exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files from Jonathan Claudius

First Active2012-01-04
Last Active2024-09-01
Bitweaver Overlay_type Directory Traversal
Posted Sep 1, 2024
Authored by sinn3r, Jonathan Claudius, David Aaron | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in Bitweaver. When handling the overlay_type parameter, view_overlay.php fails to do any path checking/filtering, which can be abused to read any file outside the virtual directory.

tags | exploit, php
advisories | CVE-2012-5192
SHA-256 | 75260c8739219589832630db597ad076c6fa9dee26583aeb19f2537f54e959f0
Cisco SSL VPN Bruteforce Login Utility
Posted Sep 1, 2024
Authored by Jonathan Claudius | Site metasploit.com

This Metasploit module scans for Cisco SSL VPN web login portals and performs login brute force to identify valid credentials.

tags | exploit, web
systems | cisco
SHA-256 | cea0de13f28a90462c07f1d96698ab71bf78ffa2ebf791ddbdfadacb8169b908
WordPress XMLRPC GHOST Scanner
Posted Sep 1, 2024
Authored by Christophe de la Fuente, Jonathan Claudius, Christian Mehlmauer, Karl Sigler, Chaim Sanders, Robert Rowley, Felipe Costa | Site metasploit.com

This Metasploit module can be used to determine hosts vulnerable to the GHOST vulnerability via a call to the WordPress XMLRPC interface. If the target is vulnerable, the system will segfault and return a server error. On patched systems, a normal XMLRPC error is returned.

tags | exploit
advisories | CVE-2015-0235
SHA-256 | 0f56392ccd813c8e84a11e14ba4b1ff6a1b54575734b7fa3a67388cb4aa01425
Cisco ASA Clientless SSL VPN (WebVPN) Brute-force Login Utility
Posted Sep 1, 2024
Authored by Jonathan Claudius, jbaines-r7 | Site metasploit.com

This Metasploit module scans for Cisco ASA Clientless SSL VPN (WebVPN) web login portals and performs login brute-force to identify valid credentials.

tags | exploit, web
systems | cisco
SHA-256 | 983f31bd8edeeb35f86c4eda6d8e40112b381f09fec355e208711ecccd89c799
Plixer Scrutinizer NetFlow And SFlow Analyzer HTTP Authentication Bypass
Posted Aug 31, 2024
Authored by MC, sinn3r, Jonathan Claudius, Tanya Secker | Site metasploit.com

This will add an administrative account to Scrutinizer NetFlow and sFlow Analyzer without any authentication. Versions such as 9.0.1 or older are affected.

tags | exploit
advisories | CVE-2012-2626
SHA-256 | 49a2f85914fe62a59a5b35436be0129aeb6f0625b2437d7ef4016b0001eb50ea
Vino VNC Server 3.7.3 Denial Of Service
Posted Sep 17, 2013
Authored by Jonathan Claudius | Site trustwave.com

The Vino VNC server, which is also the default VNC server in Ubuntu (3.4.2-0ubuntu1.2), is vulnerable to a persistent denial of service vulnerability. The vulnerability is triggered when a VNC client, who claims to only support protocol version 3.3, sends malformed data during the authentication selection stage of the authentication process.

tags | exploit, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2013-5745
SHA-256 | 2a86c57ec668584e1c10178732acfc9a1b36983b15434b763d969877df0a7998
Cisco IKE Implementation Group Name Enumeration
Posted Apr 19, 2013
Authored by Jonathan Claudius | Site trustwave.com

Cisco ASA versions 8.4(2), 8.4(5), and 9.1(1) suffer from a group name enumeration vulnerability in their IKE implementation.

tags | exploit
systems | cisco
advisories | CVE-2013-1194
SHA-256 | 7a3a1b289b63638a076af1a5703754d8bf858f40ec5baec07c9f385998b4caad
Bitweaver 2.8.1 Cross Site Scripting / Local File Inclusion
Posted Oct 25, 2012
Authored by Jonathan Claudius, David Aaron | Site trustwave.com

Bitweaver version 2.8.1 suffers from local file inclusion and multiple cross site scripting vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2012-5192, CVE-2012-5193
SHA-256 | 47ea855b5b88d6c3266a6179cebd05aafa03ffcf5121153a984f4e7fad08a2bc
Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential
Posted Aug 8, 2012
Authored by sinn3r, Mario Ceballos, Jonathan Claudius, Tanya Secker | Site metasploit.com

This exploits an insecure config found in Scrutinizer NetFlow & sFlow Analyzer. By default, the software installs a default password in MySQL, and binds the service to "0.0.0.0". This allows any remote user to login to MySQL, and then gain arbitrary remote code execution under the context of 'SYSTEM'. Examples of default credentials include: 'scrutinizer:admin', and 'scrutremote:admin'.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2012-3951, OSVDB-84317
SHA-256 | 61e06a2fa99c7125dcd2af5faeafdcb8556b0880070d66206fa0180b420ee612
Scrutinizer NetFlow / sFlow Analyzer 9.0.1 XSS / Bypass / File Upload
Posted Jul 29, 2012
Authored by Mario Ceballos, Jonathan Claudius | Site trustwave.com

Scrutinizer NetFlow and sFlow Analyzer versions 9.0.1 and below suffer from bypass, cross site scripting, and remote file upload vulnerabilities. It also has undocumented MySQL admin users.

tags | exploit, remote, vulnerability, xss, file upload
advisories | CVE-2012-2626, CVE-2012-2627, CVE-2012-3848, CVE-2012-3951
SHA-256 | 5bbd69706e38d6f70c41925cdab4681651c0862b6cc58df5c29389f62daf07d3
Movable Type Publishing Platform Cross Site Scripting
Posted Feb 24, 2012
Authored by Jonathan Claudius | Site trustwave.com

Movable Type Publishing Platform versions prior to 5.13, 5.07, and 4.38 are affected by a cross site scripting vulnerability. After extracting the Moveable Type CGI files and source files on to a web server, but before the application is fully installed, cross site scripting vulnerabilities are present in the '/cgi-bin/mt/mt-wizard.cgi' page.

tags | exploit, web, cgi, vulnerability, xss
advisories | CVE-2012-1262
SHA-256 | 8884fca39476f536426dc043e4acf681f4550bb0e135c0d0de6141a9f1920af3
WordPress 3.3.1 Code Execution / Cross Site Scripting
Posted Jan 25, 2012
Authored by Jonathan Claudius | Site trustwave.com

WordPress versions 3.3.1 and below suffer from MySQL username/password disclosure, PHP code execution and cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, code execution, xss
advisories | CVE-2011-4899, CVE-2012-0782, CVE-2011-4898
SHA-256 | 4b15d4cecda7778d09707a3eb8bde58199397e08729366b2d3568a83e098e9f7
Textpattern CMS 4.4.1 Cross Site Scripting
Posted Jan 4, 2012
Authored by Jonathan Claudius | Site trustwave.com

Textpattern CMS version 4.4.1 before change set 3612 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2011-5019
SHA-256 | caf423b9229fdd97872243c81b9025070f2924eb3658589f6e7bc52ca6f8921c
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close