exploit the possibilities
Showing 1 - 14 of 14 RSS Feed

Files from Andrea Fabrizi

Email addressandrea.fabrizi at gmail.com
First Active2009-10-12
Last Active2013-12-23
Synology DSM 4.3-3810 Directory Traversal
Posted Dec 23, 2013
Authored by Andrea Fabrizi

Synology DSM versions 4.3-3810 and below suffer from multiple directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
advisories | CVE-2013-6987
MD5 | 687cd26d028802d87baba903d51eddd8
Synology DSM 4.3-3776 XSS / File Disclosure / Command Injection
Posted Sep 10, 2013
Authored by Andrea Fabrizi

Synology DSM versions 4.3-3776 and below suffer from remote file download, content disclosure, cross site scripting, and command injection vulnerabilities.

tags | exploit, remote, vulnerability, xss
MD5 | 6c00be8290adce9b359270546e099bd6
Samsung DVR Authentication Bypass
Posted Aug 20, 2013
Authored by Andrea Fabrizi

Samsung DVRs put usernames and passwords base64 encoded into cookies. They also fail to validate the cookies in many places, so any values work, allowing for authentication bypass. A proof of concept exploit that lists all users and passwords is included.

tags | exploit, proof of concept, bypass
MD5 | 2b4dcb70387cbebcb1fc92c1e2470d57
Buffalo TeraStation TS-Series Command Execution
Posted Jan 30, 2013
Authored by Andrea Fabrizi

Buffalo TeraStation TS-Series with firmware versions 1.5.7 and below suffer from file disclosure and command injection vulnerabilities.

tags | exploit, vulnerability
MD5 | 1844ebbca7c70be3247d2690c41e1a22
Visual Tools DVR Command Injection / Password Disclosure
Posted Oct 16, 2012
Authored by Andrea Fabrizi | Site andreafabrizi.it

Visual Tools DVR VS Series versions 3.0.6.16 and below and VX Series versions 4.2.19.2 and below suffer from administrative password disclosure, default administrative password, log file disclosure, command injection, and insecure permission vulnerabilities.

tags | exploit, vulnerability, info disclosure
MD5 | a03003360258fa2e36f5e932144fb30a
QNAP Turbo NAS 3.7.3 File Disclosure
Posted Sep 5, 2012
Authored by Andrea Fabrizi

QNAP Turbo NAS versions 3.7.3 build 20120801 and below suffer from arbitrary file read and modify vulnerabilities.

tags | exploit, arbitrary, vulnerability, info disclosure
MD5 | 5044da1f0c415fa44ef573f1d7a63e1b
Novell Sentinel Log Manager 1.2.0.1 Directory Traversal
Posted Dec 18, 2011
Authored by Andrea Fabrizi

Novell Sentinel Log Manager versions 1.2.0.1 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 91fc147cc39230f92cdff52d4255047b
Joomla VirtueMart 1.1.6 Blind SQL Injection
Posted Jan 31, 2011
Authored by Andrea Fabrizi | Site andreafabrizi.it

Joomla VirtueMart component versions 1.1.6 and below suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b2bdbfb17f7d2dc67b70d729c6cdcca5
PRISM ICMP Reverse Shell 0.5
Posted Jan 18, 2010
Authored by Andrea Fabrizi | Site andreafabrizi.it

PRISM is an user space reverse shell backdoor. It offers ICMP mode where it awaits a packet containing a security key and host ip / port destination information. It also offers static mode where it can connect to a hardcoded ip / port.

tags | tool, shell, rootkit
systems | unix
MD5 | d04896b721a34b8b9a33fd2ae0c5d892
PhpShop 0.8.1 SQL Injection / XSS / XSRF
Posted Dec 7, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

PhpShop version 0.8.1 suffers from remote SQL injection, blind SQL injection, cross site scripting, and cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | 3256962719f34b305a82d435760fa678
3Com OfficeConnect Command Execution
Posted Oct 19, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

3Com OfficeConnect routers appear to suffer from password disclosure and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, info disclosure
MD5 | 2f4913a4352e4667095dbb2ac7366d70
Snitz Forums 2000 3.4.07 Cross Site Scripting
Posted Oct 15, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

Snitz Forums 2000 version 3.4.07 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 723dc377285c76b63c7e551c10519663
Everfocus EDSR 1.4 Cam Exploit
Posted Oct 15, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

The Everfocus EDSR firmware fails to correctly handle authentication and sessions. This remote exploit takes advantages of versions 1.4 and below and lets you view the live cameras of remote DVRs.

tags | exploit, remote
MD5 | 0110c0963015b92c7829d39f94c7d024
Docebo 3.6.0.3 SQL Injection
Posted Oct 12, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

Docebo version 3.6.0.3 suffers multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | d3cbfd1f1ae0e7166b1f31fdb543af2d
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close