what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files from Andrea Fabrizi

Email addressandrea.fabrizi at gmail.com
First Active2009-10-12
Last Active2013-12-23
Synology DSM 4.3-3810 Directory Traversal
Posted Dec 23, 2013
Authored by Andrea Fabrizi

Synology DSM versions 4.3-3810 and below suffer from multiple directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
advisories | CVE-2013-6987
SHA-256 | baddc783cba3ba3012c1d9f37e58531b749662074b81d95266d64e6544b90e21
Synology DSM 4.3-3776 XSS / File Disclosure / Command Injection
Posted Sep 10, 2013
Authored by Andrea Fabrizi

Synology DSM versions 4.3-3776 and below suffer from remote file download, content disclosure, cross site scripting, and command injection vulnerabilities.

tags | exploit, remote, vulnerability, xss
SHA-256 | a560d69710d4ba76ec357f35a153ec6e0a5247b97ea46b2af3a6d6381872a32a
Samsung DVR Authentication Bypass
Posted Aug 20, 2013
Authored by Andrea Fabrizi

Samsung DVRs put usernames and passwords base64 encoded into cookies. They also fail to validate the cookies in many places, so any values work, allowing for authentication bypass. A proof of concept exploit that lists all users and passwords is included.

tags | exploit, proof of concept, bypass
SHA-256 | 6219a380366e2aecc4495c804c39b2f23b5f3ae1609e4c340f64ce8cc584d483
Buffalo TeraStation TS-Series Command Execution
Posted Jan 30, 2013
Authored by Andrea Fabrizi

Buffalo TeraStation TS-Series with firmware versions 1.5.7 and below suffer from file disclosure and command injection vulnerabilities.

tags | exploit, vulnerability
SHA-256 | a1a174bf53968f44a8d76eb7f7bf2481d5306ead2f09c68a726696b25e20edf1
Visual Tools DVR Command Injection / Password Disclosure
Posted Oct 16, 2012
Authored by Andrea Fabrizi | Site andreafabrizi.it

Visual Tools DVR VS Series versions 3.0.6.16 and below and VX Series versions 4.2.19.2 and below suffer from administrative password disclosure, default administrative password, log file disclosure, command injection, and insecure permission vulnerabilities.

tags | exploit, vulnerability, info disclosure
SHA-256 | 57aec9566565a83d94933270426cb1b822eb107ada1e1ad8c594b19a032e394f
QNAP Turbo NAS 3.7.3 File Disclosure
Posted Sep 5, 2012
Authored by Andrea Fabrizi

QNAP Turbo NAS versions 3.7.3 build 20120801 and below suffer from arbitrary file read and modify vulnerabilities.

tags | exploit, arbitrary, vulnerability, info disclosure
SHA-256 | 74f49abffb918e2e6876084b17da1377c2d36d966fe6827b0a6bd22b0ada8146
Novell Sentinel Log Manager 1.2.0.1 Directory Traversal
Posted Dec 18, 2011
Authored by Andrea Fabrizi

Novell Sentinel Log Manager versions 1.2.0.1 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 1344d9e53b9e1f29ca58152d68c7e31e2e1f7554e18481c4fbb9c5c8437f755c
Joomla VirtueMart 1.1.6 Blind SQL Injection
Posted Jan 31, 2011
Authored by Andrea Fabrizi | Site andreafabrizi.it

Joomla VirtueMart component versions 1.1.6 and below suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 11f7df2b0e1f362c8f25d13f54b57db8932ce64594cf7a77783f30ec49d40ac0
PRISM ICMP Reverse Shell 0.5
Posted Jan 18, 2010
Authored by Andrea Fabrizi | Site andreafabrizi.it

PRISM is an user space reverse shell backdoor. It offers ICMP mode where it awaits a packet containing a security key and host ip / port destination information. It also offers static mode where it can connect to a hardcoded ip / port.

tags | tool, shell, rootkit
systems | unix
SHA-256 | a134a9b3c0e23836566ba54259b1ebb7ac86b493d52c8e0efac73c5043fef900
PhpShop 0.8.1 SQL Injection / XSS / XSRF
Posted Dec 7, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

PhpShop version 0.8.1 suffers from remote SQL injection, blind SQL injection, cross site scripting, and cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | 8cdd6603293330907026a6bd3ba7622022c146928d030a8f850ddcc4a99e4fcd
3Com OfficeConnect Command Execution
Posted Oct 19, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

3Com OfficeConnect routers appear to suffer from password disclosure and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, info disclosure
SHA-256 | f4915ebc296bd3603c9e336e18437ac196860ed9675bddab482982e82f9ed5a8
Snitz Forums 2000 3.4.07 Cross Site Scripting
Posted Oct 15, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

Snitz Forums 2000 version 3.4.07 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | fbe830d076100f57e540a54da49f464fced24007b9a5d42ebb17e035b7cbfe6b
Everfocus EDSR 1.4 Cam Exploit
Posted Oct 15, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

The Everfocus EDSR firmware fails to correctly handle authentication and sessions. This remote exploit takes advantages of versions 1.4 and below and lets you view the live cameras of remote DVRs.

tags | exploit, remote
SHA-256 | 10026da1a7949dc0eaf28f986ef241f8679e65ad5c74df580ec8f86a61a39823
Docebo 3.6.0.3 SQL Injection
Posted Oct 12, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

Docebo version 3.6.0.3 suffers multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | b44d0cf0d50db065e5a6ae908acb04cc296bb04b0e19cbdf643b9fc48097f468
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close