Twenty Year Anniversary
Showing 1 - 15 of 15 RSS Feed

Files from Pedro Andujar

Email addresspandujar at selfdefense.es
First Active2006-05-21
Last Active2018-09-10
Avaya one-X 9.x / 10.0.x / 10.1.x Arbitrary File Disclosure / Deletion
Posted Sep 10, 2018
Authored by Pedro Andujar

Avaya one-X versions 9.x, 10.0.x, and 10.1.x suffer from arbitrary file disclosure and deletion vulnerabilities.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2018-15610
MD5 | 19f5b0846706f9c5967437b6d530042e
Televes COAXDATA GATEWAY 1Gbps Access Bypass / Information Disclosure
Posted Jul 21, 2017
Authored by Pedro Andujar

Televes COAXDATA GATEWAY 1Gbps suffers from credential disclosure, arbitrary password change, unrestricted backup restore, and various other vulnerabilities. The vendor has notified Packet Storm that firmware version 1.03.0016 addresses these issues.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2017-6530, CVE-2017-6531, CVE-2017-6532
MD5 | 11e5fce5fce1522aabed9b6b047e5214
ElasticSearch Snapshot API Directory Traversal
Posted Oct 14, 2015
Authored by Pedro Andujar, Roberto S. Soares, Jose A. Guasch, Benjamin Smith | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in ElasticSearch, allowing an attacker to read arbitrary files with JVM process privileges, through the Snapshot API.

tags | exploit, arbitrary
advisories | CVE-2015-5531
MD5 | 597dfe327eedfc8511b12647b523e278
ElasticSearch Path Traversal Arbitrary File Download
Posted Oct 1, 2015
Authored by Pedro Andujar

Proof of concept code that demonstrates a path traversal vulnerability in ElasticSearch that allows for arbitrary file disclosure.

tags | exploit, arbitrary, proof of concept
systems | linux
advisories | CVE-2015-5531
MD5 | 07ca3f109ce62eba569e1484ff2cf009
ElasticSearch Cloud-Azure Insecure Transit
Posted Sep 19, 2015
Authored by Pedro Andujar

The connection string for ELK cloud-azure plugin contains hardcoded http url with the lack of encryption and certificate validation, therefore it is prone to sniffing and MiTM attacks. A potential attacker with the required access to the network traffic would be able to intercept the content of the indexes snapshots.

tags | advisory, web, info disclosure
MD5 | db4cb0eef7d6e308807c95bb5cbb6766
ElasticSearch Directory Traversal Proof Of Concept
Posted May 1, 2015
Authored by John Heasman, Pedro Andujar

ElasticPwn is a proof of concept exploit that demonstrates the directory traversal vulnerability in versions prior to 1.5.2 and 1.4.5.

tags | exploit, proof of concept
advisories | CVE-2015-3337
MD5 | e96503dbd5ce98ac55146844e8d7c6c6
Checkpoint Endpoint Security Media Encryption EPM Explorer Bypass
Posted Nov 14, 2013
Authored by Pedro Andujar

Checkpoint Endpoint Security Media Encryption Explorer version 4.97.2 (Endpoint Security R73) contains two issues which can help to bypass the failed password attempts limit established in the password policy.

tags | advisory, bypass
advisories | CVE-2013-5635, CVE-2013-5636
MD5 | da697a63cf1a11164411d7832782e2b0
Cisco Ironport Cross Site Request Forgery / Cross Site Scripting
Posted Aug 26, 2013
Authored by Pedro Andujar

Cisco IronPort Security Management Appliance M170 version 7.9.1-030 suffers from cross site scripting and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, xss, csrf
systems | cisco
advisories | CVE-2013-3396, CVE-2013-3395
MD5 | 2fabe988d28db73cb1b616f923940cd0
CM3 AcoraCMS XSS / CSRF / Redirection / Disclosure
Posted Aug 26, 2013
Authored by Pedro Andujar

CM3 AcoraCMS versions 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, and 5.5.0/1b-p1 suffer from cross site request forgery, cross site scripting, information disclosure, weak cookies, and URL redirection vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
advisories | CVE-2013-4722, CVE-2013-4723, CVE-2013-4724, CVE-2013-4725, CVE-2013-4726, CVE-2013-4727, CVE-2013-4728
MD5 | ff4e7b5606f1a69f78270c19ed79bbf1
DS3 Authentication Server Command Execution
Posted Jun 3, 2013
Authored by Pedro Andujar

DS3 Authentication Server suffers from path disclosure and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability
MD5 | 110e407d768209d2dec5f321f990ff01
Imperva SecureSphere Operations Manager Command Execution
Posted Jun 3, 2013
Authored by Pedro Andujar

Imperva SecureSphere Operations Manager version 9.0.0.5 Enterprise Edition suffers from path disclosure, command execution, and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, file upload
MD5 | cdf8dfe6404a22e697acbdbeb344e4ef
Editran editcp 4.1 R7 Remote Buffer Overflow
Posted Jul 6, 2010
Authored by Pedro Andujar

Editran editcp version 4.1 R7 suffers from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
MD5 | 99add1af6145e9a9fb8e2e9814bfa8cc
lifesucks.pl.txt
Posted Jul 9, 2006
Authored by Alejandro Ramos, Pedro Andujar

LifeType version 1.0.5 remote SQL injection exploit.

tags | exploit, remote, sql injection
MD5 | c29e926e788a2d4e1d4cec6e913fb4bd
eBD-es.txt
Posted May 21, 2006
Authored by Pedro Andujar | Site digitalsec.es

eBusiness Designer versions 3.1.4 and below suffer from arbitrary file upload, code execution, and cross site scripting flaws. Spanish version of this advisory.

tags | exploit, arbitrary, code execution, xss, file upload
MD5 | 0205f6041a18dab18e3cc221349d0add
eBD-en.txt
Posted May 21, 2006
Authored by Pedro Andujar | Site digitalsec.es

eBusiness Designer versions 3.1.4 and below suffer from arbitrary file upload, code execution, and cross site scripting flaws. English version of this advisory.

tags | exploit, arbitrary, code execution, xss, file upload
MD5 | 8e1244d56d06ba6677b6b713ca60b897
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close