what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

Files from Ivan Huertas

First Active2010-01-20
Last Active2020-04-29
Open-AudIT 3.2.2 Command Injection / SQL Injection
Posted Apr 29, 2020
Authored by Core Security Technologies, Ivan Huertas, Pablo A. Zurro | Site coresecurity.com

Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file upload
advisories | CVE-2020-11941, CVE-2020-11942, CVE-2020-11943
MD5 | 7ea2efd5fece16f023d6a11fbc170dd9
QNAP Q'Center change_passwd Command Execution
Posted Jul 17, 2018
Authored by Ivan Huertas, Brendan Coles | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the change_passwd API method within the web interface of QNAP Q'Center virtual appliance versions prior to 1.7.1083. The vulnerability allows the 'admin' privileged user account to execute arbitrary commands as the 'admin' operating system user. Valid credentials for the 'admin' user account are required, however, this module also exploits a separate password disclosure issue which allows any authenticated user to view the password set for the 'admin' user during first install. This Metasploit module has been tested successfully on QNAP Q'Center appliance version 1.6.1075.

tags | exploit, web, arbitrary
advisories | CVE-2018-0706, CVE-2018-0707
MD5 | 53cb0615ae05a91ee87abd7989407825
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
Posted Jul 11, 2018
Authored by Core Security Technologies, Ivan Huertas | Site coresecurity.com

QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2018-0706, CVE-2018-0707, CVE-2018-0708, CVE-2018-0709, CVE-2018-0710
MD5 | d0c0ba61b46957bc948ee79547357e3f
Dell EMC Isilon OneFS XSS / Path Traversal
Posted Mar 22, 2018
Authored by Ivan Huertas, Maximiliano Vidal | Site emc.com

Dell EMC Isilon OneFS suffers from incorrect authorization, cross site request forgery, and path traversal vulnerabilities.

tags | advisory, vulnerability, csrf
advisories | CVE-2018-1186, CVE-2018-1187, CVE-2018-1188, CVE-2018-1189, CVE-2018-1201, CVE-2018-1202, CVE-2018-1203, CVE-2018-1204, CVE-2018-1213
MD5 | f9d41f0c15b683d497eb034c90876dbf
Dell EMC Isilon OneFS XSS / Code Execution / CSRF
Posted Feb 14, 2018
Authored by Core Security Technologies, Ivan Huertas, Maximiliano Vidal | Site coresecurity.com

Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss, csrf
advisories | CVE-2018-1186, CVE-2018-1187, CVE-2018-1188, CVE-2018-1189, CVE-2018-1201, CVE-2018-1202, CVE-2018-1203, CVE-2018-1204, CVE-2018-1213
MD5 | 035ddfcb8a7d024e325b9f233a3d9bcf
Lenovo ShareIT Information Disclosure / Hardcoded Password
Posted Jan 25, 2016
Authored by Core Security Technologies, Ivan Huertas | Site coresecurity.com

Lenovo ShareIT suffers from hard-coded password, information exposure, missing encryption, and missing authorization vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2016-1489, CVE-2016-1490, CVE-2016-1491, CVE-2016-1492
MD5 | 498b12c9f26fa23e69a5e2b0a2958b51
Blackberry WebDesktop Cross Site Scripting
Posted Apr 14, 2011
Authored by Ivan Huertas | Site cybsec.com

CYBSEC Security Advisory - A cross site scripting vulnerability was found in Blackberry WebDektop, because the application fails to sanitize user-supplied input. The vulnerability can be triggered if a logged-in user follows a specially crafted link, executing malicious Javascript code on the user's browser.

tags | exploit, javascript, xss
MD5 | bca58248805b1a49a927d605be7140c8
InterScan Web Security Virtual Appliance 5.0 Cross Site Scripting
Posted Jul 2, 2010
Authored by Ivan Huertas | Site cybsec.com

InterScan Web Security Virtual Appliance version 5.0 suffers from a permanent cross site scripting vulnerability.

tags | exploit, web, xss
MD5 | ca41eb0f5623dc1002983ae31a9964a2
InterScan Web Security 5.0 Arbitrary File Download
Posted Jun 25, 2010
Authored by Ivan Huertas | Site cybsec.com

InterScan Web Security version 5.0 suffers from an arbitrary file download vulnerability.

tags | exploit, web, arbitrary
MD5 | 28f245f6cfa32ca38d5f35c892bc5416
InterScan Web Security 5.0 Arbitrary File Upload
Posted Jun 25, 2010
Authored by Ivan Huertas | Site cybsec.com

InterScan Web Security version 5.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, web, arbitrary, file upload
MD5 | c57464769e11c24d34fdbbe784aabd70
InterScan Web Security 5.0 Local Privilege Escalation
Posted Jun 25, 2010
Authored by Ivan Huertas | Site cybsec.com

InterScan Web Security version 5.0 suffers from a local privilege escalation vulnerability.

tags | exploit, web, local
MD5 | 1f9f334972f609879413a170327b4628
CYBSEC - FreePBX 2.5.1 SQL Injection
Posted Jan 20, 2010
Authored by Ivan Huertas | Site cybsec.com

CYBSEC Security Advisory - FreePBX version 2.5.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0a874444640c3ffb708b63966806c3a5
CYBSEC - FreePBX 2.5.x / 2.6.0 XSS
Posted Jan 20, 2010
Authored by Ivan Huertas | Site cybsec.com

CYBSEC Security Advisory - FreePBX versions 2.5.x and 2.6.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b43ef03d6406d43f7306b895b7506013
CYBSEC - FreePBX 2.5.x Information Disclosure
Posted Jan 20, 2010
Authored by Ivan Huertas | Site cybsec.com

CYBSEC Security Advisory - FreePBX 2.5.x suffers from an administrator password disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 31faa220f5de1185e390d5817479cc7a
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close