exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files from Jonathan Claudius

First Active2012-01-04
Last Active2013-09-17
Vino VNC Server 3.7.3 Denial Of Service
Posted Sep 17, 2013
Authored by Jonathan Claudius | Site trustwave.com

The Vino VNC server, which is also the default VNC server in Ubuntu (3.4.2-0ubuntu1.2), is vulnerable to a persistent denial of service vulnerability. The vulnerability is triggered when a VNC client, who claims to only support protocol version 3.3, sends malformed data during the authentication selection stage of the authentication process.

tags | exploit, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2013-5745
SHA-256 | 2a86c57ec668584e1c10178732acfc9a1b36983b15434b763d969877df0a7998
Cisco IKE Implementation Group Name Enumeration
Posted Apr 19, 2013
Authored by Jonathan Claudius | Site trustwave.com

Cisco ASA versions 8.4(2), 8.4(5), and 9.1(1) suffer from a group name enumeration vulnerability in their IKE implementation.

tags | exploit
systems | cisco
advisories | CVE-2013-1194
SHA-256 | 7a3a1b289b63638a076af1a5703754d8bf858f40ec5baec07c9f385998b4caad
Bitweaver 2.8.1 Cross Site Scripting / Local File Inclusion
Posted Oct 25, 2012
Authored by Jonathan Claudius, David Aaron | Site trustwave.com

Bitweaver version 2.8.1 suffers from local file inclusion and multiple cross site scripting vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2012-5192, CVE-2012-5193
SHA-256 | 47ea855b5b88d6c3266a6179cebd05aafa03ffcf5121153a984f4e7fad08a2bc
Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential
Posted Aug 8, 2012
Authored by sinn3r, Mario Ceballos, Jonathan Claudius, Tanya Secker | Site metasploit.com

This exploits an insecure config found in Scrutinizer NetFlow & sFlow Analyzer. By default, the software installs a default password in MySQL, and binds the service to "0.0.0.0". This allows any remote user to login to MySQL, and then gain arbitrary remote code execution under the context of 'SYSTEM'. Examples of default credentials include: 'scrutinizer:admin', and 'scrutremote:admin'.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2012-3951, OSVDB-84317
SHA-256 | 61e06a2fa99c7125dcd2af5faeafdcb8556b0880070d66206fa0180b420ee612
Scrutinizer NetFlow / sFlow Analyzer 9.0.1 XSS / Bypass / File Upload
Posted Jul 29, 2012
Authored by Mario Ceballos, Jonathan Claudius | Site trustwave.com

Scrutinizer NetFlow and sFlow Analyzer versions 9.0.1 and below suffer from bypass, cross site scripting, and remote file upload vulnerabilities. It also has undocumented MySQL admin users.

tags | exploit, remote, vulnerability, xss, file upload
advisories | CVE-2012-2626, CVE-2012-2627, CVE-2012-3848, CVE-2012-3951
SHA-256 | 5bbd69706e38d6f70c41925cdab4681651c0862b6cc58df5c29389f62daf07d3
Movable Type Publishing Platform Cross Site Scripting
Posted Feb 24, 2012
Authored by Jonathan Claudius | Site trustwave.com

Movable Type Publishing Platform versions prior to 5.13, 5.07, and 4.38 are affected by a cross site scripting vulnerability. After extracting the Moveable Type CGI files and source files on to a web server, but before the application is fully installed, cross site scripting vulnerabilities are present in the '/cgi-bin/mt/mt-wizard.cgi' page.

tags | exploit, web, cgi, vulnerability, xss
advisories | CVE-2012-1262
SHA-256 | 8884fca39476f536426dc043e4acf681f4550bb0e135c0d0de6141a9f1920af3
WordPress 3.3.1 Code Execution / Cross Site Scripting
Posted Jan 25, 2012
Authored by Jonathan Claudius | Site trustwave.com

WordPress versions 3.3.1 and below suffer from MySQL username/password disclosure, PHP code execution and cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, code execution, xss
advisories | CVE-2011-4899, CVE-2012-0782, CVE-2011-4898
SHA-256 | 4b15d4cecda7778d09707a3eb8bde58199397e08729366b2d3568a83e098e9f7
Textpattern CMS 4.4.1 Cross Site Scripting
Posted Jan 4, 2012
Authored by Jonathan Claudius | Site trustwave.com

Textpattern CMS version 4.4.1 before change set 3612 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2011-5019
SHA-256 | caf423b9229fdd97872243c81b9025070f2924eb3658589f6e7bc52ca6f8921c
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close