what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files from Robin Verton

Email addressr.verton at gmail.com
First Active2005-11-15
Last Active2018-05-03
Trovebox 4.0.0-rc6 SQL Injection / Bypss / SSRF
Posted May 3, 2018
Authored by Robin Verton

Trovebox versions 4.0.0-rc6 and below suffer from authentication bypass, server-side request forgery, unsafe token generation, nd remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, bypass
SHA-256 | 2bd9eba90c187412520d8986e92dd1c4480228cda7bb0eec67f1460e5d7e18ac
Kaltura Remote PHP Code Execution
Posted Jan 24, 2018
Authored by Robin Verton, Mehmet Ince | Site metasploit.com

This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hard-coded cookie secret which allows to sign arbitrary cookie data. After passing this signature check, the base64- decoded data is passed to PHPs unserialize() function which allows for code execution. The constructed object is again based on the SektionEins Zend code execution POP chain PoC. Kaltura versions prior to 13.1.0 are affected by this issue. A valid entry_id (which is required for this exploit) can be obtained from any media resource published on the kaltura installation. This Metasploit module was tested against Kaltura 13.1.0-2 installed on Ubuntu 14.04.

tags | exploit, web, arbitrary, php, code execution
systems | linux, ubuntu
advisories | CVE-2017-14143
SHA-256 | da00d7666ebcac087d98220e64d9b76abb02af42dcd0af40a1090b15bf80f97d
Kaltura 13.1.0 Remote Code Execution
Posted Oct 23, 2017
Authored by Robin Verton

Kaltura versions 13.1.0 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-14143
SHA-256 | 73bbdc3dfb63fe71bff9b533363ded6daba1c5d251d456a8d077bb1e4caf737c
Kaltura 13.1.0 Code Execution / Cross Site Scripting
Posted Sep 23, 2017
Authored by Robin Verton

Kaltura versions 13.1.0 and below suffer from code execution and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
advisories | CVE-2017-14141, CVE-2017-14142, CVE-2017-14143
SHA-256 | f13d7e1066f62d0ca0b0da505366a1d539c7943e2d61a9efc629ec92d9a34e9f
DirtyCow Local Root Proof Of Concept
Posted Oct 21, 2016
Authored by Robin Verton

DirtyCow local root proof of concept exploit that overwrites passwd.

tags | exploit, local, root, proof of concept
advisories | CVE-2016-5195
SHA-256 | df34e9d762c2e604ca92f005965b39f3d5c491ae429c86602f59d50276e01130
myBloggie 2.1.6 SQL Injection
Posted Jun 18, 2011
Authored by Robin Verton

myBloggie version 2.1.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9100ce6e2002fd13b7e37a95eaf2aa28615a7922545368ed8f273d60567f928a
webspell40-multi.txt
Posted Feb 24, 2007
Authored by Robin Verton

WebSpell versions greater than 4.0 suffer from authentication bypass and arbitrary code execution flaws.

tags | exploit, arbitrary, code execution
SHA-256 | 8467b9c101022d381e98b3f6b888b3fa5bea9ca1d685b2b19003a3b4eb7b32ee
dotProject-2.0.1.txt
Posted Feb 14, 2006
Authored by Robin Verton

dotProject versions 2.0.1 and below are vulnerable to multiple arbitrary code execution and information disclosure problems.

tags | exploit, arbitrary, code execution, info disclosure
SHA-256 | 65d278cfd1e0fb5de0c01a4650d9eb60a82d1f8ca72d701d3d4d18e7db65063f
phpFusion600206.txt
Posted Nov 20, 2005
Authored by Robin Verton

PHP-Fusion versions 6.00.206 and below suffer from SQL injection attacks.

tags | exploit, php, sql injection
SHA-256 | 5c759a854ef640ac086d20a4e6915f62b1f78fc833f667effd143990303e0ff0
affiliateNetwork.txt
Posted Nov 20, 2005
Authored by Robin Verton

Affiliate Network Pro version 7.2 suffers from SQL injection, code execution, and cross site scripting flaws.

tags | exploit, code execution, xss, sql injection
SHA-256 | b68e33f43a3e04ebcaa708511893cd0724696a199e0423be9e92141c50125a03
PHPCalendar.txt
Posted Nov 15, 2005
Authored by Robin Verton

A remote code execution vulnerability has been discovered in various CodeGrrl products including PHPCalendar, PHPClique, PHPFanBase, PHPCurrently, and PHPQuotes.

tags | exploit, remote, code execution
SHA-256 | 2539e6a0a10e5c9a163b673cf8ee1861d726956268b445b7b8fd95553d9bb737
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close