what you don't know can hurt you
Showing 1 - 12 of 12 RSS Feed

Files from sqlhacker

Real NameHoyt LLC Research
Email addressprivate
First Active2010-09-21
Last Active2013-05-08
View User Profile

Personal Background

Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

Hoyt LLC combines litigation expertise with research and forensic analysis applied to Governance, Risk and Compliance systems.

URL http://www.cloudscan.me

Additional Details

Hoyt LLC is committed to protecting and securing end-users and personal information and the Hoyt LLC Research Blog and CDN Exploit Search is visible proof of our effort to provide training, education and knowledge into the Public Domain.

Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

When we fingerprint a critical (with authentication credentials) vulnerability, we develop a Private Security Notification and only disseminate information about the vulnerability, the risk it poses, and what customers can do to protect themselves against it, to the specific Vendor identified.

Non-authenticated vulnerabilities are investigated and report as identified consistent with Full Disclosure, which is immediate and simultaneous with Vendor notification.

Companies large and small need the help of security researchers whom discover emerging and known security vulnerabilities, our investigation and reporting on emerging vulnerabilities provide transparency to an otherwise opaque security picture of applications and products used in wide-scale deployment.

The identification and reporting of emerging and known vulnerabilities is more difficult when details of a vulnerability are made public before by another 3rd party prior to an update being developed. When such events occur, Full Disclosure is our primary consideration, in order to protect the Public against malicious attackers whom may exploit the vulnerability.

The responsibility for all software and hardware products rests with the Vendor alone, and we suggest that Vendors take that responsibility very seriously. Vulnerable Applications create Legal, Compliance and Regulatory exposure for all parties.

There has traditionally been an unwritten rule among security professionals that the discoverer of an emerging or known security vulnerability has an obligation to give the Vendor an opportunity to correct the vulnerability before publicly disclosing it. Once the Public are protected, Full Disclosure of the vulnerability is entirely in order, and helps the industry at large improve its products.

Hoyt LLC observes these established security research and vulnerability notification practices and comments that a security professional is acknowledged by a Vendor when they reported the vulnerability to a Vendor confidentially, worked with the Vendor to identify the scope and true risk, and helped the Vendor disseminate information about it after the threat was mitigated.


Brother MFC-9970CDW Firmware 0D Cross Site Scripting
Posted May 8, 2013
Authored by sqlhacker

Brother MFC-9970CDW Firmware 0D suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673, CVE-2013-2674, CVE-2013-2675, CVE-2013-2676
MD5 | 0d8bdb968553b01ecc76058a81ce535c
Cisco Linksys E4200 Cross Site Scripting / Local File Inclusion
Posted May 7, 2013
Authored by sqlhacker

Cisco Linksys E4200 firmware suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
systems | cisco
advisories | CVE-2013-2678, CVE-2013-2679, CVE-2013-2680, CVE-2013-2681, CVE-2013-2682, CVE-2013-2683, CVE-2013-2684
MD5 | 97db9ffc803e72b8c6f25adb23f46b58
Movable Type Pro 5.13en Cross Site Scripting
Posted Oct 20, 2012
Authored by sqlhacker

Movable Type Pro version 5.13en suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-1503
MD5 | 60c3615d9f50457bbcce60c86e4b3e8a
JIRA / GreenHopper Cross Site Scripting
Posted Sep 4, 2012
Authored by sqlhacker

JIRA version 4.4.3 with GreenHopper version 5.9.8 suffers from cross site request forgery and stored cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
advisories | CVE-2012-1500
MD5 | e97fc10979e0500d191efb502c393647
SmarterTools SmarterMail 8.0 Cross Site Scripting
Posted Mar 15, 2011
Authored by sqlhacker

SmarterTools SmarterMail version 8.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | d57d839d28f3158f2cd8712feb32f327
SmarterStats 6.0 XSS / DoS / Command Execution / Traversal
Posted Mar 11, 2011
Authored by sqlhacker

SmarterStats version 6.0 suffers from cross site scripting, denial of service, command execution, and directory traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, file inclusion
MD5 | b1b5012789df9d63839114329836fefa
SmarterMail 7.x Cross Site Scripting / Shell Upload / Traversal
Posted Mar 10, 2011
Authored by sqlhacker

SmarterMail version 7.x suffers from cross site scripting, shell upload and directory traversal vulnerabilities.

tags | exploit, shell, vulnerability, xss, file inclusion
MD5 | 1b65bc1200b358217af5ea2cff2292e2
Paypal.com Cross Site Scripting
Posted Nov 2, 2010
Authored by sqlhacker

Paypal.com suffers from header injection and cross site scripting vulnerabilities. The cross site scripting works against Chrome and Safari but not Internet Explorer 8.

tags | exploit, vulnerability, xss
MD5 | 351c3fb9017b92e95f8cf27295c017d5
Plesk Small Business Manager 10.2 Cross Site Scripting / SQL Injection
Posted Oct 24, 2010
Authored by sqlhacker

Plesk Small Business Manager version 10.2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 57c5ba485c09dbcf82a0961aba8a0ce8
SmarterMail 7.x LDAP Injection
Posted Oct 4, 2010
Authored by sqlhacker

SmarterMail version 7.2.3925 suffers from a LDAP injection vulnerability.

tags | exploit
MD5 | 334ba6e00926bddf88abe2b21ebd0332
SmarterMail 7.x Cross Site Scripting
Posted Oct 4, 2010
Authored by sqlhacker

SmarterMail version 7.2.3925 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 09cf5ae100dedb7d8df3ec0f411330bb
SmarterMail 7.1.3876 Directory Traversal
Posted Sep 21, 2010
Authored by sqlhacker

SmarterMail version 7.1.3876 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 198a340c0462c2c61592a8c59c2dfe5a
Page 1 of 1
Back1Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close