exploit the possibilities
Showing 1 - 25 of 64 RSS Feed

Files from dun

Email addressdun at strcpy.eu
First Active2007-08-14
Last Active2014-10-14
Bosch Security Systems DVR 630/650/670 Root Shell / Password Disclosure
Posted Oct 14, 2014
Authored by dun

Bosch Security Systems DVR 630/650/670 series systems suffer from remote command execution as root and administrative password disclosure vulnerabilities.

tags | exploit, remote, root, vulnerability, info disclosure
SHA-256 | 18008cc1143109069e53b4f19c4566bfb1d2dddbb33961d180e4ec88b730836e
Allied Telesis AT-MCF2000M 3.0.2 Local Root
Posted Jan 3, 2013
Authored by dun

Allied Telesis AT-MCF2000M version 3.0.2 suffers from a local root-level privilege escalation vulnerability.

tags | exploit, local, root
SHA-256 | ff5d7406c17bd8ff7fdbdde80e74244fd325b7101bde127bdef0b679b0c3a63e
Narcissus Image Configuration Passthru
Posted Nov 21, 2012
Authored by dun, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Narcissus image configuration function. This is due to the backend.php file not handling the $release parameter properly, and then passes it on to the configure_image() function. In this function, the $release parameter can be used to inject system commands for passthru (a PHP function that's meant to be used to run a bash script by the vulnerable application), which allows remote code execution under the context of the web server.

tags | exploit, remote, web, php, code execution, bash
SHA-256 | e4e301239f9dd9233d1f53f7eeec494854791ab17cbfc496d7ff9fc4c9b4e501
Narcissus Remote Command Execution
Posted Nov 15, 2012
Authored by dun

Narcissus online image builder suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 1e7e866c2471ee4f3e78a4cbfbe1c015cc3162c100922051cb553dfb05ba2c43
dotProject 2.1.6 Remote File Inclusion
Posted Nov 15, 2012
Authored by dun

dotProject versions 2.1.6 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
advisories | OSVDB-23213
SHA-256 | fa2ee4b0d4a5a30660b415dc6dd6f5911f2d4414c98606428fee81675aaad1d2
netOffice Dwins 1.4p3 SQL Injection
Posted Nov 9, 2012
Authored by dun

netOffice Dwins versions 1.4p3 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 39d41b4252de6df2de9804cbc38a0b31dfb7d7ffc050c10e0eb5d04a5d71b5ac
Sflog! CMS 1.0 Arbitrary File Upload
Posted Sep 7, 2012
Authored by dun, sinn3r | Site metasploit.com

This Metasploit module exploits multiple design flaws in Sflog 1.0. By default, the CMS has a default admin credential of "admin:secret", which can be abused to access administrative features such as blogs management. Through the management interface, we can upload a backdoor that's accessible by any remote user, and then gain arbitrary code execution.

tags | exploit, remote, arbitrary, code execution
advisories | OSVDB-83767
SHA-256 | df8a3a625895eb3faaf98942ef2a7cf7f43469012acc9d053eb309172b671640
WebPA 1.1.0.1 File Upload / Add Administrator
Posted Aug 24, 2012
Authored by dun

WebPA versions 1.1.0.1 and below suffers from add administrator and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, bypass, file upload
SHA-256 | 7bd39787e4c6ec6b66ddfce46cc21cd8e97656ed439b597e522d5ba157e0a4fd
WeBid 1.0.4 RFI / File Disclosure / SQL Injection
Posted Aug 17, 2012
Authored by dun

WeBid versions 1.0.4 and below suffer from local file disclosure, remote file inclusion, and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, sql injection, file inclusion
SHA-256 | cadf34d43c06b4a8884f133bd4533936acc454d86939dd74decdbe83787a788e
WebPageTest Arbitrary PHP File Upload
Posted Aug 1, 2012
Authored by dun, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in WebPageTest's Upload Feature. By default, the resultimage.php file does not verify the user-supplied item before saving it to disk, and then places this item in the web directory accessable by remote users. This flaw can be abused to gain remote code execution.

tags | exploit, remote, web, php, code execution
advisories | OSVDB-83822
SHA-256 | 12ff7aba4342dfbb7f5a516aa01579569cbaf4c1cb86bb84f42047ca2ada8e0b
WebPageTest 2.6 Shell Upload / File Disclosure / File Deletion
Posted Jul 13, 2012
Authored by dun

WebPageTest versions 2.6 and below suffer from local file inclusion, shell upload, file disclosure, and file deletion vulnerabilities.

tags | exploit, shell, local, vulnerability, file inclusion
SHA-256 | 89dcea13ec2ce098c36406bb3eb0f66cf4abc25e56f9529e8cf96f1886dc3447
sflog! 1.00 LFI / Password Disclosure / Shell Upload
Posted Jul 6, 2012
Authored by dun

sflog! versions 1.00 and below suffer from local file inclusion, administrative password disclosure, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion, info disclosure
SHA-256 | a330468dd724ab2f78215e629c1c00b9dcb52c8249a68c63ac563236adda7e5a
phpMyBackupPro 2.2 Local File Inclusion
Posted Jul 3, 2012
Authored by dun

phpMyBackupPro versions 2.2 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 166b21bdc9185f708bd036262f1a876d4441fdd2ba9d32aff7948aae343ed8f3
webERP 4.08.1 Local File Inclusion / Remote File Inclusion
Posted Jun 28, 2012
Authored by dun

webERP versions 4.08.1 and below suffer from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | 5267f890f545bb735b1c39589e72551064eb335e1539e0d265bf1035279b0379
UCCASS 1.8.1 Blind SQL Injection
Posted Jun 25, 2012
Authored by dun

UCCASS versions 1.8.1 and below suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b8c072201969e215c928967dd018fca97955e7ebb45ed7b5871beabe68f2e728
WEBO Site SpeedUp 1.6.1 Local File Inclusion / Remote File Inclusion
Posted Jun 24, 2012
Authored by dun

WEBO Site SpeedUp versions 1.6.1 and below suffer from local file inclusion and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | dbbeead6c82b71d756c0ca61fa554f3516d4601267dfee26551ae5dc6fcbfb75
LimeSurvey 1.92+ Build120620 Remote File Inclusion / Traversal
Posted Jun 23, 2012
Authored by dun

LimeSurvey version 1.92+ Build 120620 suffers from remote file inclusion and traversal vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | 43b9b487eafdbab47658da07aab4f8a2286ff8e53d69af4f8c40cae632fc2132
Joomla Captcha 4.5.1 File Disclosure
Posted Jan 10, 2011
Authored by dun

Joomla Captcha plugin versions 4.5.1 and below suffer from a file disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | baf1c42d247040cd6931959edd7c8d25ca37a0a5dfed9e017d87f7b18b7f9080
Sahana Agasti 0.6.5 Local File Inclusion / Shell Upload
Posted Jan 8, 2011
Authored by dun

Sahana Agasti versions 0.6.5 and below suffer from local file inclusion, configuration disclosure, and shell upload vulnerabilities.

tags | exploit, shell, local, vulnerability, file inclusion
SHA-256 | e8cf126863abb188c34e9252d11a60131e806dbbc1654754588aff64e8898f13
PhpGedView 4.2.3 Local File Inclusion
Posted Jan 5, 2011
Authored by dun

PhpGedView versions 4.2.3 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 19ea92c71589238fc0dd4885e41ff3a75c2f0448d77ca49c1fcca0f5ccb555ee
Sahana Agasti 0.6.4 SQL Injection
Posted Jan 3, 2011
Authored by dun

Sahana Agasti versions 0.6.4 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c43b0c9ca78cd8229308c5d4edb24c33144301e739d1ef9fd747857df7113230
ChurchInfo 1.2.12 SQL Injection
Posted Jan 1, 2011
Authored by dun

ChurchInfo versions 1.2.12 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | eec17a6657cd7a6bef191aaf714616f4f50fd38065ac04c7498ca2bdba360e94
Star Downloader Free 1.45 Overwrite
Posted Apr 15, 2009
Authored by dun

Star Downloader Free versions 1.45 and below universal SEH overwrite exploit.

tags | exploit
SHA-256 | ab6dea0952c0b1a664d818019ec8054f3e16fc46645f68d5dce4ff804577a426
HTML Email Creator 2.1b668 Overwrite
Posted Apr 14, 2009
Authored by dun

HTML Email Creator versions 2.1b668 and below local SEH overwrite exploit.

tags | exploit, local
SHA-256 | ed2aad125051b8d77061972988f7b5974fd2c101d19de765f0c58eea046705e9
Jinzora Media Jukebox 2.8 Local File Inclusion
Posted Mar 25, 2009
Authored by dun

Jinzora Media Jukebox versions 2.8 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | d6583277eafcf9feaca16cd6cb51c8c0624c53f0621e381b4eb2ce1e04b25c5e
Page 1 of 3
Back123Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close