what you don't know can hurt you
Showing 1 - 22 of 22 RSS Feed

Files from Wireghoul

First Active2009-09-16
Last Active2016-09-20
VegaDNS 0.13.2 Remote Command Injection
Posted Sep 20, 2016
Authored by Wireghoul

VegaDNS version 0.13.2 suffers from a remote command injection vulnerability.

tags | exploit, remote
MD5 | bb09f1d5293eda5174a71bc0b7f6ea14
Cacti Superlinks 1.4-2 Code Execution / LFI / SQL Injection
Posted Dec 20, 2014
Authored by Wireghoul

Cacti Superlinks version 1.4-2 suffers from code execution via local file inclusion, and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, sql injection, file inclusion
advisories | CVE-2014-4644
MD5 | e9b1d0f447cd3fb2c12705fe250b0523
Flatpress 1.0 Traversal / Command Execution
Posted Nov 6, 2013
Authored by Wireghoul

Flatpress version 1.0 remote code execution exploit that leverages a comment loaded through a directory traversal vulnerability.

tags | exploit, remote, code execution
MD5 | b9f84e50139fb0af637202daf10ebddc
freeFTPd PASS Command Buffer Overflow
Posted Sep 30, 2013
Authored by Wireghoul | Site metasploit.com

freeFTPd 1.0.10 and below contains an overflow condition that is triggered as user-supplied input is not properly validated when handling a specially crafted PASS command. This may allow a remote attacker to cause a buffer overflow, resulting in a denial of service or allow the execution of arbitrary code. FreeFTPd must have an account set to authorization anonymous user account.

tags | exploit, remote, denial of service, overflow, arbitrary
advisories | OSVDB-96517
MD5 | 86647bfb494b61ca629a4b5a03ed3062
mod_accounting 0.5 Blind SQL Injection
Posted Sep 26, 2013
Authored by Wireghoul

mod_accounting version 0.5 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-5697
MD5 | 6c05a142030e492bec48c90159aac337
freeFTPd 1.0.10 PASS Command SEH Overflow
Posted Sep 19, 2013
Authored by Wireghoul, Muhamad Fadzil Ramli | Site metasploit.com

This Metasploit module exploits a SEH stack-based buffer overflow in freeFTPd Server PASS command version 1.0.10. credit goes to Wireghoul.

tags | exploit, overflow
advisories | OSVDB-96517
MD5 | 390e79a936507d6e2472c72683a46639
freeFTPd 1.0.10 PASS Command SEH Overflow
Posted Sep 9, 2013
Authored by Wireghoul, Muhamad Fadzil Ramli | Site metasploit.com

This Metasploit module exploits a SEH stack-based buffer overflow in freeFTPd Server PASS command version 1.0.10.

tags | exploit, overflow
advisories | OSVDB-96517
MD5 | 641f7e9e152f85ce86c721d7fff6c050
freeFTPd 1.0.10 Buffer Overflow
Posted Aug 21, 2013
Authored by Wireghoul | Site justanotherhacker.com

freeFTPd version 1.0.10 PASS command SEH buffer overflow exploit.

tags | exploit, overflow
MD5 | 706f878acc4678d22b7b11d8bf0d6c7f
Open And Compact FTP Server 1.2 Bypass / Directory Traversal
Posted Aug 8, 2013
Authored by Wireghoul

Open and Compact FTP server version 1.2 authentication bypass and directory traversal SAM retrieval exploit.

tags | exploit, bypass, file inclusion
advisories | CVE-2010-2620, OSVDB-65687
MD5 | 4f2e87f189af7c013f062b3a7e329749
Symphony CMS 2.3 XSS / SQL Injection / Disclosure
Posted Oct 17, 2012
Authored by Wireghoul | Site justanotherhacker.com

Symphony CMS version 2.3 suffers from cross site scripting, path disclosure, remote shell upload, token brute force, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection
MD5 | 4134bf54a368537f2d1d1b1d576c052a
HP Data Protector 6.1 EXEC_CMD Remote Code Execution
Posted Feb 24, 2012
Authored by Wireghoul, ch0ks, c4an | Site metasploit.com

This exploit abuses a vulnerability in the HP Data Protector service. This flaw allows an unauthenticated attacker to take advantage of the EXEC_CMD command and traverse back to /bin/sh, this allows arbitrary remote code execution under the context of root.

tags | exploit, remote, arbitrary, root, code execution
advisories | CVE-2011-0923
MD5 | f0242a5c579272779b460b669850bcd2
Open Source CERT Security Advisory 2011.001
Posted Jul 16, 2011
Authored by Andrea Barisani, Open Source CERT, Wireghoul | Site justanotherhacker.com

Chyrp versions 2.1 and below suffer from cross site scripting, local file inclusion, shell upload, and directory traversal vulnerabilities. Both the oCERT and original advisories are included here.

tags | exploit, shell, local, vulnerability, xss, file inclusion
MD5 | d2e9d03bb363c9b30358d7e88edeeb59
Symphony CMS 2.1.2 Blind SQL Injection
Posted Apr 28, 2011
Authored by Wireghoul | Site justanotherhacker.com

Symphony CMS version 2.1.2 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 69c798cbc2eec4876070d28911451ae6
GRAudit Grep Auditing Tool 1.9
Posted Jan 11, 2011
Authored by Wireghoul | Site justanotherhacker.com

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Changes: This release fixes the PHP (php/xss.db) database, which had a blank line at the end, causing everything to match. It adds a test case for blank lines in signature scripts. It adds a database validating aux script. It updates the Makefile file manifest. It fixes a bug in the test script template (t/blank-test.sh).
systems | unix
MD5 | 1c0e8954e8b205915ad9bb698b43611f
GRAudit Grep Auditing Tool 1.8
Posted Jan 8, 2011
Authored by Wireghoul | Site justanotherhacker.com

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Changes: The -L operator now does vim-friendly line numbers. Man pages and documentation were updated. Signatures for PHP, JSP, Dotnet, Perl, and Python were updated. Bugs in the aux/ scripts were fixed and additional scripts were provided. CVS directories are now ignored by default.
systems | unix
MD5 | 9b63cf2c003ce3b0be730a77150e1aeb
Feindura CMS 1.0rc Cross Site Scripting / Local File Inclusion
Posted Oct 29, 2010
Authored by Wireghoul | Site justanotherhacker.com

Feindura CMS versions 1.0rc and below suffer from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
MD5 | 5c6228b397defd3c0cac80c8df009bc4
GRAudit Grep Auditing Tool 1.7
Posted Aug 3, 2010
Authored by Wireghoul | Site justanotherhacker.com

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Changes: New PHP signatures. Improved C signatures for fewer false positives. Improved dotnet signatures. Whitespace neutrality for all signatures. The -l operator lists available databases. An -x operator for excluding files. A configure script has been added to the make chain. Makefile install targets have changed, install is now server-wide.
systems | unix
MD5 | b40ef6d7c2de0b17bcdcfa8f863c24aa
GRAudit Grep Auditing Tool 1.6
Posted May 14, 2010
Authored by Wireghoul | Site justanotherhacker.com

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Changes: This release adds a bugfix for greedy separator code, imports C rules from RATS, starts a test suite transition to the Junio C Hamano Git-inspired one, adds a case insensitive switch, adds dotnet signatures, discontinues the rough database, adds the combined database "all", and supports the GRDIR environment variable.
systems | unix
MD5 | 5f43b14b3af77f5af7e02fc549bcf4b3
GRAudit Grep Auditing Tool 1.4
Posted Nov 25, 2009
Authored by Wireghoul | Site justanotherhacker.com

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Changes: New and improved signatures were added. Grep versions earlier than 2.5.3 are now gracefully detected. Preparations were done for version 1.5.
systems | unix
MD5 | 291545462e89943aed26637047e78dc8
GRAudit Grep Auditing Tool 1.3
Posted Nov 3, 2009
Authored by Wireghoul | Site justanotherhacker.com

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Changes: Some signatures have been added to existing databases. There are signature improvements to existing databases. JSP and ASP rulesets have been added. Testing has been improved.
systems | unix
MD5 | 71297a09bd5c378826acc91e44baceb3
GRAudit Grep Auditing Tool 1.2
Posted Sep 22, 2009
Authored by Wireghoul | Site justanotherhacker.com

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Changes: Default signatures are now aimed at low hanging fruit. Documentation was improved. Bugs in graudit and signatures were fixed.
systems | unix
MD5 | dd513e8663ab1bcfe61a034823c75d8f
Graudit Source Code Analysis Tool 1.1
Posted Sep 16, 2009
Authored by Wireghoul | Site justanotherhacker.com

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

systems | unix
MD5 | a4a8937481a71f27df85bd7cd9ec2d25
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close