ignore security and it'll go away
Showing 1 - 25 of 38 RSS Feed

Files from Roberto Suggi Liverani

Real NameRoberto Suggi Liverani
Email addressprivate
Websiteblog.malerisch.net
First Active2008-04-29
Last Active2017-04-20
View User Profile
Trend Micro Threat Discovery Appliance 2.6.1062r1 Session Generation Authentication Bypass
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a session generation authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2016-8584
MD5 | 005e0bebe474fcf55e7c7e59c977ddc0
Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Information Disclosure
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi information disclosure vulnerability.

tags | exploit, cgi, info disclosure
advisories | CVE-2016-7547
MD5 | 1adf882631024240e0ddc894cd726f0b
Trend Micro Threat Discovery Appliance 2.6.1062r1 logoff.cgi Directory Traversal
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logoff.cgi directory traversal authentication bypass vulnerability.

tags | exploit, cgi, bypass, file inclusion
advisories | CVE-2016-7552
MD5 | e64dcba98301f1ab384f8984e9224a9b
Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an admin_sys_time.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8585
MD5 | 3cf21d2a823e33a734b8a40da596090a
Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a admin_sys_time.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8585
MD5 | 7f4e75e562a262a818281920334a6854
Trend Micro Threat Discovery Appliance 2.6.1062r1 detected_potential_files.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a detected_potential_files.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8586
MD5 | aa20468f976a8f6eddbfec0fe9caa436
Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8587
MD5 | 60527f7fa635a3aa1bf0b3ea132bd026
Trend Micro Threat Discovery Appliance 2.6.1062r1 hotfix_upload.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a hotfix_upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8588
MD5 | e421113779124b966d2a378961176ec1
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dae.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dae.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8589
MD5 | b3bfac68f542227a72e9459f1bc56b1d
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dlp.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dlp.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8590
MD5 | 85247d66647dbab7ddff869cae051fc6
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8591
MD5 | fd0b275e96c82c9051e3c2c25ca89caa
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_system.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_system.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8592
MD5 | beb8008a07bbf48c61178c388c733a97
Trend Micro Threat Discovery Appliance 2.6.1062r1 upload.cgi Remote Code Execution
Posted Apr 19, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8593
MD5 | 4f9ee58cfbe5fe18bbb4aa1a4926eca7
Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution
Posted Apr 19, 2017
Authored by Roberto Suggi Liverani, mr_me | Site metasploit.com

This Metasploit module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). The second is a cmd injection flaw using the timezone parameter in the admin_sys_time.cgi interface (CVE-2016-7547).

tags | exploit, cgi, vulnerability, bypass
advisories | CVE-2016-7547, CVE-2016-7552
MD5 | 3eb4ddb8e86d4a0dab985176c6c1a683
HP Thin Pro OS Local Privilege Escalation
Posted Oct 25, 2016
Authored by Roberto Suggi Liverani, Vincent Hutsebaut

HP Thin Pro OS suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2016-2246
MD5 | 06bfc173abc25200de1b2a95665bdebe
.NET MVC Denial Of Service
Posted Sep 16, 2015
Authored by Roberto Suggi Liverani | Site blog.malerisch.net

Microsoft released a security bulletin (MS15-101) describing a .NET MVC denial of service vulnerability. This post analyzes the vulnerability in detail, starting from the theory and then providing a PoC exploit against a MVC web application developed with Visual Studio 2013.

tags | exploit, web, denial of service
advisories | CVE-2015-2526
MD5 | 62cd760d034e86ed45a4d125f54e7308
Kemp Load Master 7.1-16 CSRF / XSS / DoS / Code Execution
Posted Apr 3, 2015
Authored by Roberto Suggi Liverani

Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, code execution, xss, csrf
advisories | CVE-2014-5287, CVE-2014-5288
MD5 | d792ec396201a782057b689af726098b
Maxthon3 about:history XCS Trusted Zone Code Execution
Posted Dec 8, 2012
Authored by Roberto Suggi Liverani, sinn3r, juan vazquez | Site metasploit.com

Cross Context Scripting (XCS) is possible in the Maxthon about:history page. Injection in such privileged/trusted browser zone can be used to modify configuration settings and execute arbitrary commands. Please note this module only works against specific versions of XCS. Currently, we've only successfully tested on Maxthon 3.1.7 build 600 up to 3.2.2 build 1000.

tags | exploit, arbitrary
MD5 | 9adb9c84757f7aa512c1c9c9fecd2adc
Maxthon / Avant Browser XCS / Same Origin Bypass
Posted Dec 6, 2012
Authored by Roberto Suggi Liverani | Site security-assessment.com

Maxthon and Avant browsers suffer from various flaws such as same origin policy bypass, cross context scripting, and various other vulnerabilities.

tags | advisory, vulnerability
MD5 | b65ef9e12524d460a0c05223b1d1b4c7
Oracle GlassFish Server 3.1.1 Build 12 Cross Site Scripting
Posted Apr 21, 2012
Authored by Roberto Suggi Liverani | Site security-assessment.com

Security-Assessment.com has discovered that components of the Oracle GlassFish Server administrative web interface are vulnerable to both reflected and stored cross site scripting attacks. All pages where cross site scripting vulnerabilities were discovered require authentication. Oracle GlassFish Server version 3.1.1 build 12 is affected.

tags | exploit, web, vulnerability, xss
advisories | CVE-2012-0551
MD5 | d42aa48b8702ef3a45dd6fa235e9cd4b
Oracle GlassFish Server 3.1.1 Cross Site Request Forgery
Posted Apr 19, 2012
Authored by Roberto Suggi Liverani | Site security-assessment.com

Oracle GlassFish Server version 3.1.1 build 12 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2012-0550
MD5 | c7da8a95e3f553d94d68cb727da735e8
Opera Use-After-Free Proof Of Concept
Posted Oct 20, 2011
Authored by Roberto Suggi Liverani

Opera use-after-free proof of concept denial of service exploit. A full analysis is provided as well.

tags | exploit, denial of service, proof of concept
MD5 | f9b81cf3c9630e77065b0807a084ad2b
Adobe RoboHelp 9.0 Cross Site Scripting
Posted Aug 11, 2011
Authored by Roberto Suggi Liverani | Site security-assessment.com

Adobe RoboHelp version 9.0 suffers from a cross site scripting vulnerability. Versions 9.0.1.232 and below are affected.

tags | exploit, xss
advisories | CVE-2011-2133
MD5 | 85fff88b484242bef4fbece4d91cd698
Oracle WebLogic Server 9 / 10 Session Fixation
Posted Mar 11, 2011
Authored by Roberto Suggi Liverani | Site security-assessment.com

Oracle WebLogic server versions 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 suffers from a session fixation vulnerability.

tags | advisory
advisories | CVE-2010-4437
MD5 | 81a9fb3cec2e445296fd016de5d8f275
Levering XSRF With Apache Web Server And Java Applet
Posted Feb 22, 2011
Authored by Roberto Suggi Liverani | Site security-assessment.com

Whitepaper called Leveraging XSRF with Apache Web Server "Compatibility with older browser" feature and Java Applet.

tags | paper, java, web, csrf
MD5 | 321528cdcfa4440c1d86f8be46836941
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    11 Files
  • 19
    Oct 19th
    3 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close