exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files from Harry Sintonen

First Active2011-02-03
Last Active2021-05-18
NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery
Posted May 18, 2021
Authored by Harry Sintonen

NiceHash Miner Excavator versions 1.6.7c and below suffer from a cross site request forgery vulnerability. The issue enables any external web site to send commands to the local miner instance, and to redirect the mined coins to an arbitrary mining address.

tags | exploit, web, arbitrary, local, csrf
SHA-256 | fb87f0499aef3335445d3f11dca696cc51f521e079a6ba1f2728e565105afbc1
D-Link DGS-1250 Header Injection
Posted Feb 21, 2020
Authored by Harry Sintonen

D-Link DGS-1250 suffers from a header injection vulnerability that can be leveraged through cross site scripting.

tags | exploit, xss
SHA-256 | 7d7d9f8705c8fb7f26571e187596182c238f6573faea1c552faf5d97d4edd1f2
SCP Server Verification Issues
Posted Jan 16, 2019
Authored by Harry Sintonen

Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output.

tags | advisory, spoof, vulnerability
advisories | CVE-2000-0992, CVE-2018-20684, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111
SHA-256 | 7fa072fc8f371c8cc4668eb863810286b6651faaf3b8efdcdeee1bc7d0a40099
MagniComp SysInfo Information Exposure
Posted Jun 18, 2018
Authored by Harry Sintonen

MagniComp SysInfo contains a information exposure vulnerability through debug functionality. Versions SysInfo 10-H81 and above are not affected.

tags | exploit, info disclosure
advisories | CVE-2018-7268
SHA-256 | e65b31b24a3d31f12c130df16191c10f3cdae0c77df7a247af307f1e92f05036
foilChat Sign Up Email PIN Confirmation Bypass
Posted May 29, 2018
Authored by Harry Sintonen

The foilChat backend fails to prevent brute force attempts of the PIN code. An attacker can attempt all 10000 different PIN codes until the correct one is found, and then use the correct PIN to complete the registration.

tags | exploit, bypass
SHA-256 | a7b76e238cdcac06ca5048bc7322bc06668b0a3e78ef4545e1699f1b0c8f632f
MagniComp SysInfo Information Exposure
Posted May 18, 2018
Authored by Harry Sintonen

MagniComp SysInfo contains an information exposure vulnerability through debug functionality.

tags | advisory
advisories | CVE-2018-7268
SHA-256 | 879a6ff414ac55de6ca9ce6b7ca2e8ee7838c3d369cadf9baf7679892f4ab20e
GNU Wget 1.19.4 Cookie Injection
Posted May 7, 2018
Authored by Harry Sintonen

GNU Wget versions 1.7 through 1.19.4 suffer from a cookie injection vulnerability.

tags | exploit
advisories | CVE-2018-0494
SHA-256 | b72d6af0b5fe5fde5c7651980f119d80e8e2748eee305bde3f06e6b5d7c00dd2
aws-cfn-bootstrap Local Code Execution
Posted Dec 1, 2017
Authored by Harry Sintonen

aws-cfn-bootstrap versions prior to 1.4-22.14 suffer from a local code execution vulnerability.

tags | exploit, local, code execution
advisories | CVE-2017-9450
SHA-256 | e55f000394534026ef308ace6b8be3431f31512efa0ee6f2a2ffa1222ab1e1d5
QNAP QTS Remote Command Injection
Posted Apr 6, 2017
Authored by Harry Sintonen

QNAP QTS suffers from multiple command injection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2017-6359, CVE-2017-6360, CVE-2017-6361
SHA-256 | 343c3dd2c8af1703505203d51d06fca1f4b6fd98b7dbcb44ab5aad7c30af0005
QNAP QTS 4.2.x XSS / Command Injection / Transport Issues
Posted Feb 15, 2017
Authored by Harry Sintonen

QNAP QTS firmware contain missing transport layer security, improper certificate validation, command injection, cross site scripting, and information disclosure vulnerabilities that can be exploited to gain remote command execution to the devices or to perform arbitrary administrative functions, and to gain unauthorized access to user's myQNAPcloud credentials.

tags | exploit, remote, arbitrary, vulnerability, xss, info disclosure
SHA-256 | 2338d54a3f3425f4ef6945698a4d1e0725c1aeb60607671654d4a0472c4453d7
GNU tar 1.29 Extract Pathname Bypass
Posted Oct 27, 2016
Authored by Harry Sintonen

The GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line. Versions 1.14 through 1.29 are affected.

tags | exploit, bypass
advisories | CVE-2016-6321
SHA-256 | 9872f2b8fb9c8365d6367de929e2a9d9f3744c7e6f836aad204d328392324992
ASUS Router Authentication Bypass / Cross Site Scripting
Posted Feb 22, 2014
Authored by Harry Sintonen

ASUS routers suffer from authentication bypass and cross site scripting vulnerabilities, among the recent flurry of other issues that have surfaced.

tags | exploit, vulnerability, xss, bypass
SHA-256 | 6edc73bc09482eb4146ba7e7fb7884eac6f18e8dcfb66db1d1ad2bd22fd6087e
VLC Media Player Memory Corruption
Posted Feb 3, 2011
Authored by Harry Sintonen

VLC Media Player suffers from a subtitle StripTags() function memory corruption vulnerability.

tags | exploit
advisories | CVE-2011-0522
SHA-256 | 1844be25e4af847b0acec66eb3fc23968dedba8261216ebd1b34ec5ac695ca3e
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close