exploit the possibilities
Showing 1 - 12 of 12 RSS Feed

Files from Harry Sintonen

First Active2011-02-03
Last Active2020-02-21
D-Link DGS-1250 Header Injection
Posted Feb 21, 2020
Authored by Harry Sintonen

D-Link DGS-1250 suffers from a header injection vulnerability that can be leveraged through cross site scripting.

tags | exploit, xss
MD5 | 56529bffd14f3b239cc24f418e85ace4
SCP Server Verification Issues
Posted Jan 16, 2019
Authored by Harry Sintonen

Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output.

tags | advisory, spoof, vulnerability
advisories | CVE-2000-0992, CVE-2018-20684, CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111
MD5 | d3b18a0146f2be70c357e933eb037d03
MagniComp SysInfo Information Exposure
Posted Jun 18, 2018
Authored by Harry Sintonen

MagniComp SysInfo contains a information exposure vulnerability through debug functionality. Versions SysInfo 10-H81 and above are not affected.

tags | exploit, info disclosure
advisories | CVE-2018-7268
MD5 | 05af244c6663efde83caac79a67b4878
foilChat Sign Up Email PIN Confirmation Bypass
Posted May 29, 2018
Authored by Harry Sintonen

The foilChat backend fails to prevent brute force attempts of the PIN code. An attacker can attempt all 10000 different PIN codes until the correct one is found, and then use the correct PIN to complete the registration.

tags | exploit, bypass
MD5 | ed66fc5f06d2663c3de5842073089e5c
MagniComp SysInfo Information Exposure
Posted May 18, 2018
Authored by Harry Sintonen

MagniComp SysInfo contains an information exposure vulnerability through debug functionality.

tags | advisory
advisories | CVE-2018-7268
MD5 | 3224c8cead424f2b911c426520c8d444
GNU Wget 1.19.4 Cookie Injection
Posted May 7, 2018
Authored by Harry Sintonen

GNU Wget versions 1.7 through 1.19.4 suffer from a cookie injection vulnerability.

tags | exploit
advisories | CVE-2018-0494
MD5 | 3c4e4ced5155828eab13437319ee72a3
aws-cfn-bootstrap Local Code Execution
Posted Dec 1, 2017
Authored by Harry Sintonen

aws-cfn-bootstrap versions prior to 1.4-22.14 suffer from a local code execution vulnerability.

tags | exploit, local, code execution
advisories | CVE-2017-9450
MD5 | 959ceb0942bc38ddb3afd790bfa315c3
QNAP QTS Remote Command Injection
Posted Apr 6, 2017
Authored by Harry Sintonen

QNAP QTS suffers from multiple command injection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2017-6359, CVE-2017-6360, CVE-2017-6361
MD5 | 8a60f0133f5885926f3653003951a642
QNAP QTS 4.2.x XSS / Command Injection / Transport Issues
Posted Feb 15, 2017
Authored by Harry Sintonen

QNAP QTS firmware contain missing transport layer security, improper certificate validation, command injection, cross site scripting, and information disclosure vulnerabilities that can be exploited to gain remote command execution to the devices or to perform arbitrary administrative functions, and to gain unauthorized access to user's myQNAPcloud credentials.

tags | exploit, remote, arbitrary, vulnerability, xss, info disclosure
MD5 | d2f40263a5f38946b87e4bdeba0dabc9
GNU tar 1.29 Extract Pathname Bypass
Posted Oct 27, 2016
Authored by Harry Sintonen

The GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line. Versions 1.14 through 1.29 are affected.

tags | exploit, bypass
advisories | CVE-2016-6321
MD5 | d3225fb0115eb0e014c2558c2c124a7d
ASUS Router Authentication Bypass / Cross Site Scripting
Posted Feb 22, 2014
Authored by Harry Sintonen

ASUS routers suffer from authentication bypass and cross site scripting vulnerabilities, among the recent flurry of other issues that have surfaced.

tags | exploit, vulnerability, xss, bypass
MD5 | b279b669b64a724bae3e2726e9edf374
VLC Media Player Memory Corruption
Posted Feb 3, 2011
Authored by Harry Sintonen

VLC Media Player suffers from a subtitle StripTags() function memory corruption vulnerability.

tags | exploit
advisories | CVE-2011-0522
MD5 | d1fd8f257e9c0871b1320c799e238d3d
Page 1 of 1
Back1Next

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    13 Files
  • 28
    May 28th
    18 Files
  • 29
    May 29th
    17 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close