Exploit the possiblities
Showing 1 - 25 of 85 RSS Feed

Files from Yorick Koster

Real NameYorick Koster
Email addressprivate
Websitenl.linkedin.com/in/yorickkoster
First Active2009-07-17
Last Active2017-12-13
View User Profile
pfSense 2.4.1 CSRF Error Page Clickjacking
Posted Dec 13, 2017
Authored by Yorick Koster | Site metasploit.com

This Metasploit module exploits a Clickjacking vulnerability in pfSense versions 2.4.1 and below. pfSense is a free and open source firewall and router. It was found that the pfSense WebGUI is vulnerable to Clickjacking. By tricking an authenticated admin into interacting with a specially crafted webpage it is possible for an attacker to execute arbitrary code in the WebGUI. Since the WebGUI runs as the root user, this will result in a full compromise of the pfSense instance.

tags | exploit, arbitrary, root
MD5 | 88144d72abf1d2945664621d86be2cbc
Microsoft Windows LNK File Code Execution
Posted Nov 8, 2017
Authored by Yorick Koster, Spencer McIntyre | Site metasploit.com

This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the Control Panel. This is enough to bypass the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary DLL file. The PATH option must be an absolute path to a writeable directory which is indexed for searching. If no PATH is specified, the module defaults to %USERPROFILE%.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2015-0095, CVE-2017-8464
MD5 | e8d2e4d615be10d88bf8b20b6b549143
Xamarin Studio For Mac 6.2.1 (Build 3) / 6.3 (Build 863) Privilege Escalation
Posted Aug 14, 2017
Authored by Yorick Koster, Securify B.V.

Xamarin Studio for Mac versions 6.2.1 (build 3) and 6.3 (build 863) suffer from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 0eb7c4204f9e48e3f70079bf8624f7da
Microsoft Windows LNK Shortcut File Code Execution
Posted Aug 1, 2017
Authored by Yorick Koster | Site metasploit.com

This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except in an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the Control Panel. This is enough to bypass the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary DLL file.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2017-8464
MD5 | 63ff862692b9e1b52aec2b632659c94e
InsomniaX 2.1.8 Arbitrary Kernel Extension Loading
Posted Jul 3, 2017
Authored by Yorick Koster

It was found that the loader application bundled with InsomniaX can be used to load arbitrary Kernel Extensions (kext). The loader is normally used to load a kext file that is needed to disable the Lid Sleep. A flaw has been found in the loader that allows a local attacker to load (or unload) any arbitrary kext file. Version 2.1.8 is affected.

tags | exploit, arbitrary, kernel, local
MD5 | 703ccd1c6eecfd818433456c702fa221
MediaWiki SyntaxHighlight Extension Option Injection
Posted May 20, 2017
Authored by Yorick Koster | Site metasploit.com

This Metasploit module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create and execute a PHP file in the document root. The USERNAME and PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlight version 2.0 installed and enabled. This extension ships with the AIO package of MediaWiki version 1.27.x and 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3.

tags | exploit, root, php
advisories | CVE-2017-0372
MD5 | 1b15a640f92c98f62fa52a0340553730
SyntaxHighlight 2.0 MediaWiki 1.28.0 Stored Cross Site Scripting
Posted Apr 29, 2017
Authored by Yorick Koster, Securify B.V.

A vulnerability was found in the SyntaxHighlight MediaWiki extension. Using this vulnerability it is possible for an anonymous attacker to pass arbitrary options to the Pygments library. By specifying specially crafted options, it is possible for an attacker to trigger a (stored) cross site scripting condition. In addition, it allows the creating of arbitrary files containing user-controllable data. Depending on the server configuration, this can be used by an anonymous attacker to execute arbitrary PHP code. This issue was tested on SyntaxHighlight version 2.0 as bundled with MediaWiki version 1.28.0.

tags | exploit, arbitrary, php, xss
advisories | CVE-2017-0372
MD5 | c2f465d0fafdbcf4b9a63fb413f084f5
WordPress Connection Information Cross Site Request Forgery
Posted Apr 20, 2017
Authored by Yorick Koster, Securify B.V.

The FTP/SSH form functionality of WordPress was found to be vulnerable to cross site request forgery. WordPress versions 4.5.3 through 4.7.4 are affected.

tags | exploit, csrf
MD5 | 25a2023423f7860059c0e4cb8e179437
Microsoft Office OneNote 2007 DLL Hijacking
Posted Apr 11, 2017
Authored by Yorick Koster, Securify B.V.

Microsoft Office OneNote 2007 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | b33e14dcb95985bd6976931c23b1f515
WordPress 4.5.3 Audio Playlist Cross Site Scripting
Posted Mar 7, 2017
Authored by Yorick Koster, Securify B.V.

WordPress version 4.5.3 Audio Playlist suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 03337762b5f9e7ec64dbec0de777fb10
WordPress Google Analytics Dashboard 2.1.1 Cross Site Scripting
Posted Mar 3, 2017
Authored by Yorick Koster, Securify B.V.

WordPress Google Analytics Dashboard plugin version 2.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2e909e9b3784d3c4edbbc4b193525cfd
WordPress Simple Ads Manager 2.9.8.125 PHP Object Injection
Posted Mar 3, 2017
Authored by Yorick Koster, Securify B.V.

WordPress Simple Ads Manager plugin version 2.9.8.125 suffers from a PHP object injection vulnerability.

tags | exploit, php
MD5 | d7391c18f04b169df0122e11b1c3dec8
WordPress Global Content Blocks 2.1.5 Cross Site Request Forgery
Posted Mar 3, 2017
Authored by Yorick Koster, Securify B.V.

WordPress Global Content Blocks plugin version 2.1.5 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 5b31f6714683c6a8b78dc4e25ca2f915
WordPress Trust Form 2.0 Cross Site Scripting
Posted Mar 1, 2017
Authored by Yorick Koster, Securify B.V.

WordPress Trust Form plugin version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 0b6b3c587ffe92e244f5f47cd441a34b
WordPress Analytics Stats Counter Statistics 1.2.2.5 PHP Object Injection
Posted Mar 1, 2017
Authored by Yorick Koster, Securify B.V.

WordPress Analytics Stats Counter Statistics plugin version 1.2.2.5 suffers from a PHP object injection vulnerability.

tags | advisory, php
MD5 | 91725ba3f4733fa4edc420ef97e32a71
WordPress WP-Filebase Download Manager 3.4.4 Cross Site Scripting
Posted Mar 1, 2017
Authored by Yorick Koster, Securify B.V.

WordPress WP-Filebase Download Manager plugin version 3.4.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4f499c320142a12309354e0c8e429872
WordPress InfiniteWP Client 1.5.1.3 / 1.6.0 PHP Object Injection
Posted Jan 25, 2017
Authored by Yorick Koster, Securify B.V.

WordPress InfiniteWP Client plugin versions 1.5.1.3 and 1.6.0 suffer from a PHP object injection vulnerability.

tags | advisory, php
MD5 | 46b274061e0acc0178360b285063f6b1
WordPress CMS Commander Client 2.21 PHP Object Injection
Posted Jan 25, 2017
Authored by Yorick Koster, Securify B.V.

WordPress CMS Command Client plugin version 2.21 suffer from a PHP object injection vulnerability.

tags | advisory, php
MD5 | 9a7027555b61d92952f9550a552cf56f
WordPress Google Forms 0.87 PHP Object Injection
Posted Jan 25, 2017
Authored by Yorick Koster, Securify B.V.

WordPress Google Forms plugin versions 0.8 through 0.87 suffer from a PHP object injection vulnerability.

tags | advisory, php
MD5 | 4808b37b794d5488075cea57599da9e2
WordPress Insert Html Snippet 1.2 Cross Site Request Forgery
Posted Nov 29, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Insert Html Snippet plugin version 1.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 70597e9717e758afa7044c6df0d23a30
WordPress Canvas - Shortcodes 1.92 Cross Site Scripting
Posted Nov 20, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Canvas - Shortcodes plugin version 1.92 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | ac57cb7f2f79a37fd85211132454a1b0
WordPress All In One WP Security And Firewall 4.1.9 Cross Site Scripting
Posted Nov 16, 2016
Authored by Yorick Koster

WordPress All In One WP Security and Firewall plugin versions 4.1.4 through 4.1.9 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f1fd96f6d916037091611e289d77d3c5
Office OLE DLL Hijacking
Posted Nov 10, 2016
Authored by Yorick Koster | Site metasploit.com

Multiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various these components as an embedded OLE object. When instantiating a vulnerable object Windows will try to load one or more DLLs from the current working directory. If an attacker convinces the victim to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | exploit, arbitrary, vulnerability
systems | windows
advisories | CVE-2015-6128, CVE-2015-6132, CVE-2015-6133, CVE-2016-0041, CVE-2016-0100, CVE-2016-3235
MD5 | c734500622c23c1e5aa6ef03bf99c10b
WordPress Quotes Collection 2.0.5 Cross Site Scripting
Posted Nov 8, 2016
Authored by Yorick Koster, Securify B.V.

WordPress Quotes Collection plugin version 2.0.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | bc366a974dcdbff135ba8c177ff78ff6
WordPress YITH WooCommerce Compare 2.0.9 PHP Object Injection
Posted Nov 8, 2016
Authored by Yorick Koster, Securify B.V.

WordPress YITH WooCommerce Compare plugin version 2.0.9 suffers from a PHP object injection vulnerability.

tags | exploit, php
MD5 | 31616f34fc67b6800ac686eebe3d57f6
Page 1 of 4
Back1234Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close