seeing is believing
Showing 1 - 23 of 23 RSS Feed

Files from Nikolas Sotiriu

Email addressnso-research at sotiriu.de
First Active2009-10-21
Last Active2015-03-13
Jolla Phone URI Spoofing
Posted Mar 13, 2015
Authored by Nikolas Sotiriu

Jolla Phone with Sailfish OS versions 1.1.1.27 and below suffer from a telephone URI spoofing vulnerability.

tags | exploit, telephony, spoof
MD5 | 57ef9596cf11861bdc97dd540ee415f4
SonicWALL GMS 6 Arbitrary File Upload
Posted Jan 25, 2013
Authored by Nikolas Sotiriu, juan vazquez, Julian Vilas | Site metasploit.com

This Metasploit module exploits a code execution flaw in SonicWALL GMS. It exploits two vulnerabilities in order to get its objective. An authentication bypass in the Web Administration interface allows to abuse the "appliance" application and upload an arbitrary payload embedded in a JSP. The module has been tested successfully on SonicWALL GMS 6.0.6017 over Windows 2003 SP2 and SonicWALL GMS 6.0.6022 Virtual Appliance (Linux). On the Virtual Appliance the linux meterpreter hasn't run successfully while testing, shell payload have been used.

tags | exploit, web, arbitrary, shell, vulnerability, code execution
systems | linux, windows
advisories | CVE-2013-1359, OSVDB-89347
MD5 | fc5d142b6cae0c846efb1124e670157a
SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x Remote Root
Posted Jan 18, 2013
Authored by Nikolas Sotiriu

SonicWALL GMS/VIEWPOINT version 6.x and Analyzer version 7.x remote root/SYSTEM exploit.

tags | exploit, remote, root
MD5 | 259a398de02d6e86d0ab39ede6b9ac5a
DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass
Posted Jan 18, 2013
Authored by Nikolas Sotiriu

SonicWALL GMS/Viewpoint/Analyzer suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2013-1360
MD5 | 641cf880a25f66d50e8865b8bafc450a
Symantec LiveUpdate Administrator Cross Site Request Forgery
Posted Mar 22, 2011
Authored by Nikolas Sotiriu

Symantec LiveUpdate Administrator suffers from a cross site request forgery vulnerability. Proof of concept is included.

tags | exploit, proof of concept, csrf
advisories | CVE-2011-0545
MD5 | a0b242faa4183e0293c59c3643526323
Majordomo2 Directory Traversal
Posted Mar 8, 2011
Authored by Nikolas Sotiriu

Majordomo2 suffers from a directory traversal vulnerability in the help command. The parameter named extra is not properly sanitized. Versions 20110203 and below are affected.

tags | exploit
advisories | CVE-2011-0063
MD5 | 009e712aa00f64012ca950521c30a071
DATEV Multiple Applications DLL Hijacking
Posted Jan 20, 2011
Authored by Nikolas Sotiriu

DATEV has multiple pieces of software that are affected by DLL hijacking vulnerabilities.

tags | advisory, vulnerability
MD5 | 67fee485683b4b96e1d4499f3050082c
McAfee LinuxShield 1.5.1 Remote Root Exploit
Posted Aug 28, 2010
Authored by Nikolas Sotiriu

McAfee LinuxShield versions 1.5.1 and below remote root code execution exploit.

tags | exploit, remote, root, code execution
MD5 | 270c53f7a4d54723b6c2f4abd48fed72
SonciWALL Aventail epi.dll AuthCredential Format String Exploit
Posted Aug 21, 2010
Authored by Nikolas Sotiriu, jduck | Site metasploit.com

This Metasploit module exploits a format string vulnerability within version 10.0.4.x and 10.5.1 of the SonicWALL Aventail SSL-VPN Endpoint Interrogator/Installer ActiveX control (epi.dll). By calling the 'AuthCredential' method with a specially crafted Unicode format string, an attacker can cause memory corruption and execute arbitrary code. Unfortunately, it does not appear to be possible to indirectly re-use existing stack data for more reliable exploitation. This is due to several particulars about this vulnerability. First, the format string must be a Unicode string, which uses two bytes per character. Second, the buffer is allocated on the stack using the 'alloca' function. As such, each additional format specifier (%x) will add four more bytes to the size allocated. This results in the inability to move the read pointer outside of the buffer. Further testing showed that using specifiers that pop more than four bytes does not help. Any number of format specifiers will result in accessing the same value within the buffer. NOTE: It may be possible to leverage the vulnerability to leak memory contents. However, that has not been fully investigated at this time.

tags | exploit, arbitrary, activex
MD5 | ed696145b958ba72cb078d78d73be31f
SonicWALL E-Class SSL-VPN ActiveX Control Format String Overflow
Posted Aug 20, 2010
Authored by Nikolas Sotiriu

SonicWALL E-Class SSL-VPN Active-X control suffers from a format string overflow.

tags | exploit, overflow, activex
MD5 | 99b58d5f89f587835cde84f1c9675e91
AnNoText Third-Party ActiveX Control File Overwrite
Posted Jun 20, 2010
Authored by Nikolas Sotiriu

The ArNoText third-party Active-X control suffers from a file overwrite vulnerability.

tags | advisory, activex
MD5 | d88847c968792aaa1da84d3e33956505
AnNoText Third-Party ActiveX Control Buffer Overflow
Posted Jun 20, 2010
Authored by Nikolas Sotiriu

The AnNoText third-party Active-X control suffers from a buffer overflow vulnerability.

tags | advisory, overflow, activex
MD5 | bb19df4f07c316f6b9c1c1fbd6835ee0
Authentium Command Free Scan Proof Of Concept
Posted Mar 5, 2010
Authored by Nikolas Sotiriu

Proof of concept exploit that demonstrates a buffer overflow in the Authentium Command On Demand Online scanner service.

tags | exploit, overflow, proof of concept
MD5 | 92398056d32ddcda9d3b045edb319371
Authentium Command Free Scan ActiveX Control Buffer Overflow
Posted Mar 5, 2010
Authored by Nikolas Sotiriu

Remote exploitation of a buffer overflow vulnerability in Authentium Command On Demand Online scanner service could allow an attacker to execute arbitrary code within the security context of the targeted user.

tags | advisory, remote, overflow, arbitrary
MD5 | 3ce799d522b4cfb1294d7eca4e2dfb2a
McAfee LinuxShield Proof Of Concept
Posted Mar 3, 2010
Authored by Nikolas Sotiriu | Site sotiriu.de

McAfee LinuxShield versions 1.5.1 and below remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2010-0689
MD5 | f5ca8a21cf6503b6170b3c63387e2069
McAfee LinuxShield Code Execution
Posted Mar 3, 2010
Authored by Nikolas Sotiriu | Site sotiriu.de

McAfee LinuxShield suffers from remote and local code execution vulnerabilities. Versions 1.5.1 and below are affected.

tags | advisory, remote, local, vulnerability, code execution
advisories | CVE-2010-0689
MD5 | d91779af8c5549a593884da139e78d24
DATEV Active-X Control Remote Command Execution
Posted Feb 26, 2010
Authored by Nikolas Sotiriu | Site sotiriu.de

The DATEV Active-X control suffers from a remote command execution vulnerability.

tags | advisory, remote, activex
advisories | CVE-2010-0689
MD5 | 4751b84357cfad67cddca8f9f4529f30
Panda Security Local Privilege Escalation 2010
Posted Jan 21, 2010
Authored by Nikolas Sotiriu | Site sotiriu.de

Panda Security suffers from a local privilege escalation vulnerability. Proof of concept code included. This is an updated version of the original advisory.

tags | advisory, local, proof of concept
MD5 | 5238ac1ab044e22e000f99aa4cced267
Panda Security Local Privilege Escalation
Posted Jan 11, 2010
Authored by Nikolas Sotiriu | Site sotiriu.de

Panda Security suffers from a local privilege escalation vulnerability. Proof of concept code included.

tags | exploit, local, proof of concept
MD5 | 905392baaa1a3168d86e52fbf8911106
Symantec ConsoleUtilities ActiveX Control Metasploit Exploit
Posted Nov 3, 2009
Authored by Nikolas Sotiriu | Site sotiriu.de

This Metasploit module exploits a stack overflow in Symantec ConsoleUtilities. By sending an overly long string to the "BrowseAndSaveFile()" method located in the AeXNSConsoleUtilities.dll (6.0.0.1846) Control, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2009-3031
MD5 | af9c77caa7285c2b431af6ba1a6c948d
Symantec ConsoleUtilities ActiveX Control Buffer Overflow
Posted Nov 3, 2009
Authored by Nikolas Sotiriu | Site sotiriu.de

The Symantec ConsoleUtilities Active-X control suffers from a buffer overflow vulnerability.

tags | advisory, overflow, activex
advisories | CVE-2009-3031
MD5 | 54e293ec4e99e8ca8322b4f95184e2bf
Websense Email Security Web Cross Site Scripting
Posted Oct 21, 2009
Authored by Nikolas Sotiriu | Site sotiriu.de

Websense Email Security suffers from a cross site scripting vulnerability. Proof of concept code included.

tags | exploit, xss, proof of concept
MD5 | dc4e383f65ff502591b67ad9deedb564
Websense Email Security Web Administrator DoS
Posted Oct 21, 2009
Authored by Nikolas Sotiriu | Site sotiriu.de

The Websense Email Security web administration frontend suffers from a remote denial of service vulnerability. Proof of concept code included.

tags | exploit, remote, web, denial of service, proof of concept
MD5 | 1d5cceb962cb6f2a9fb10f6049ace65d
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close