what you don't know can hurt you
Showing 1 - 25 of 25 RSS Feed

Files from Joseph Sheridan

Email addressjoe at reactionis.com
First Active2012-05-31
Last Active2013-04-24
Hornbill Supportworks ITSM 1.0.0 SQL Injection
Posted Apr 24, 2013
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Hornbill Supportworks ITSM version 1.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-2594
MD5 | a862138ccbce4d3ba11cb7a6b524031b
Safend Data Protector 3.4.5586.9772 Privilege Escalation
Posted Nov 30, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Safend Data Protector suffers from multiple privilege escalation vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-4767, CVE-2012-4760, CVE-2012-4760, CVE-2012-4761, CVE-2012-4761
MD5 | 358e671a42d55ceea1aee1012ae2ec19
Forescout NAC 6.3.4.1 XSS / Redirection / Filter
Posted Nov 27, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Forescout NAC (Network Access Control) version 6.3.4.1 suffers from ICMP and ARP protocols not being filtered, cross site scripting, and cross site redirection vulnerabilities.

tags | exploit, vulnerability, protocol, xss
advisories | CVE-2012-4985, CVE-2012-4982, CVE-2012-4983
MD5 | 5e12789fcc5d643bf5df306f1d2fc3cc
Realplayer Watchfolders Long Filepath Overflow
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Realplayer version 15.0.5.109 is vulnerable to a stack buffer overflow vulnerability in the 'Watch Folders' facility.

tags | advisory, overflow
advisories | CVE-2012-4987
MD5 | f54a766630fec37edb9ac3cfe7a96c85
Layton Helpbox 4.4.0 Cross Site Scripting
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-4972
MD5 | dcb178f8685b235088ba3940461bd023
Layton Helpbox 4.4.0 Login Bypass
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 suffers from login bypass vulnerabilities due to improper cookie design.

tags | exploit, vulnerability, bypass
advisories | CVE-2012-4974
MD5 | 62351dcf94aed86c0ca2988927a042ff
Layton Helpbox 4.4.0 Stored Cross Site Scripting
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 suffers from embedded cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2012-4972
MD5 | 292e1fd793f8b032cff4d6d00f65cc14
Layton Helpbox 4.4.0 Password Disclosure
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 discloses login and password information for the database in an error page.

tags | exploit, info disclosure
advisories | CVE-2012-4976
MD5 | fe40553df877e1c38a5279ddee606734
Layton Helpbox 4.4.0 Unencrypted Login
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 fails to use encrypted transport for logging users into the system.

tags | advisory
advisories | CVE-2012-4977
MD5 | 3938314b9334a2fe989d236b849a7e13
Layton Helpbox 4.4.0 Authorization Bypass
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 suffers from an authorization bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2012-4975
MD5 | 912065984a59f52261b0a3f61169e58e
Layton Helpbox 4.4.0 SQL Injection
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2012-4971
MD5 | 3b7323ab7bab2855064588530d7fd88f
XnView JLS File Decompression Heap Overflow
Posted Oct 3, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

XnView versions 1.99 and 1.99.1 suffers from a heap-based buffer overflow vulnerability. Proof of concept JLS file included.

tags | exploit, overflow, proof of concept
systems | linux
advisories | CVE-2012-4988
MD5 | 5ccedbd692c6872fca8cb9bf45cb5f43
Toshiba ConfigFree CF7 File Remote Command Execution
Posted Sep 22, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a command execution vulnerability in the Toshiba ConfigFree CF7 file format used on Toshiba laptops to import and export network configurations. An attacker could execute arbitrary commands with the privileges of the current logged-in user by enticing a Toshiba laptop user to download and execute a crafted CF7 file.

tags | advisory, arbitrary
advisories | CVE-2012-4981
MD5 | cd32f5f37f2c2bb1d0332d80e401825f
Toshiba ConfigFree CF7 ProfileName Overflow
Posted Sep 22, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a stack buffer overflow vulnerability in the Toshiba ConfigFree CF7 file format used on Toshiba laptops. An attacker could execute arbitrary code by enticing a Toshiba laptop user to download and execute a malicious CF7 file if they manipulate the ProfileName.

tags | advisory, overflow, arbitrary
advisories | CVE-2012-4980
MD5 | 820f5132e1bdda5c557f310f9f84aa4c
Toshiba ConfigFree CF7 Comment Field Overflow
Posted Sep 22, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a stack buffer overflow vulnerability in the Toshiba ConfigFree CF7 file format used on Toshiba laptops. An attacker could execute arbitrary code by enticing a Toshiba laptop user to download and execute a malicious CF7 file.

tags | advisory, overflow, arbitrary
advisories | CVE-2012-4980
MD5 | 4533c50bec391ccf40667cd94c4401e8
Microcart 1.0 Cross Site Scripting
Posted Sep 20, 2012
Authored by Joseph Sheridan, Chris Cooper | Site reactionpenetrationtesting.co.uk

The administrative directory of Microcart version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-4241
MD5 | 50ea13302ced90d4959e0bf7d54843b0
Microcart 1.0 Checkout Cross Site Scripting
Posted Sep 20, 2012
Authored by Joseph Sheridan, Chris Cooper | Site reactionpenetrationtesting.co.uk

Microcart version 1.0 Checkout suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2012-4241
MD5 | 148e5a7af66b955b6628ca08a2f63db4
WordPress MF Gig Calendar 0.9.2 Cross Site Scripting
Posted Sep 20, 2012
Authored by Joseph Sheridan, Chris Cooper | Site reactionpenetrationtesting.co.uk

WordPress MF Gig Calendar plugin version 0.9.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-4242
MD5 | c5758507555dea12ca344ff7c343c14d
Wordpress Download Monitor 3.3.5.7 Cross Site Scripting
Posted Sep 11, 2012
Authored by Joseph Sheridan, Chris Cooper | Site reactionpenetrationtesting.co.uk

Wordpress Download Monitor version 3.3.5.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-4768
MD5 | 381069a0235084cbf6fab5f998f327fc
Group-Office Calendar 4.0.88 SQL Injection
Posted Sep 3, 2012
Authored by Joseph Sheridan, Chris Cooper | Site reactionpenetrationtesting.co.uk

Group-Office Calendar versions 4.0.71, 4.0.73, and 4.0.88 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2012-4240
MD5 | 9349921db1953055478dd1303c6a2658
Group-Office Cleartext Credentials Stored In Cookies
Posted Aug 14, 2012
Authored by Joseph Sheridan, Chris Cooper | Site reactionpenetrationtesting.co.uk

Group-Office version 4.0.71 stores credentials in the clear in cookies.

tags | advisory, info disclosure
advisories | CVE-2012-4239
MD5 | b6ef4e6a04a55a8b1b1ad5114d7a61c2
GIMP 2.8.0 Denial Of Service
Posted Jun 29, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a file handling denial of service in GIMP (the GNU Image Manipulation Program) for the 'fit' file format affecting all versions (Windows and Linux) up to 2.8.0. A file in the fit format with a malformed 'XTENSION' header will cause a crash in the GIMP program. The flaw is triggered by opening a crafted 'fit' file or allowing the file explorer dialog to preview the file. Proof of concept included.

tags | exploit, denial of service, proof of concept
systems | linux, windows
advisories | CVE-2012-3236
MD5 | 9010e4009599ecb23e4c8ad1ffbd2957
Irfanview Plugins 4.33 Overflow
Posted Jun 29, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

IrfanView Formats PlugIn is prone to an overflow condition. The JLS Plugin (jpeg_ls.dll) library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a context-dependent attacker could potentially execute arbitrary code. Proof of concept included. Irfanview Plugins version 4.33 is affected.

tags | exploit, overflow, arbitrary, proof of concept
systems | linux
advisories | CVE-2012-3585
MD5 | 19e2303aec22265a732c54a7f34abcc2
GIMP script-fu Server Buffer Overflow
Posted Jun 2, 2012
Authored by juan vazquez, Joseph Sheridan | Site metasploit.com

This Metasploit module exploits a buffer overflow in the script-fu server component on GIMP <= 2.6.12. By sending a specially crafted packet, an attacker may be able to achieve remote code execution under the context of the user. This Metasploit module has been tested on GIMP for Windows from installers provided by Jernej Simoncic.

tags | exploit, remote, overflow, code execution
systems | windows
advisories | CVE-2012-2763, OSVDB-82429
MD5 | 7cd7544609dd6aa91e4bd509c3afaf85
GIMP 2.6 script-fu Buffer Overflow
Posted May 31, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a buffer overflow in the script-fu server component of GIMP (the GNU Image Manipulation Program) in all 2.6 versions (Windows and Linux versions) affecting both the script-fu console and the script-fu network server. A crafted msg to the script-fu server overflows a buffer and overwrites several function pointers allowing the attacker to gain control of EIP and potentially execute arbitrary code. Proof of concept code included.

tags | exploit, overflow, arbitrary, proof of concept
systems | linux, windows
advisories | CVE-2012-2763
MD5 | 077ecb06351110ff77d49757a2a02531
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    2 Files
  • 23
    Oct 23rd
    10 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close