what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files from Filip Palian

Email addressfilip.palian at pjwstk.edu.pl
First Active2006-12-21
Last Active2019-01-07
BMC Network Automation 8.7.00.000 Session Hijacking
Posted Jan 7, 2019
Authored by Filip Palian

The BMC Network Automation allows authenticated users to hijack established remote sessions of other users, version v8.7.00.000 b383 u038 was confirmed to be vulnerable.

tags | exploit, remote
SHA-256 | 3d15c4f8be6b2d9910c5af59812a7ff1dc6e9e70f54d19034887282552279829
BMC Remedy / ITAM 7.1.00 / 9.1.02.003 Information Disclosure
Posted Jan 7, 2019
Authored by Filip Palian

BMC Remedy and ITAM versions 7.1.00 and 9.1.02.003 suffer from multiple information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2018-18862
SHA-256 | f91d23df9bc0097fffb3bf5213fe0b8005c3a4f47d501ca62b6106eeb36a9b3a
Couchbase Server Remote Code Execution
Posted Aug 24, 2018
Authored by Filip Palian

Couchbase Server allows for authenticated users to send arbitrary erlang code to diag/eval.

tags | exploit, arbitrary
SHA-256 | bee84c02eb590cd8afe480b2cb7df7bef5b42effc8121d3c4052343f9ea1a3df
Bomgar Remote Support Portal (RSP) Path Traversal
Posted Mar 23, 2018
Authored by Filip Palian

Bomgar Remote Support Portal (RSP) suffers from a path traversal vulnerability.

tags | exploit, remote, file inclusion
advisories | CVE-2017-12815
SHA-256 | 198c0a663e903151778dba0bb70bdc8962d81bbecba75ce4118877f409e1811d
ModSecurity For Nginx Use-After-Free
Posted Mar 23, 2018
Authored by Filip Palian

The ModSecurity for Nginx "non-release" version suffers from a use-after-free vulnerability.

tags | exploit
SHA-256 | d9207b29252240c7674a132fbfa13cc88942175716e3707ba61e89b39606af89
Kaseya Virtual System Administrator (VSA) Local Privilege Escalation
Posted Mar 23, 2018
Authored by Filip Palian

The Kaseya Virtual System Administrator (VSA) agent "AgentMon.exe" suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2017-12410
SHA-256 | ae389b3de0f2ff85eb73501729ef4cc6e3a1d36853d5c2a3572be96e3b97a4e0
A Tale of openssl_seal(), PHP, and Apache2handle
Posted Feb 2, 2016
Authored by Filip Palian, Marek Kroemeke, Mateusz Kocielski

openssl_seal() is prone to use uninitialized memory that can be turned into a code execution. This document describes technical details of the journey to hijack apache2 requests. It is a very well written and thoroughly documented piece of research.

tags | exploit, paper, code execution
SHA-256 | 7328b4676384b96b2489eec8e7c79cb066123cadf924ac7ffb3cdc3f203e52c4
Varnish Cache 4.03 Buffer Overflow
Posted Mar 10, 2015
Authored by Filip Palian, Marek Kroemeke, Akat1

Varnish Cache version 4.0.3 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 2b10a0518f442a736ea3e86364fcb47251a1b0e1853674a11d5a6b920b9b9cd1
Sourcefire Defense Center File Download / Cross Site Scripting
Posted Apr 5, 2012
Authored by Filip Palian

The Sourcefire Defense Center(R) versions prior 4.10.2.3 were found to be vulnerable to arbitrary file download, deletion of files in a specific directory, persistent cross site scripting, and database access using default credentials in some circumstances.

tags | exploit, arbitrary, xss
SHA-256 | a9d7e313e24a1fb445e3a80c7afeab9310471eba9fc7f977406b4e4c4934ed50
RSA enVision Cross Site Scripting / SQL Injection
Posted Mar 19, 2012
Authored by Filip Palian | Site emc.com

RSA enVision 4.x suffers from remote SQL injection, cross site scripting, authentication attempt restriction, and hardcoded credential vulnerabilities.

tags | advisory, remote, vulnerability, xss, sql injection
advisories | CVE-2012-0399, CVE-2012-0400, CVE-2012-0401, CVE-2012-0402, CVE-2012-0403
SHA-256 | 766d4e2a21af4ed52778ae2efdfcd577ce82c1423642cde3c2a93b082e130048
Splunk Cross Site Scripting / Denial Of Service
Posted Oct 19, 2011
Authored by Filip Palian

Splunk suffers from cross site scripting and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
SHA-256 | ddfc14ed113370c19fa721dd478402ae1860dca25d896e9d9263eea9a41993ee
PHP Socket connect() Stack Buffer Overflow
Posted May 25, 2011
Authored by Filip Palian, Marek Kroemeke, Mateusz Kocielski

PHP socket connect() stack buffer overflow proof of concept code.

tags | exploit, overflow, php, proof of concept
advisories | CVE-2011-1938
SHA-256 | 6abcba91bf7177e20f4ef770653563e589f25adaafe8dc216b107fff5b5e35b9
NitroSecurity ESM 8.4.0a Remote Code Execution
Posted Oct 27, 2010
Authored by Filip Palian

NitroSecurity ESM version 8.4.0a suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 5a5dff0296b475d5d8af442fad48c87fe0e18e612bc44dab86e13d7fc361a66c
Virtualmin Symlink / XSS / More
Posted Jul 14, 2009
Authored by Filip Palian

Virtualmin versions prior to 3.703 suffer from symlink, cross site scripting, anonymous proxy, and various other vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | e2ec5ef0262064584f5fe32a3a03e415f58f630f9cbec3e0bab5ae8bedad7dde
Axesstel MV 410R Bypass / XSS
Posted Jul 3, 2009
Authored by Filip Palian

The Axesstel MV 410R protects from malicious input by leveraging javascript, allowing an attacker to bypass all of this easily. The device is also susceptible to permanent cross site scripting vulnerabilities.

tags | exploit, javascript, vulnerability, xss, bypass
SHA-256 | 1a88d38ba784963b4eb593ef3e74f8894da4cf2c1c216b8940603ecd94a82417
zoneminder-multi.txt
Posted Aug 27, 2008
Authored by Filip Palian

ZoneMinder versions 1.23.3 and below suffer from command injection, SQL injection, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 55a64e531a978647b9439767a88f9de3c18cf64e5e2d817d8d467293e12ac55d
inetmedia.txt
Posted Dec 21, 2006
Authored by kahir, Filip Palian

Multiple cross site scripting and SQL injection vulnerabilities were found in Inetmedia's web services cityinfo.pl and cityaz.de, which my be exploited by attackers to gain confidential information and/or modify the database.

tags | exploit, web, vulnerability, xss, sql injection
SHA-256 | 75f8727ef771eee315605520f22f5035089f32572f68229450267bfd4ae19a0d
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    0 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close