what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 38 RSS Feed

Files from Roberto Suggi Liverani

Real NameRoberto Suggi Liverani
Email addressprivate
Websiteblog.malerisch.net
First Active2008-04-29
Last Active2017-04-20
View User Profile
Trend Micro Threat Discovery Appliance 2.6.1062r1 Session Generation Authentication Bypass
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a session generation authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2016-8584
SHA-256 | f3d0c6f0cf0554ddc299fbc8d195e141b856a55387d41d3608fe3e2b833dc7a6
Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Information Disclosure
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi information disclosure vulnerability.

tags | exploit, cgi, info disclosure
advisories | CVE-2016-7547
SHA-256 | 2b95ab05b45548336e8b0ff756872ed3b5e7c96533959277415f4b7a3ac66de3
Trend Micro Threat Discovery Appliance 2.6.1062r1 logoff.cgi Directory Traversal
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logoff.cgi directory traversal authentication bypass vulnerability.

tags | exploit, cgi, bypass, file inclusion
advisories | CVE-2016-7552
SHA-256 | 2d89facad03b2aadfc7a64dbc4b3ae3e700fb5257315bc07a0d5dac0b54f2211
Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an admin_sys_time.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8585
SHA-256 | 831459424e49dfb11a51e3fc6d29ef5bb3f90982635cee4c7c276df9a15321c3
Trend Micro Threat Discovery Appliance 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a admin_sys_time.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8585
SHA-256 | 02dd6778183ba369304416f10ca5430a4f57946435559276f6499b1f6ba9bc19
Trend Micro Threat Discovery Appliance 2.6.1062r1 detected_potential_files.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a detected_potential_files.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8586
SHA-256 | af18e899701b6b216c1194a67c18ea309e695c0a68e877ab7bcce01d4ace48be
Trend Micro Threat Discovery Appliance 2.6.1062r1 dlp_policy_upload.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8587
SHA-256 | 31f371707b0de38f8698c711e7a95e5c8a9212e4a92c83d9717a9243315dde36
Trend Micro Threat Discovery Appliance 2.6.1062r1 hotfix_upload.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a hotfix_upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8588
SHA-256 | edee6760c7f2c9ebf89f541fa00a52bf885df3f8a7630f79abf5b032785960a4
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dae.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dae.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8589
SHA-256 | a9196290400935ef3b6319c48e7689aa9a949b9efd2be8e9d8861ef419b6e001
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dlp.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_dlp.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8590
SHA-256 | bbbed1b3bf17f683837d3fecae8f6085dee8a26a7ae1148d404cc746cff6632b
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8591
SHA-256 | 5cb3107445be9dd17d7844b1475bdac38b6b7f828e25697fa092549f47228aa5
Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_system.cgi Remote Code Execution
Posted Apr 20, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a log_query_system.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8592
SHA-256 | e465300a0c016f04a03e4baea8fb3f12dea6565a5f3c380f365cb72843951a4e
Trend Micro Threat Discovery Appliance 2.6.1062r1 upload.cgi Remote Code Execution
Posted Apr 19, 2017
Authored by Roberto Suggi Liverani, mr_me

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an upload.cgi remote code execution vulnerability.

tags | exploit, remote, cgi, code execution
advisories | CVE-2016-8593
SHA-256 | ad7e67926b83c12120e3c277cb7491ca34beb0d29e83be6e3165d8265314ea5b
Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution
Posted Apr 19, 2017
Authored by Roberto Suggi Liverani, mr_me | Site metasploit.com

This Metasploit module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). The second is a cmd injection flaw using the timezone parameter in the admin_sys_time.cgi interface (CVE-2016-7547).

tags | exploit, cgi, vulnerability, bypass
advisories | CVE-2016-7547, CVE-2016-7552
SHA-256 | 035399021ac947492b961a04ac25a5a12f67bebc47e9858ba91b9e72dfccdc17
HP Thin Pro OS Local Privilege Escalation
Posted Oct 25, 2016
Authored by Roberto Suggi Liverani, Vincent Hutsebaut

HP Thin Pro OS suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2016-2246
SHA-256 | 0ee10977a6f7daadc40f2e6b00a75969714bf8ae7c6cb97b6a1034e28806b3dc
.NET MVC Denial Of Service
Posted Sep 16, 2015
Authored by Roberto Suggi Liverani | Site blog.malerisch.net

Microsoft released a security bulletin (MS15-101) describing a .NET MVC denial of service vulnerability. This post analyzes the vulnerability in detail, starting from the theory and then providing a PoC exploit against a MVC web application developed with Visual Studio 2013.

tags | exploit, web, denial of service
advisories | CVE-2015-2526
SHA-256 | 55d8209e7983e84bd1e4c26a7391e903dbc491657d32f7b08b0c81b8bfb845bd
Kemp Load Master 7.1-16 CSRF / XSS / DoS / Code Execution
Posted Apr 3, 2015
Authored by Roberto Suggi Liverani

Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, code execution, xss, csrf
advisories | CVE-2014-5287, CVE-2014-5288
SHA-256 | 81a001a8c6f48e1e8af8a8319afbad8ca0dcf82113d9d1a5f0b09a6d0b520ed7
Maxthon3 about:history XCS Trusted Zone Code Execution
Posted Dec 8, 2012
Authored by Roberto Suggi Liverani, sinn3r, juan vazquez | Site metasploit.com

Cross Context Scripting (XCS) is possible in the Maxthon about:history page. Injection in such privileged/trusted browser zone can be used to modify configuration settings and execute arbitrary commands. Please note this module only works against specific versions of XCS. Currently, we've only successfully tested on Maxthon 3.1.7 build 600 up to 3.2.2 build 1000.

tags | exploit, arbitrary
SHA-256 | edfb695d586066cbef9515fde0393bb119c669cea54c3475dc93bb3dcdbc8c10
Maxthon / Avant Browser XCS / Same Origin Bypass
Posted Dec 6, 2012
Authored by Roberto Suggi Liverani | Site security-assessment.com

Maxthon and Avant browsers suffer from various flaws such as same origin policy bypass, cross context scripting, and various other vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 87028c638482f39ab332b895dec18a8784addddc5267fa402799450cab84cc65
Oracle GlassFish Server 3.1.1 Build 12 Cross Site Scripting
Posted Apr 21, 2012
Authored by Roberto Suggi Liverani | Site security-assessment.com

Security-Assessment.com has discovered that components of the Oracle GlassFish Server administrative web interface are vulnerable to both reflected and stored cross site scripting attacks. All pages where cross site scripting vulnerabilities were discovered require authentication. Oracle GlassFish Server version 3.1.1 build 12 is affected.

tags | exploit, web, vulnerability, xss
advisories | CVE-2012-0551
SHA-256 | 483308f8a564fa501d764b451f997bd57808a2fe9a67f2ce80beea114ee97f8c
Oracle GlassFish Server 3.1.1 Cross Site Request Forgery
Posted Apr 19, 2012
Authored by Roberto Suggi Liverani | Site security-assessment.com

Oracle GlassFish Server version 3.1.1 build 12 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2012-0550
SHA-256 | 1ab958cd22e7204426b09ede8bb2230718a9c906cf7ed05673dd8784c94bdb4a
Opera Use-After-Free Proof Of Concept
Posted Oct 20, 2011
Authored by Roberto Suggi Liverani

Opera use-after-free proof of concept denial of service exploit. A full analysis is provided as well.

tags | exploit, denial of service, proof of concept
SHA-256 | 8419c6bd6968801cd9b15a92576ef242081b83329fd21b4ab556bdc4d0c512c6
Adobe RoboHelp 9.0 Cross Site Scripting
Posted Aug 11, 2011
Authored by Roberto Suggi Liverani | Site security-assessment.com

Adobe RoboHelp version 9.0 suffers from a cross site scripting vulnerability. Versions 9.0.1.232 and below are affected.

tags | exploit, xss
advisories | CVE-2011-2133
SHA-256 | 030bd02ed87fa9db347042add775e5c107f9d301129ca2e5d309b31c2f06d4aa
Oracle WebLogic Server 9 / 10 Session Fixation
Posted Mar 11, 2011
Authored by Roberto Suggi Liverani | Site security-assessment.com

Oracle WebLogic server versions 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 suffers from a session fixation vulnerability.

tags | advisory
advisories | CVE-2010-4437
SHA-256 | 326aa57bf65123e286554a7d1b6fea93e196390c46e10fb0b13ffcb6e4a7a1ef
Levering XSRF With Apache Web Server And Java Applet
Posted Feb 22, 2011
Authored by Roberto Suggi Liverani | Site security-assessment.com

Whitepaper called Leveraging XSRF with Apache Web Server "Compatibility with older browser" feature and Java Applet.

tags | paper, java, web, csrf
SHA-256 | 6541c1bf7d0873dfe88bb40e9d6326ebbe5842f6cded8e94a2222c6165df8dc0
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close