Exploit the possiblities
Showing 1 - 18 of 18 RSS Feed

Files from Filippo Cavallarin

Email addressfilippo.cavallarin at codseq.it
First Active2012-01-30
Last Active2017-11-03
Tor Browser 7.0.8 IP Address Leak
Posted Nov 3, 2017
Authored by Filippo Cavallarin

TorBrowser versions 7.0.8 and below for Mac OS X and Linux are affected by a critical security issue. According to the Tor Project, further details will be released in the near future. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted web page, the operating system may directly connect to the remote host, bypassing Tor Browser.

tags | advisory, remote, web
systems | linux, apple, osx
MD5 | bdaa06ecaa680697e010dd8fc2955491
Mac OS X Local Javascript Quarantine Bypass
Posted Sep 30, 2017
Authored by Filippo Cavallarin

Mac OS X contains a vulnerability that allows the bypass of the Apple Quarantine and the execution of arbitrary Javascript code without restrictions.

tags | exploit, arbitrary, javascript
systems | apple, osx
MD5 | 7f3e94a8e7dafebd1c8b7b6ad3c50ead
Squirrelmail 1.4.22 Remote Code Execution
Posted Apr 19, 2017
Authored by Filippo Cavallarin

Squirrelmail versions 1.4.22 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-7692
MD5 | 800720d25684ef211bcc844e0901eb71
Microsoft Remote Desktop Client For Mac 8.0.36 Remote Code Execution
Posted Jan 23, 2017
Authored by Filippo Cavallarin

Microsoft Remote Desktop Client for Mac version 8.0.36 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | e91bbb1783caba77f5771c4e79a5192f
Microsoft Remote Desktop Client For Mac 8.0.36 Remote Code Execution
Posted Dec 8, 2016
Authored by Filippo Cavallarin

Microsoft Remote Desktop Client for Mac version 8.0.36 suffers from a remote code execution vulnerability.

tags | advisory, remote, code execution
MD5 | 336d81c17a6a5985da59e4a0d204dc5d
Htcap Analysis Tool 1.0.1
Posted Aug 26, 2016
Authored by Filippo Cavallarin

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

Changes: This release is focused on stability, bugfixes, and minor improvements.
tags | tool, web, javascript, sniffer, python
MD5 | a4f577e9f89d71d5f6c3d79d81ba29d4
Apple Safari 9.1.1 Local XXE Injection
Posted Jul 5, 2016
Authored by Filippo Cavallarin

Apple Safari version 9.1.1 for Mac OS X suffers from a local XXE vulnerability when processing specially crafted SVG images. This does not work with downloaded files.

tags | exploit, local
systems | apple, osx
MD5 | eca7235592ede1e4ce40d0d71bcb9cb9
Htcap Analysis Tool Beta 1.0
Posted Feb 26, 2016
Authored by Filippo Cavallarin

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

Changes: Major code rewrite and many features were added.
tags | tool, web, javascript, sniffer, python
MD5 | 09bdd3514bd444e411a87140b8bd28c2
Symphony CMS 2.6.5 SQL Injection / File Upload
Posted Feb 9, 2016
Authored by Filippo Cavallarin

Symphony CMS version 2.6.5 suffers from remote file upload and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file upload
MD5 | 5ba5376c7ffba97a3910b4d7ac900c7a
ProjectSend r582 Bypass / SQL Injection / File Read
Posted Jan 29, 2016
Authored by Filippo Cavallarin

ProjetSend version r582 suffers from authentication bypass, remote SQL injection, insecure direct object reference, and directory traversal / arbitrary file read vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection
MD5 | 8a8ca63e1ef564c23c17f2ea23ca1e65
Htcap Analysis Tool Alpha 0.1
Posted Jun 26, 2015
Authored by Filippo Cavallarin

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

tags | tool, web, javascript, sniffer, python
MD5 | 16b53ba407c04e4843e48ce107b43931
Lychee 2.7.1 Remote Code Execution
Posted Apr 19, 2015
Authored by Filippo Cavallarin

Lychee version 2.7.1 suffers from a remote code execution vulnerability when logged in as an administrator.

tags | exploit, remote, code execution
MD5 | ffeb76aee22dd08c5004ddb2e4550767
DokuWiki 2014-09-29c Cross Site Scripting
Posted Mar 23, 2015
Authored by Filippo Cavallarin

DokuWiki version 2014-09-29c suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | d3db16619a5fcb55c0958d6ed9403730
LogAnalyzer 3.4.2 Cross Site Scripting / SQL Injection / File Read
Posted May 25, 2012
Authored by Filippo Cavallarin

LogAnalyzer version 3.4.2 suffers from cross site scripting, arbitrary file reading, and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, xss, sql injection
MD5 | 2427d2cf98e92db38be0f21c58da1065
OSClass 2.3.5 Directory Traversal
Posted Mar 8, 2012
Authored by Filippo Cavallarin

OSClass versions 2.3.5 and below suffer from a directory traversal vulnerability.

tags | exploit
MD5 | f829273ebc8e11ba1061dadaf7374284
OSClass 2.3.4 XSS / RFI / SQL Injection
Posted Jan 30, 2012
Authored by Filippo Cavallarin

OSClass version 2.3.4 suffers from cross site scripting, remote file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, file inclusion
MD5 | a12abb24c0bcbb63744f41b14614b5bb
Postfixadmin 2.3.4 SQL Injection / Cross Site Scripting
Posted Jan 30, 2012
Authored by Filippo Cavallarin

Postfixadmin version 2.3. 4 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | dd4d0622a04f9e835b76a657cce1e426
Mibew Messenger 1.6.4 Cross Site Scripting
Posted Jan 30, 2012
Authored by Filippo Cavallarin

Mibew Messenger version 1.6.4 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | f32c2798bd75a6a10e425d0591bc87c3
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close