exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files from Pedro Andujar

Email addresspandujar at selfdefense.es
First Active2006-05-21
Last Active2019-08-21
KBPublisher 6.0.2.1 SQL Injection
Posted Aug 21, 2019
Authored by Pedro Andujar

KBPublisher version 6.0.2.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2019-10687
SHA-256 | 0cb59314e98c852707ac5044f0b1f1a109831b145d21d607881263502e2cf412
Avaya one-X 9.x / 10.0.x / 10.1.x Arbitrary File Disclosure / Deletion
Posted Sep 10, 2018
Authored by Pedro Andujar

Avaya one-X versions 9.x, 10.0.x, and 10.1.x suffer from arbitrary file disclosure and deletion vulnerabilities.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2018-15610
SHA-256 | fc1fefea9634475bbbb4693999d6ebf22e28f289b373c3065c44d068c1f14a41
Televes COAXDATA GATEWAY 1Gbps Access Bypass / Information Disclosure
Posted Jul 21, 2017
Authored by Pedro Andujar

Televes COAXDATA GATEWAY 1Gbps suffers from credential disclosure, arbitrary password change, unrestricted backup restore, and various other vulnerabilities. The vendor has notified Packet Storm that firmware version 1.03.0016 addresses these issues.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2017-6530, CVE-2017-6531, CVE-2017-6532
SHA-256 | 9baff8fd7ea7ecdd219dd2f97ec0f608150440181c7874a88448885e8ba30f70
ElasticSearch Snapshot API Directory Traversal
Posted Oct 14, 2015
Authored by Pedro Andujar, Roberto S. Soares, Jose A. Guasch, Benjamin Smith | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in ElasticSearch, allowing an attacker to read arbitrary files with JVM process privileges, through the Snapshot API.

tags | exploit, arbitrary
advisories | CVE-2015-5531
SHA-256 | 9e9a04cf21f31c1319caa6af694dd744146d5b671a3f719be244d3e2a6ee6426
ElasticSearch Path Traversal Arbitrary File Download
Posted Oct 1, 2015
Authored by Pedro Andujar

Proof of concept code that demonstrates a path traversal vulnerability in ElasticSearch that allows for arbitrary file disclosure.

tags | exploit, arbitrary, proof of concept
systems | linux
advisories | CVE-2015-5531
SHA-256 | acc7fbc1802f44f38d620e53cd9d14a6ea2c9e4d060e96de4e1424e40872e719
ElasticSearch Cloud-Azure Insecure Transit
Posted Sep 19, 2015
Authored by Pedro Andujar

The connection string for ELK cloud-azure plugin contains hardcoded http url with the lack of encryption and certificate validation, therefore it is prone to sniffing and MiTM attacks. A potential attacker with the required access to the network traffic would be able to intercept the content of the indexes snapshots.

tags | advisory, web, info disclosure
SHA-256 | b9cb4d374481587d608107ba93bf30d52ff5610e4e98d41e70599fe1f0ceeca7
ElasticSearch Directory Traversal Proof Of Concept
Posted May 1, 2015
Authored by John Heasman, Pedro Andujar

ElasticPwn is a proof of concept exploit that demonstrates the directory traversal vulnerability in versions prior to 1.5.2 and 1.4.5.

tags | exploit, proof of concept
advisories | CVE-2015-3337
SHA-256 | b8dc5f1df82809852d6a77c351c7f2eb981f60244033ee5ab50a39260d9b0d1a
Checkpoint Endpoint Security Media Encryption EPM Explorer Bypass
Posted Nov 14, 2013
Authored by Pedro Andujar

Checkpoint Endpoint Security Media Encryption Explorer version 4.97.2 (Endpoint Security R73) contains two issues which can help to bypass the failed password attempts limit established in the password policy.

tags | advisory, bypass
advisories | CVE-2013-5635, CVE-2013-5636
SHA-256 | d45ede8228777b255c99202f1374063461f34fa72e724348fe261b37ed4a87e9
Cisco Ironport Cross Site Request Forgery / Cross Site Scripting
Posted Aug 26, 2013
Authored by Pedro Andujar

Cisco IronPort Security Management Appliance M170 version 7.9.1-030 suffers from cross site scripting and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, xss, csrf
systems | cisco
advisories | CVE-2013-3396, CVE-2013-3395
SHA-256 | 40a0643dbab499a3f46d60fad23c407a10df8680b8e1f4e8115ef3aed8b93719
CM3 AcoraCMS XSS / CSRF / Redirection / Disclosure
Posted Aug 26, 2013
Authored by Pedro Andujar

CM3 AcoraCMS versions 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, and 5.5.0/1b-p1 suffer from cross site request forgery, cross site scripting, information disclosure, weak cookies, and URL redirection vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
advisories | CVE-2013-4722, CVE-2013-4723, CVE-2013-4724, CVE-2013-4725, CVE-2013-4726, CVE-2013-4727, CVE-2013-4728
SHA-256 | f65adb8d5d4537a8f1aff22cba3e550a87e391426812fdba7c08849a765bdb48
DS3 Authentication Server Command Execution
Posted Jun 3, 2013
Authored by Pedro Andujar

DS3 Authentication Server suffers from path disclosure and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability
SHA-256 | d07d1f72f40c9b53f97cf062264dfb6ed349d318e2eea59c7eed003aced0fc18
Imperva SecureSphere Operations Manager Command Execution
Posted Jun 3, 2013
Authored by Pedro Andujar

Imperva SecureSphere Operations Manager version 9.0.0.5 Enterprise Edition suffers from path disclosure, command execution, and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, file upload
SHA-256 | eec04250ec48215aa48bf604cc560ffa6c8c039d2efdf01586190d7250bc757b
Editran editcp 4.1 R7 Remote Buffer Overflow
Posted Jul 6, 2010
Authored by Pedro Andujar

Editran editcp version 4.1 R7 suffers from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
SHA-256 | f6cf7e0a1f25c0379e532cbc05ba69f842d14168870d4997d94a2bb755af715b
lifesucks.pl.txt
Posted Jul 9, 2006
Authored by Alejandro Ramos, Pedro Andujar

LifeType version 1.0.5 remote SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | 7cb3dc6c234b81ecb6a1977eec55a71c40c959d192c299baa5bde267e114d3b6
eBD-es.txt
Posted May 21, 2006
Authored by Pedro Andujar | Site digitalsec.es

eBusiness Designer versions 3.1.4 and below suffer from arbitrary file upload, code execution, and cross site scripting flaws. Spanish version of this advisory.

tags | exploit, arbitrary, code execution, xss, file upload
SHA-256 | 4b482fbf333a075d4751aebdbee51b85b7250269c2ca66b3ebfd2e00f6a4cb76
eBD-en.txt
Posted May 21, 2006
Authored by Pedro Andujar | Site digitalsec.es

eBusiness Designer versions 3.1.4 and below suffer from arbitrary file upload, code execution, and cross site scripting flaws. English version of this advisory.

tags | exploit, arbitrary, code execution, xss, file upload
SHA-256 | 5f43f8818b4f40213db564e4798a4d0c1b083d11b61f808f44f657e604a3aea0
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close