what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 5 of 5

Files from Alessandro Tanasi

Vtiger CRM 5.2.0 Code Execution / Cross Site Scripting / Local File Inclusion

Posted Nov 18, 2010

Authored by Alessandro Tanasi, Giovanni Pellerano

Vtiger CRM 5.2.0 suffers from code execution, cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, code execution, xss, file inclusion

advisories | CVE-2010-3909, CVE-2010-3910, CVE-2010-3911

SHA-256 | ded3215c44adfd32a956127f5f678bade57d06fb1464aae34530de82afd5278b

Download | Favorite | View

Nginx, Varnish, Cherokee, etc Log Injection

Posted Jan 11, 2010

Authored by Francesco Ongaro, Alessandro Tanasi, Giovanni Pellerano | Site ush.it

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to log escape sequence injection vulnerabilities.

tags | exploit, vulnerability

advisories | CVE-2009-4487, CVE-2009-4488, CVE-2009-4489, CVE-2009-4490, CVE-2009-4491, CVE-2009-4492, CVE-2009-4493, CVE-2009-4494, CVE-2009-4495, CVE-2009-4496

SHA-256 | ca929167a6a430b66650857a093ae76e47f6db643eb8bafffa59b6ebc10896d0

Download | Favorite | View

Hostmap Discovery Tool 0.2.1

Posted Dec 30, 2009

Authored by Alessandro Tanasi | Site hostmap.sourceforge.net

Hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby and licensed under GNU General Public License version 3 (GPLv3). It's goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration tests.

Changes: Various bug fixes and some new features.

tags | tool, scanner, ruby

systems | unix

SHA-256 | 7da22a6ec5e9ca28274d9a82de70b16f427237100662b9d47ac103d163196d74

Download | Favorite | View

Hostmap Discovery Tool 0.2

Posted Dec 17, 2009

Authored by Alessandro Tanasi | Site hostmap.sourceforge.net

Hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby and licensed under GNU General Public License version 3 (GPLv3). It's goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration tests.

Changes: Fully refactored and rewritten in Ruby. User requested interrupt (CTRL+C) now is handled. Various other changes and many additions.

tags | tool, scanner, ruby

systems | unix

SHA-256 | a06c770c7aaaaaa5ceac444c53dcb693e0a188f472e1d9b614145219d8de7f17

Download | Favorite | View

eticket156-xss.txt

Posted Jan 28, 2008

Authored by Alessandro Tanasi | Site tanasi.it

eTicket version 1.5.6-RC4 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 5c28a89d9866f0b6b900fbca6c5f86e59645564048de68cb55ce474a307852ea

Download | Favorite | View