exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files from Filippo Cavallarin

Email addressfilippo.cavallarin at codseq.it
First Active2012-01-30
Last Active2019-05-27
MacOS X 10.14.5 Gatekeeper Bypass
Posted May 27, 2019
Authored by Filippo Cavallarin

MacOS X versions 10.14.5 and below suffer from a Gatekeeper bypass vulnerability.

tags | exploit, bypass
SHA-256 | 76e6187e250514c50b8fb1fa0a230303592e3a59928db823711053d46ba942c4
Htcap Analysis Tool 1.1.0
Posted Nov 28, 2018
Authored by Filippo Cavallarin

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

Changes: In this release phantomjs has been replaced by headless chrome (nodejs + puppetter) and the crawl engine has been partially rewritten to take advantage of async/await features available in chrome.
tags | tool, web, javascript, sniffer, python
SHA-256 | dd46625edf20ec566996b733efec4fa6ab1a394f429074cafd338ed82f2fc1bc
Tor Browser SMB Deanonymization / Information Disclosure
Posted Sep 13, 2018
Authored by Filippo Cavallarin

Tor Browser versions prior to 8.0 are affected by an information disclosure vulnerability that allows remote attackers to bypass the intended anonymity feature and discover a client IP address. The vulnerability affects Windows users only and needs user interaction to be exploited.

tags | exploit, remote, info disclosure
systems | windows
advisories | CVE-2017-16639
SHA-256 | 5b1b6551f82ae1b8033ae157a5420a8e86e2df791a77602af401e147b60ad490
Tor Browser 7.0.8 Information Disclosure
Posted Sep 11, 2018
Authored by Filippo Cavallarin

This write up holds the details for the Tor Browser information disclosure vulnerability as discussed in CVE-2017-16541. Version 7.0.8 is affected.

tags | exploit, info disclosure
advisories | CVE-2017-16541
SHA-256 | 4ed16754b37c2476bf294cfab2a1eb58af360139efcb739037c86ca15edba311
Tor Browser 7.0.8 IP Address Leak
Posted Nov 3, 2017
Authored by Filippo Cavallarin

TorBrowser versions 7.0.8 and below for Mac OS X and Linux are affected by a critical security issue. According to the Tor Project, further details will be released in the near future. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted web page, the operating system may directly connect to the remote host, bypassing Tor Browser.

tags | advisory, remote, web
systems | linux, apple, osx
SHA-256 | 98ad8fa1e2be0c10bbbb3b46fcb9cb4ff3e65dec0ce7c05e95e2dbb0691343c0
Mac OS X Local Javascript Quarantine Bypass
Posted Sep 30, 2017
Authored by Filippo Cavallarin

Mac OS X contains a vulnerability that allows the bypass of the Apple Quarantine and the execution of arbitrary Javascript code without restrictions.

tags | exploit, arbitrary, javascript
systems | apple, osx
SHA-256 | 6ba7f803571a1ce302e1c82265074d0e1c3c73afe49c7062b6c3dd10b41beb23
Squirrelmail 1.4.22 Remote Code Execution
Posted Apr 19, 2017
Authored by Filippo Cavallarin

Squirrelmail versions 1.4.22 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-7692
SHA-256 | 4b0dc2d246cc3a9756582983ff8531774c490e3ea2b7ddb569f8e43f1a06c2dc
Microsoft Remote Desktop Client For Mac 8.0.36 Remote Code Execution
Posted Jan 23, 2017
Authored by Filippo Cavallarin

Microsoft Remote Desktop Client for Mac version 8.0.36 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 30fa33e5e481a63662a6fceba59229cee595229bc593a817856790f2cd97de46
Microsoft Remote Desktop Client For Mac 8.0.36 Remote Code Execution
Posted Dec 8, 2016
Authored by Filippo Cavallarin

Microsoft Remote Desktop Client for Mac version 8.0.36 suffers from a remote code execution vulnerability.

tags | advisory, remote, code execution
SHA-256 | 83a2396f296801ed2a08e72a969bd88fa43d32d0b7e159e0cbba6bf14421588f
Htcap Analysis Tool 1.0.1
Posted Aug 26, 2016
Authored by Filippo Cavallarin

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

Changes: This release is focused on stability, bugfixes, and minor improvements.
tags | tool, web, javascript, sniffer, python
SHA-256 | 361c1123ace8457b032976f9819e01dfb15f1be1dc563f1039b2e802472f702e
Apple Safari 9.1.1 Local XXE Injection
Posted Jul 5, 2016
Authored by Filippo Cavallarin

Apple Safari version 9.1.1 for Mac OS X suffers from a local XXE vulnerability when processing specially crafted SVG images. This does not work with downloaded files.

tags | exploit, local, xxe
systems | apple, osx
SHA-256 | 23bbd32f77e1c03ed726b6f44b84ac17454893681f3844f34b64aef3707c3454
Htcap Analysis Tool Beta 1.0
Posted Feb 26, 2016
Authored by Filippo Cavallarin

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

Changes: Major code rewrite and many features were added.
tags | tool, web, javascript, sniffer, python
SHA-256 | e1b46b0ad4d6efc49d1a685645e3212963cbee25ea12b9f3f64dee6c50699a17
Symphony CMS 2.6.5 SQL Injection / File Upload
Posted Feb 9, 2016
Authored by Filippo Cavallarin

Symphony CMS version 2.6.5 suffers from remote file upload and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file upload
SHA-256 | 182e43c5d3adf7e410132674a83b11cf6a05e7ae6b18339b186b4265dc9b7e84
ProjectSend r582 Bypass / SQL Injection / File Read
Posted Jan 29, 2016
Authored by Filippo Cavallarin

ProjetSend version r582 suffers from authentication bypass, remote SQL injection, insecure direct object reference, and directory traversal / arbitrary file read vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection
SHA-256 | 30a7ef29c39349514e61a5f8a115ccf83f446d7245c39cf98e1cee88497c7dbe
Htcap Analysis Tool Alpha 0.1
Posted Jun 26, 2015
Authored by Filippo Cavallarin

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

tags | tool, web, javascript, sniffer, python
SHA-256 | 981291a5ddf50d934fe6635ef8364804c1736f0f3495311f538a582c06e131fd
Lychee 2.7.1 Remote Code Execution
Posted Apr 19, 2015
Authored by Filippo Cavallarin

Lychee version 2.7.1 suffers from a remote code execution vulnerability when logged in as an administrator.

tags | exploit, remote, code execution
SHA-256 | 838f6b6bb47ee54cd93284f806f636dbf53c9df7899e9dd5db885f98f9535dc9
DokuWiki 2014-09-29c Cross Site Scripting
Posted Mar 23, 2015
Authored by Filippo Cavallarin

DokuWiki version 2014-09-29c suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f3904c4b7095c2906f919c23af7958dffe8a653152cf6e88441674e356365afd
LogAnalyzer 3.4.2 Cross Site Scripting / SQL Injection / File Read
Posted May 25, 2012
Authored by Filippo Cavallarin

LogAnalyzer version 3.4.2 suffers from cross site scripting, arbitrary file reading, and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, xss, sql injection
SHA-256 | 20e0cd6da8ae12e950d981ee3947ff25853bdc8fedef7053293f570dfee099d1
OSClass 2.3.5 Directory Traversal
Posted Mar 8, 2012
Authored by Filippo Cavallarin

OSClass versions 2.3.5 and below suffer from a directory traversal vulnerability.

tags | exploit
SHA-256 | c4411548e16d40545b80301b74d258f57c4662d3f5f44fbff9ee7d0e877247f6
OSClass 2.3.4 XSS / RFI / SQL Injection
Posted Jan 30, 2012
Authored by Filippo Cavallarin

OSClass version 2.3.4 suffers from cross site scripting, remote file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, file inclusion
SHA-256 | 6961ecec1291ed82c08ed138f70b351bb7b06cabde1aec1d2b62eb96c14593fb
Postfixadmin 2.3.4 SQL Injection / Cross Site Scripting
Posted Jan 30, 2012
Authored by Filippo Cavallarin

Postfixadmin version 2.3. 4 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 792946daa68d21da19823d935d226aff83199c4a69cc33fe6dfa3dcbd4a11618
Mibew Messenger 1.6.4 Cross Site Scripting
Posted Jan 30, 2012
Authored by Filippo Cavallarin

Mibew Messenger version 1.6.4 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 70ca4b16e1bd521b1858f4631f536db54e0cb770544aff6b395c926a0f05eef9
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close