, 2006
Authored by David Maciejak

WebCalendar is susceptible to user enumeration flaws.

tags | advisory
SHA-256 | 935103eb1980f6dfbf36877ebf7bdf6873490fa42f6e438f5f00cb6731e32120
Posted Apr 11, 2006
Authored by David Maciejak | Site gnms.rubyforge.org

GNMS is a free Network Management System, a tool to monitor state of network elements. All nodes are mapped on a window. States can be discovered by service, snmp, custom pooling, moreover syslog and snmp traps can be caught too.

systems | unix
SHA-256 | f16b8673b8448308becb28dd480cfd1fc14b98a380a73d19f47ed82be7f83d48
Posted Dec 29, 2005
Authored by David Maciejak

A Malicious user can cause a remote denial of service in Juniper NSM (NetScreen-Security Manager) by sending specially crafted and long strings to guiSrv(port 7800) and devSrv(port 7801).

tags | advisory, remote, denial of service
systems | juniper
SHA-256 | 797817f93ca63bd55c20e9ac4d6c679d95eeadee929cea0952179beb1d73a6e5
Posted Dec 3, 2005
Authored by David Maciejak

Edgewall Trac version 0.9 is susceptible to a SQL injection attack due to a lack of sanity checking on the group variable.

tags | exploit, sql injection
SHA-256 | 0e476544b659e0558351730fac351de96b79fa2ac9ed9599c2b7042ef2694279
Posted Nov 8, 2005
Authored by David Maciejak

Many time consuming directory listing requests can cause a denial of service in Apache Tomcat versions 5.5.0 through 5.5.11.

tags | advisory, denial of service
SHA-256 | 086f15a92d10b2d041ac47dd4acff5fdcdb316d12cb606660db99f35aac7f44c
Posted Nov 5, 2005
Authored by David Maciejak

Wzdftpd SITE command arbitrary command execution Metasploit plugin exploit for versions 0.5.4 and below.

tags | exploit, arbitrary
SHA-256 | 3e85d32db1a1b151f81bc4597b865d596dd534d0730ffb45e51d9520107e8d72
Page 1 of 1

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By