Email address | private |
---|---|
Website | chr1x.sectester.net |
First Active | 2009-09-29 |
Last Active | 2014-04-07 |
This Metasploit module abuses a filename spoofing vulnerability in WinRAR. The vulnerability exists when opening ZIP files. The file names showed in WinRAR when opening a ZIP file come from the central directory, but the file names used to extract and open contents come from the Local File Header. This inconsistency allows to spoof file names when opening ZIP files with WinRAR, which can be abused to execute arbitrary code, as exploited in the wild in March 2014.
77adfa4fa0e23c97becb1de4580cf456d6594ca7beef63394258815f48627e38
DotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.
7c954b9db834e02e36acbc4ebda32cfec3049f30d94668702004db28f42c7afe
Fermitter FTP Server suffers from a directory traversal vulnerability.
970132c5b10ed122fd864cc7c3e29e404e1caf4476593f359daff81c5e0cb58e
DotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.
dc08b1efa2acdffd376cece72189cb8862611ee023be690fd9a155d4b30878b6
Home FTP Server versions 1.10.3 (build 144) and 1.11.1 (build 149) both suffer from a directory traversal vulnerability.
9d81ecb61b5e435a53bf11a418f751e73163b649c341f2fb52a0397841218a0e
TFTP Desktop version 2.5 suffers from a directory traversal vulnerability.
0fba52121f139f361783100a4e7602e6739c3d372cec5c7ce4e052c5324029fe
TFTPDWIN version 0.4.2 suffers from a directory traversal vulnerability.
6b25596cb5f2b7dc11c07f6c696f52e039cebe0da74ac55862020b1ad4889478
DotDotPwn is a directory traversal scanner with a database of 871 payloads.
47254c2549152775e87ea36f793d29f7720b1e9b4c205f3487f8926af4a921b3
Wing FTP Server version 3.4.3 suffers from a directory traversal vulnerability.
d7fb4ac82e2b9d3473faa005fc39eebb2473b9c4233535710d7434aa884e0454
VicFTP5 version 5.0 suffers from a directory traversal vulnerability.
fed412cbab1d8cdc8d497dd77ac6ce03a95a17847a8bcd4a895d7407275c24bf
MultiThreaded HTTP Server version 1.1 suffers from a directory traversal vulnerability.
9dbf62deaca4914b270f6ad4441fc332589f96ae1e08adb1bc7d678f3824bff1
Embedthis Appweb version 3.1.2 remote denial of service exploit.
ba154d0b11a211b6d23de88823245b3b47942976389c8e0fba1e257a275ff35d
WinRAR version 3.80 suffers from a ZIP filename spoofing vulnerability.
4880f2bb7f9786ba0a35c233213dc63a64301bccc3f90b77bbd582104b13228f