what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files from sqlhacker

Real NameHoyt LLC Research
Email addressprivate
First Active2010-09-21
Last Active2013-05-08
View User Profile

Personal Background

Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

Hoyt LLC combines litigation expertise with research and forensic analysis applied to Governance, Risk and Compliance systems.

URL http://www.cloudscan.me

Additional Details

Hoyt LLC is committed to protecting and securing end-users and personal information and the Hoyt LLC Research Blog and CDN Exploit Search is visible proof of our effort to provide training, education and knowledge into the Public Domain.

Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

When we fingerprint a critical (with authentication credentials) vulnerability, we develop a Private Security Notification and only disseminate information about the vulnerability, the risk it poses, and what customers can do to protect themselves against it, to the specific Vendor identified.

Non-authenticated vulnerabilities are investigated and report as identified consistent with Full Disclosure, which is immediate and simultaneous with Vendor notification.

Companies large and small need the help of security researchers whom discover emerging and known security vulnerabilities, our investigation and reporting on emerging vulnerabilities provide transparency to an otherwise opaque security picture of applications and products used in wide-scale deployment.

The identification and reporting of emerging and known vulnerabilities is more difficult when details of a vulnerability are made public before by another 3rd party prior to an update being developed. When such events occur, Full Disclosure is our primary consideration, in order to protect the Public against malicious attackers whom may exploit the vulnerability.

The responsibility for all software and hardware products rests with the Vendor alone, and we suggest that Vendors take that responsibility very seriously. Vulnerable Applications create Legal, Compliance and Regulatory exposure for all parties.

There has traditionally been an unwritten rule among security professionals that the discoverer of an emerging or known security vulnerability has an obligation to give the Vendor an opportunity to correct the vulnerability before publicly disclosing it. Once the Public are protected, Full Disclosure of the vulnerability is entirely in order, and helps the industry at large improve its products.

Hoyt LLC observes these established security research and vulnerability notification practices and comments that a security professional is acknowledged by a Vendor when they reported the vulnerability to a Vendor confidentially, worked with the Vendor to identify the scope and true risk, and helped the Vendor disseminate information about it after the threat was mitigated.


Brother MFC-9970CDW Firmware 0D Cross Site Scripting
Posted May 8, 2013
Authored by sqlhacker

Brother MFC-9970CDW Firmware 0D suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673, CVE-2013-2674, CVE-2013-2675, CVE-2013-2676
SHA-256 | 3420f3b475a358c1a02b1bf5b99838fcee8f5ab5d58b149eb50a76ae057e4a0f
Cisco Linksys E4200 Cross Site Scripting / Local File Inclusion
Posted May 7, 2013
Authored by sqlhacker

Cisco Linksys E4200 firmware suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
systems | cisco
advisories | CVE-2013-2678, CVE-2013-2679, CVE-2013-2680, CVE-2013-2681, CVE-2013-2682, CVE-2013-2683, CVE-2013-2684
SHA-256 | 59820449af959f72e12353106ed7dd3292754025d1b09dccf9477170e26b0b2e
Movable Type Pro 5.13en Cross Site Scripting
Posted Oct 20, 2012
Authored by sqlhacker

Movable Type Pro version 5.13en suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-1503
SHA-256 | bf82bb648dc9f22cb36a1677d8d850cec96c1e5d3c90e9d4374694ff15a16e67
JIRA / GreenHopper Cross Site Scripting
Posted Sep 4, 2012
Authored by sqlhacker

JIRA version 4.4.3 with GreenHopper version 5.9.8 suffers from cross site request forgery and stored cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
advisories | CVE-2012-1500
SHA-256 | eb467b467fc6222efa2c041bb7e3071fc8edfe9cce34a13f350ebc31b450647b
SmarterTools SmarterMail 8.0 Cross Site Scripting
Posted Mar 15, 2011
Authored by sqlhacker

SmarterTools SmarterMail version 8.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | d79dc1dfa1dea9c0c04be9585a4091dccd9d4c5cd706ede9b1b1418dce1a10e4
SmarterStats 6.0 XSS / DoS / Command Execution / Traversal
Posted Mar 11, 2011
Authored by sqlhacker

SmarterStats version 6.0 suffers from cross site scripting, denial of service, command execution, and directory traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, file inclusion
SHA-256 | 0836c7412eeb88d123a674b23d5f7ccaf25ad59b6cf315b294ccc95936d268b5
SmarterMail 7.x Cross Site Scripting / Shell Upload / Traversal
Posted Mar 10, 2011
Authored by sqlhacker

SmarterMail version 7.x suffers from cross site scripting, shell upload and directory traversal vulnerabilities.

tags | exploit, shell, vulnerability, xss, file inclusion
SHA-256 | 5542870334cfbed1b3626bc964047046d9f725188b24a641c1a04d3d7474cf98
Paypal.com Cross Site Scripting
Posted Nov 2, 2010
Authored by sqlhacker

Paypal.com suffers from header injection and cross site scripting vulnerabilities. The cross site scripting works against Chrome and Safari but not Internet Explorer 8.

tags | exploit, vulnerability, xss
SHA-256 | 34df326662e37124a69232c034611719bc24fe687fe186213c04c2af98781253
Plesk Small Business Manager 10.2 Cross Site Scripting / SQL Injection
Posted Oct 24, 2010
Authored by sqlhacker

Plesk Small Business Manager version 10.2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 4875002bc8592473f63668e32dd0729cd9ea682f1ec0de433cc123fa108a819c
SmarterMail 7.x LDAP Injection
Posted Oct 4, 2010
Authored by sqlhacker

SmarterMail version 7.2.3925 suffers from a LDAP injection vulnerability.

tags | exploit
SHA-256 | a35fb51611d497bf74601e9a950e6412d34cb7726e467546312f6d499af71053
SmarterMail 7.x Cross Site Scripting
Posted Oct 4, 2010
Authored by sqlhacker

SmarterMail version 7.2.3925 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5e568360a60db57bdd1502c94d5f663903dea56acbe16bd8ebfff52f2f4820ef
SmarterMail 7.1.3876 Directory Traversal
Posted Sep 21, 2010
Authored by sqlhacker

SmarterMail version 7.1.3876 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | ace2442491053747a431df1026f5e2044cc7284a386c1e83455a87398d2d70fa
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    27 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close