exploit the possibilities
Showing 1 - 11 of 11 RSS Feed

Files from Harry Sintonen

First Active2011-02-03
Last Active2019-01-16
SCP Server Verification Issues
Posted Jan 16, 2019
Authored by Harry Sintonen

Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output.

tags | advisory, spoof, vulnerability
advisories | CVE-2000-0992, CVE-2018-20684, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111
MD5 | d3b18a0146f2be70c357e933eb037d03
MagniComp SysInfo Information Exposure
Posted Jun 18, 2018
Authored by Harry Sintonen

MagniComp SysInfo contains a information exposure vulnerability through debug functionality. Versions SysInfo 10-H81 and above are not affected.

tags | exploit, info disclosure
advisories | CVE-2018-7268
MD5 | 05af244c6663efde83caac79a67b4878
foilChat Sign Up Email PIN Confirmation Bypass
Posted May 29, 2018
Authored by Harry Sintonen

The foilChat backend fails to prevent brute force attempts of the PIN code. An attacker can attempt all 10000 different PIN codes until the correct one is found, and then use the correct PIN to complete the registration.

tags | exploit, bypass
MD5 | ed66fc5f06d2663c3de5842073089e5c
MagniComp SysInfo Information Exposure
Posted May 18, 2018
Authored by Harry Sintonen

MagniComp SysInfo contains an information exposure vulnerability through debug functionality.

tags | advisory
advisories | CVE-2018-7268
MD5 | 3224c8cead424f2b911c426520c8d444
GNU Wget 1.19.4 Cookie Injection
Posted May 7, 2018
Authored by Harry Sintonen

GNU Wget versions 1.7 through 1.19.4 suffer from a cookie injection vulnerability.

tags | exploit
advisories | CVE-2018-0494
MD5 | 3c4e4ced5155828eab13437319ee72a3
aws-cfn-bootstrap Local Code Execution
Posted Dec 1, 2017
Authored by Harry Sintonen

aws-cfn-bootstrap versions prior to 1.4-22.14 suffer from a local code execution vulnerability.

tags | exploit, local, code execution
advisories | CVE-2017-9450
MD5 | 959ceb0942bc38ddb3afd790bfa315c3
QNAP QTS Remote Command Injection
Posted Apr 6, 2017
Authored by Harry Sintonen

QNAP QTS suffers from multiple command injection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2017-6359, CVE-2017-6360, CVE-2017-6361
MD5 | 8a60f0133f5885926f3653003951a642
QNAP QTS 4.2.x XSS / Command Injection / Transport Issues
Posted Feb 15, 2017
Authored by Harry Sintonen

QNAP QTS firmware contain missing transport layer security, improper certificate validation, command injection, cross site scripting, and information disclosure vulnerabilities that can be exploited to gain remote command execution to the devices or to perform arbitrary administrative functions, and to gain unauthorized access to user's myQNAPcloud credentials.

tags | exploit, remote, arbitrary, vulnerability, xss, info disclosure
MD5 | d2f40263a5f38946b87e4bdeba0dabc9
GNU tar 1.29 Extract Pathname Bypass
Posted Oct 27, 2016
Authored by Harry Sintonen

The GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line. Versions 1.14 through 1.29 are affected.

tags | exploit, bypass
advisories | CVE-2016-6321
MD5 | d3225fb0115eb0e014c2558c2c124a7d
ASUS Router Authentication Bypass / Cross Site Scripting
Posted Feb 22, 2014
Authored by Harry Sintonen

ASUS routers suffer from authentication bypass and cross site scripting vulnerabilities, among the recent flurry of other issues that have surfaced.

tags | exploit, vulnerability, xss, bypass
MD5 | b279b669b64a724bae3e2726e9edf374
VLC Media Player Memory Corruption
Posted Feb 3, 2011
Authored by Harry Sintonen

VLC Media Player suffers from a subtitle StripTags() function memory corruption vulnerability.

tags | exploit
advisories | CVE-2011-0522
MD5 | d1fd8f257e9c0871b1320c799e238d3d
Page 1 of 1
Back1Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close