what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files from chr1x

Email addressprivate
Websitechr1x.sectester.net
First Active2009-09-29
Last Active2014-04-07
View User Profile
WinRAR Filename Spoofing
Posted Apr 7, 2014
Authored by chr1x, juan vazquez | Site metasploit.com

This Metasploit module abuses a filename spoofing vulnerability in WinRAR. The vulnerability exists when opening ZIP files. The file names showed in WinRAR when opening a ZIP file come from the central directory, but the file names used to extract and open contents come from the Local File Header. This inconsistency allows to spoof file names when opening ZIP files with WinRAR, which can be abused to execute arbitrary code, as exploited in the wild in March 2014.

tags | exploit, arbitrary, local, spoof
advisories | OSVDB-62610
SHA-256 | 77adfa4fa0e23c97becb1de4580cf456d6594ca7beef63394258815f48627e38
DotDotPwn - The Directory Traversal Fuzzer 3.0
Posted Feb 11, 2012
Authored by nitr0us, chr1x

DotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.

Changes: Multiple new switches and encodings added.
tags | web, vulnerability, protocol, fuzzer
systems | unix
SHA-256 | 7c954b9db834e02e36acbc4ebda32cfec3049f30d94668702004db28f42c7afe
Fermitter Server FTP Directory Traversal
Posted Nov 8, 2010
Authored by chr1x

Fermitter FTP Server suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 970132c5b10ed122fd864cc7c3e29e404e1caf4476593f359daff81c5e0cb58e
DotDotPwn - The Directory Traversal Fuzzer 2.1
Posted Nov 2, 2010
Authored by nitr0us, chr1x

DotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.

tags | web, vulnerability, protocol, fuzzer
SHA-256 | dc08b1efa2acdffd376cece72189cb8862611ee023be690fd9a155d4b30878b6
Home FTP Server 1.10.3 / 1.11.1 Directory Traversal
Posted Oct 29, 2010
Authored by chr1x

Home FTP Server versions 1.10.3 (build 144) and 1.11.1 (build 149) both suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 9d81ecb61b5e435a53bf11a418f751e73163b649c341f2fb52a0397841218a0e
TFTP Desktop 2.5 Directory Traversal
Posted Sep 1, 2010
Authored by chr1x

TFTP Desktop version 2.5 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 0fba52121f139f361783100a4e7602e6739c3d372cec5c7ce4e052c5324029fe
TFTPDWIN 0.4.2 Directory Traversal
Posted Sep 1, 2010
Authored by chr1x

TFTPDWIN version 0.4.2 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 6b25596cb5f2b7dc11c07f6c696f52e039cebe0da74ac55862020b1ad4889478
DotDotPwn Directory Traversal Scanner
Posted Aug 26, 2010
Authored by chr1x

DotDotPwn is a directory traversal scanner with a database of 871 payloads.

tags | tool, scanner
systems | unix
SHA-256 | 47254c2549152775e87ea36f793d29f7720b1e9b4c205f3487f8926af4a921b3
Wing FTP Server 3.4.3 Directory Traversal
Posted May 5, 2010
Authored by chr1x

Wing FTP Server version 3.4.3 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | d7fb4ac82e2b9d3473faa005fc39eebb2473b9c4233535710d7434aa884e0454
VicFTP5 5.0 Directory Traversal
Posted May 5, 2010
Authored by chr1x

VicFTP5 version 5.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | fed412cbab1d8cdc8d497dd77ac6ce03a95a17847a8bcd4a895d7407275c24bf
MultiThreaded HTTP Server 1.1 Directory Traversal
Posted Apr 20, 2010
Authored by chr1x

MultiThreaded HTTP Server version 1.1 suffers from a directory traversal vulnerability.

tags | exploit, web, file inclusion
SHA-256 | 9dbf62deaca4914b270f6ad4441fc332589f96ae1e08adb1bc7d678f3824bff1
Embedthis Appweb 3.1.2 Denial Of Service
Posted Mar 16, 2010
Authored by chr1x

Embedthis Appweb version 3.1.2 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | ba154d0b11a211b6d23de88823245b3b47942976389c8e0fba1e257a275ff35d
WinRAR 3.80 Filename Spoofing
Posted Sep 29, 2009
Authored by chr1x

WinRAR version 3.80 suffers from a ZIP filename spoofing vulnerability.

tags | advisory, spoof
SHA-256 | 4880f2bb7f9786ba0a35c233213dc63a64301bccc3f90b77bbd582104b13228f
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close