exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files from Filip Palian

Email addressfilip.palian at pjwstk.edu.pl
First Active2006-12-21
Last Active2019-01-07
BMC Network Automation 8.7.00.000 Session Hijacking
Posted Jan 7, 2019
Authored by Filip Palian

The BMC Network Automation allows authenticated users to hijack established remote sessions of other users, version v8.7.00.000 b383 u038 was confirmed to be vulnerable.

tags | exploit, remote
MD5 | c415e423f050fe4320c681efd6d296d5
BMC Remedy / ITAM 7.1.00 / 9.1.02.003 Information Disclosure
Posted Jan 7, 2019
Authored by Filip Palian

BMC Remedy and ITAM versions 7.1.00 and 9.1.02.003 suffer from multiple information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2018-18862
MD5 | 183faa5958c41b0ce055d4b97e568dff
Couchbase Server Remote Code Execution
Posted Aug 24, 2018
Authored by Filip Palian

Couchbase Server allows for authenticated users to send arbitrary erlang code to diag/eval.

tags | exploit, arbitrary
MD5 | 1a112ea45d4e8f0f5bcf925e8e4587b6
Bomgar Remote Support Portal (RSP) Path Traversal
Posted Mar 23, 2018
Authored by Filip Palian

Bomgar Remote Support Portal (RSP) suffers from a path traversal vulnerability.

tags | exploit, remote, file inclusion
advisories | CVE-2017-12815
MD5 | 3f40ab22e5c7a7b694af1162f8ab9899
ModSecurity For Nginx Use-After-Free
Posted Mar 23, 2018
Authored by Filip Palian

The ModSecurity for Nginx "non-release" version suffers from a use-after-free vulnerability.

tags | exploit
MD5 | 5ecc1db2379d722379ab019204862c7f
Kaseya Virtual System Administrator (VSA) Local Privilege Escalation
Posted Mar 23, 2018
Authored by Filip Palian

The Kaseya Virtual System Administrator (VSA) agent "AgentMon.exe" suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2017-12410
MD5 | 814ffa943c77c27f80eeda9249f12e0c
A Tale of openssl_seal(), PHP, and Apache2handle
Posted Feb 2, 2016
Authored by Filip Palian, Marek Kroemeke, Mateusz Kocielski

openssl_seal() is prone to use uninitialized memory that can be turned into a code execution. This document describes technical details of the journey to hijack apache2 requests. It is a very well written and thoroughly documented piece of research.

tags | exploit, paper, code execution
MD5 | 9c14b46a2de734fa08faee15ff5d7157
Varnish Cache 4.03 Buffer Overflow
Posted Mar 10, 2015
Authored by Filip Palian, Marek Kroemeke, Akat1

Varnish Cache version 4.0.3 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | a6bf0dcb9a016c94f4ef460645eb0ccc
Sourcefire Defense Center File Download / Cross Site Scripting
Posted Apr 5, 2012
Authored by Filip Palian

The Sourcefire Defense Center(R) versions prior 4.10.2.3 were found to be vulnerable to arbitrary file download, deletion of files in a specific directory, persistent cross site scripting, and database access using default credentials in some circumstances.

tags | exploit, arbitrary, xss
MD5 | d677a853ddf806938b9d7ec933b2823d
RSA enVision Cross Site Scripting / SQL Injection
Posted Mar 19, 2012
Authored by Filip Palian | Site emc.com

RSA enVision 4.x suffers from remote SQL injection, cross site scripting, authentication attempt restriction, and hardcoded credential vulnerabilities.

tags | advisory, remote, vulnerability, xss, sql injection
advisories | CVE-2012-0399, CVE-2012-0400, CVE-2012-0401, CVE-2012-0402, CVE-2012-0403
MD5 | 6aa738f6130c4494f4e9ed3ec7402720
Splunk Cross Site Scripting / Denial Of Service
Posted Oct 19, 2011
Authored by Filip Palian

Splunk suffers from cross site scripting and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
MD5 | a834b87d9901b8d58ba9a4d6420dd49c
PHP Socket connect() Stack Buffer Overflow
Posted May 25, 2011
Authored by Filip Palian, Marek Kroemeke, Mateusz Kocielski

PHP socket connect() stack buffer overflow proof of concept code.

tags | exploit, overflow, php, proof of concept
advisories | CVE-2011-1938
MD5 | fddfcef57c1ae3d3317eb501f29dab53
NitroSecurity ESM 8.4.0a Remote Code Execution
Posted Oct 27, 2010
Authored by Filip Palian

NitroSecurity ESM version 8.4.0a suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | db7aea918b88fbcbc8cf6fab57ae636b
Virtualmin Symlink / XSS / More
Posted Jul 14, 2009
Authored by Filip Palian

Virtualmin versions prior to 3.703 suffer from symlink, cross site scripting, anonymous proxy, and various other vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 1b747e67ba885c049bd864f8f08c6d6d
Axesstel MV 410R Bypass / XSS
Posted Jul 3, 2009
Authored by Filip Palian

The Axesstel MV 410R protects from malicious input by leveraging javascript, allowing an attacker to bypass all of this easily. The device is also susceptible to permanent cross site scripting vulnerabilities.

tags | exploit, javascript, vulnerability, xss, bypass
MD5 | 3b3cb74b779b5512da641e7061b101b6
zoneminder-multi.txt
Posted Aug 27, 2008
Authored by Filip Palian

ZoneMinder versions 1.23.3 and below suffer from command injection, SQL injection, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, sql injection
MD5 | d8bb2d877419e579e9d76b0f207b8425
inetmedia.txt
Posted Dec 21, 2006
Authored by kahir, Filip Palian

Multiple cross site scripting and SQL injection vulnerabilities were found in Inetmedia's web services cityinfo.pl and cityaz.de, which my be exploited by attackers to gain confidential information and/or modify the database.

tags | exploit, web, vulnerability, xss, sql injection
MD5 | f8b84ae188e1e794c2f0e08dbb241966
Page 1 of 1
Back1Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    2 Files
  • 18
    Feb 18th
    27 Files
  • 19
    Feb 19th
    32 Files
  • 20
    Feb 20th
    15 Files
  • 21
    Feb 21st
    17 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close