exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files from David Maciejak

First Active2005-11-05
Last Active2012-10-15
AjaXplorer checkInstall.php Remote Command Execution
Posted Oct 15, 2012
Authored by David Maciejak, Julien CAYSSOL, sinn3r | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the AjaXplorer 'checkInstall.php' script. All versions of AjaXplorer prior to 2.6 are vulnerable.

tags | exploit, arbitrary, php
advisories | OSVDB-63552
SHA-256 | 32002b0c8c4086baf8a3940e0cae06296538c059e5c62586ee1b23ee757f955b
Password Authentication Cracking!
Posted Oct 3, 2011
Authored by thc, David Maciejak

This article will show how to use Hydra to check for weak passwords. Hydra tries all possible password combination against a server on the Internet until one valid one is found to log in to the server. It is a powerful tool for hackers and network administrators alike.

tags | paper, cracker
SHA-256 | 56171bc530902f8968a9598509262077fabc677e9035e86cc837313228edf75b
MailEnable Authorization Header Buffer Overflow
Posted Nov 26, 2009
Authored by David Maciejak | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the MailEnable web service. The vulnerability is triggered when a large value is placed into the Authorization header of the web request. MailEnable Enterprise Edition versions prior to 1.0.5 and MailEnable Professional versions prior to 1.55 are affected.

tags | exploit, remote, web, overflow
advisories | CVE-2005-1348
SHA-256 | ff2e2ce5c94655dfb9465949f75f90f07c48c21db60b136d56f8315fb6e91c26
Cacti graph_view.php Remote Command Execution
Posted Oct 30, 2009
Authored by David Maciejak

This Metasploit module exploits an arbitrary command execution vulnerability in the Raxnet Cacti 'graph_view.php' script. All versions of Raxnet Cacti prior to 0.8.6-d are vulnerable.

tags | exploit, arbitrary, php
SHA-256 | 77015dcc4a4e48442940b4772f4885d88b39b635512bbe063d6f2de6d3022e2b
dma-hydra-5.4-src_plus.txt
Posted Sep 5, 2007
Authored by thc, David Maciejak

Patch for THC's Hydra that adds a dependency checks for openssl needed for the SIP module, modifies checks for libpq.so for Postgresql module, adds a new module for Netware NCP and for Firebird database.

SHA-256 | a644e2e1a9eb85606bd9b9f29ac096834058d72e8ab3dca236b8146d7a98e302
iDEFENSE Security Advisory 2007-07-16.2
Posted Jul 17, 2007
Authored by iDefense Labs, David Maciejak | Site idefense.com

iDefense Security Advisory 07.16.07 - Remote exploitation of an authorization bypass vulnerability in Trend Micro Inc.'s OfficeScan for Windows could allow attackers to login to the management console and alter application settings. The OfficeScan installation includes a web management console that allows administrators to configure the application and the Antivirus clients it manages. The web interface login is handled by cgiChkMasterPwd.exe which is passed a hash and an encrypted version of the password generated by an ActiveX control on the login page. If cgiChkMasterPwd.exe is sent an empty encryption string and empty hash it proceeds to issue the client a valid session id which can then be used to access the web management console. iDefense has confirmed the existence of this vulnerability in OfficeScan for Windows 7.3 with all current patches applied. Previous versions may also be affected.

tags | advisory, remote, web, activex, bypass
systems | windows
advisories | CVE-2007-3455
SHA-256 | a98a64e827c3881c6d7525e8e9f19ca35a49b345f4e980df850b0db80b122c89
ipswitchXSS.txt
Posted May 21, 2006
Authored by David Maciejak

Ipswitch WhatsUp Professional suffers from source disclosure, information disclosure, and cross site scripting flaws. Weaknesses are confirmed in version 2006. Earlier versions may also be susceptible.

tags | exploit, xss, info disclosure
SHA-256 | a9a7a332f27024112aca7776f100288c07c382051fe5ea02a197f2d35645d3f2
webcalEnumerate.txt
Posted May 6, 2006
Authored by David Maciejak

WebCalendar is susceptible to user enumeration flaws.

tags | advisory
SHA-256 | 935103eb1980f6dfbf36877ebf7bdf6873490fa42f6e438f5f00cb6731e32120
gnms20060408.tgz
Posted Apr 11, 2006
Authored by David Maciejak | Site gnms.rubyforge.org

GNMS is a free Network Management System, a tool to monitor state of network elements. All nodes are mapped on a window. States can be discovered by service, snmp, custom pooling, moreover syslog and snmp traps can be caught too.

systems | unix
SHA-256 | f16b8673b8448308becb28dd480cfd1fc14b98a380a73d19f47ed82be7f83d48
JuniperNSM.txt
Posted Dec 29, 2005
Authored by David Maciejak

A Malicious user can cause a remote denial of service in Juniper NSM (NetScreen-Security Manager) by sending specially crafted and long strings to guiSrv(port 7800) and devSrv(port 7801).

tags | advisory, remote, denial of service
systems | juniper
SHA-256 | 797817f93ca63bd55c20e9ac4d6c679d95eeadee929cea0952179beb1d73a6e5
EdgewallSQL.txt
Posted Dec 3, 2005
Authored by David Maciejak

Edgewall Trac version 0.9 is susceptible to a SQL injection attack due to a lack of sanity checking on the group variable.

tags | exploit, sql injection
SHA-256 | 0e476544b659e0558351730fac351de96b79fa2ac9ed9599c2b7042ef2694279
tomcat550.txt
Posted Nov 8, 2005
Authored by David Maciejak

Many time consuming directory listing requests can cause a denial of service in Apache Tomcat versions 5.5.0 through 5.5.11.

tags | advisory, denial of service
SHA-256 | 086f15a92d10b2d041ac47dd4acff5fdcdb316d12cb606660db99f35aac7f44c
wzdFTPd.pm.txt
Posted Nov 5, 2005
Authored by David Maciejak

Wzdftpd SITE command arbitrary command execution Metasploit plugin exploit for versions 0.5.4 and below.

tags | exploit, arbitrary
SHA-256 | 3e85d32db1a1b151f81bc4597b865d596dd534d0730ffb45e51d9520107e8d72
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close