exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files from Robin Verton

Email addressr.verton at gmail.com
First Active2005-11-15
Last Active2018-05-03
Trovebox 4.0.0-rc6 SQL Injection / Bypss / SSRF
Posted May 3, 2018
Authored by Robin Verton

Trovebox versions 4.0.0-rc6 and below suffer from authentication bypass, server-side request forgery, unsafe token generation, nd remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, bypass
SHA-256 | 2bd9eba90c187412520d8986e92dd1c4480228cda7bb0eec67f1460e5d7e18ac
Kaltura Remote PHP Code Execution
Posted Jan 24, 2018
Authored by Robin Verton, Mehmet Ince | Site metasploit.com

This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hard-coded cookie secret which allows to sign arbitrary cookie data. After passing this signature check, the base64- decoded data is passed to PHPs unserialize() function which allows for code execution. The constructed object is again based on the SektionEins Zend code execution POP chain PoC. Kaltura versions prior to 13.1.0 are affected by this issue. A valid entry_id (which is required for this exploit) can be obtained from any media resource published on the kaltura installation. This Metasploit module was tested against Kaltura 13.1.0-2 installed on Ubuntu 14.04.

tags | exploit, web, arbitrary, php, code execution
systems | linux, ubuntu
advisories | CVE-2017-14143
SHA-256 | da00d7666ebcac087d98220e64d9b76abb02af42dcd0af40a1090b15bf80f97d
Kaltura 13.1.0 Remote Code Execution
Posted Oct 23, 2017
Authored by Robin Verton

Kaltura versions 13.1.0 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-14143
SHA-256 | 73bbdc3dfb63fe71bff9b533363ded6daba1c5d251d456a8d077bb1e4caf737c
Kaltura 13.1.0 Code Execution / Cross Site Scripting
Posted Sep 23, 2017
Authored by Robin Verton

Kaltura versions 13.1.0 and below suffer from code execution and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
advisories | CVE-2017-14141, CVE-2017-14142, CVE-2017-14143
SHA-256 | f13d7e1066f62d0ca0b0da505366a1d539c7943e2d61a9efc629ec92d9a34e9f
DirtyCow Local Root Proof Of Concept
Posted Oct 21, 2016
Authored by Robin Verton

DirtyCow local root proof of concept exploit that overwrites passwd.

tags | exploit, local, root, proof of concept
advisories | CVE-2016-5195
SHA-256 | df34e9d762c2e604ca92f005965b39f3d5c491ae429c86602f59d50276e01130
myBloggie 2.1.6 SQL Injection
Posted Jun 18, 2011
Authored by Robin Verton

myBloggie version 2.1.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9100ce6e2002fd13b7e37a95eaf2aa28615a7922545368ed8f273d60567f928a
webspell40-multi.txt
Posted Feb 24, 2007
Authored by Robin Verton

WebSpell versions greater than 4.0 suffer from authentication bypass and arbitrary code execution flaws.

tags | exploit, arbitrary, code execution
SHA-256 | 8467b9c101022d381e98b3f6b888b3fa5bea9ca1d685b2b19003a3b4eb7b32ee
dotProject-2.0.1.txt
Posted Feb 14, 2006
Authored by Robin Verton

dotProject versions 2.0.1 and below are vulnerable to multiple arbitrary code execution and information disclosure problems.

tags | exploit, arbitrary, code execution, info disclosure
SHA-256 | 65d278cfd1e0fb5de0c01a4650d9eb60a82d1f8ca72d701d3d4d18e7db65063f
phpFusion600206.txt
Posted Nov 20, 2005
Authored by Robin Verton

PHP-Fusion versions 6.00.206 and below suffer from SQL injection attacks.

tags | exploit, php, sql injection
SHA-256 | 5c759a854ef640ac086d20a4e6915f62b1f78fc833f667effd143990303e0ff0
affiliateNetwork.txt
Posted Nov 20, 2005
Authored by Robin Verton

Affiliate Network Pro version 7.2 suffers from SQL injection, code execution, and cross site scripting flaws.

tags | exploit, code execution, xss, sql injection
SHA-256 | b68e33f43a3e04ebcaa708511893cd0724696a199e0423be9e92141c50125a03
PHPCalendar.txt
Posted Nov 15, 2005
Authored by Robin Verton

A remote code execution vulnerability has been discovered in various CodeGrrl products including PHPCalendar, PHPClique, PHPFanBase, PHPCurrently, and PHPQuotes.

tags | exploit, remote, code execution
SHA-256 | 2539e6a0a10e5c9a163b673cf8ee1861d726956268b445b7b8fd95553d9bb737
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close