exploit the possibilities
Showing 1 - 14 of 14 RSS Feed

Files from Andrea Fabrizi

Email addressandrea.fabrizi at gmail.com
First Active2009-10-12
Last Active2013-12-23
Synology DSM 4.3-3810 Directory Traversal
Posted Dec 23, 2013
Authored by Andrea Fabrizi

Synology DSM versions 4.3-3810 and below suffer from multiple directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
advisories | CVE-2013-6987
MD5 | 687cd26d028802d87baba903d51eddd8
Synology DSM 4.3-3776 XSS / File Disclosure / Command Injection
Posted Sep 10, 2013
Authored by Andrea Fabrizi

Synology DSM versions 4.3-3776 and below suffer from remote file download, content disclosure, cross site scripting, and command injection vulnerabilities.

tags | exploit, remote, vulnerability, xss
MD5 | 6c00be8290adce9b359270546e099bd6
Samsung DVR Authentication Bypass
Posted Aug 20, 2013
Authored by Andrea Fabrizi

Samsung DVRs put usernames and passwords base64 encoded into cookies. They also fail to validate the cookies in many places, so any values work, allowing for authentication bypass. A proof of concept exploit that lists all users and passwords is included.

tags | exploit, proof of concept, bypass
MD5 | 2b4dcb70387cbebcb1fc92c1e2470d57
Buffalo TeraStation TS-Series Command Execution
Posted Jan 30, 2013
Authored by Andrea Fabrizi

Buffalo TeraStation TS-Series with firmware versions 1.5.7 and below suffer from file disclosure and command injection vulnerabilities.

tags | exploit, vulnerability
MD5 | 1844ebbca7c70be3247d2690c41e1a22
Visual Tools DVR Command Injection / Password Disclosure
Posted Oct 16, 2012
Authored by Andrea Fabrizi | Site andreafabrizi.it

Visual Tools DVR VS Series versions 3.0.6.16 and below and VX Series versions 4.2.19.2 and below suffer from administrative password disclosure, default administrative password, log file disclosure, command injection, and insecure permission vulnerabilities.

tags | exploit, vulnerability, info disclosure
MD5 | a03003360258fa2e36f5e932144fb30a
QNAP Turbo NAS 3.7.3 File Disclosure
Posted Sep 5, 2012
Authored by Andrea Fabrizi

QNAP Turbo NAS versions 3.7.3 build 20120801 and below suffer from arbitrary file read and modify vulnerabilities.

tags | exploit, arbitrary, vulnerability, info disclosure
MD5 | 5044da1f0c415fa44ef573f1d7a63e1b
Novell Sentinel Log Manager 1.2.0.1 Directory Traversal
Posted Dec 18, 2011
Authored by Andrea Fabrizi

Novell Sentinel Log Manager versions 1.2.0.1 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 91fc147cc39230f92cdff52d4255047b
Joomla VirtueMart 1.1.6 Blind SQL Injection
Posted Jan 31, 2011
Authored by Andrea Fabrizi | Site andreafabrizi.it

Joomla VirtueMart component versions 1.1.6 and below suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b2bdbfb17f7d2dc67b70d729c6cdcca5
PRISM ICMP Reverse Shell 0.5
Posted Jan 18, 2010
Authored by Andrea Fabrizi | Site andreafabrizi.it

PRISM is an user space reverse shell backdoor. It offers ICMP mode where it awaits a packet containing a security key and host ip / port destination information. It also offers static mode where it can connect to a hardcoded ip / port.

tags | tool, shell, rootkit
systems | unix
MD5 | d04896b721a34b8b9a33fd2ae0c5d892
PhpShop 0.8.1 SQL Injection / XSS / XSRF
Posted Dec 7, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

PhpShop version 0.8.1 suffers from remote SQL injection, blind SQL injection, cross site scripting, and cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | 3256962719f34b305a82d435760fa678
3Com OfficeConnect Command Execution
Posted Oct 19, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

3Com OfficeConnect routers appear to suffer from password disclosure and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, info disclosure
MD5 | 2f4913a4352e4667095dbb2ac7366d70
Snitz Forums 2000 3.4.07 Cross Site Scripting
Posted Oct 15, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

Snitz Forums 2000 version 3.4.07 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 723dc377285c76b63c7e551c10519663
Everfocus EDSR 1.4 Cam Exploit
Posted Oct 15, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

The Everfocus EDSR firmware fails to correctly handle authentication and sessions. This remote exploit takes advantages of versions 1.4 and below and lets you view the live cameras of remote DVRs.

tags | exploit, remote
MD5 | 0110c0963015b92c7829d39f94c7d024
Docebo 3.6.0.3 SQL Injection
Posted Oct 12, 2009
Authored by Andrea Fabrizi | Site andreafabrizi.it

Docebo version 3.6.0.3 suffers multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | d3cbfd1f1ae0e7166b1f31fdb543af2d
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close