exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files from Joseph Sheridan

Email addressjoe at reactionis.com
First Active2012-05-31
Last Active2013-04-24
Hornbill Supportworks ITSM 1.0.0 SQL Injection
Posted Apr 24, 2013
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Hornbill Supportworks ITSM version 1.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-2594
SHA-256 | 2eeb3aa7245d5145d3ec988798da4951d75aef73c27a476bcea507ba736fbb89
Safend Data Protector 3.4.5586.9772 Privilege Escalation
Posted Nov 30, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Safend Data Protector suffers from multiple privilege escalation vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-4767, CVE-2012-4760, CVE-2012-4760, CVE-2012-4761, CVE-2012-4761
SHA-256 | 7fa4ab53d92dfd88c732eb79417967adbe52865b5df1b66c86b093a3abbc15b9
Forescout NAC 6.3.4.1 XSS / Redirection / Filter
Posted Nov 27, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Forescout NAC (Network Access Control) version 6.3.4.1 suffers from ICMP and ARP protocols not being filtered, cross site scripting, and cross site redirection vulnerabilities.

tags | exploit, vulnerability, protocol, xss
advisories | CVE-2012-4985, CVE-2012-4982, CVE-2012-4983
SHA-256 | 90ab742926bd9cb0fc57e37ec8e11486dca2cd8c598556ffb9050f73ff6d40b3
Realplayer Watchfolders Long Filepath Overflow
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Realplayer version 15.0.5.109 is vulnerable to a stack buffer overflow vulnerability in the 'Watch Folders' facility.

tags | advisory, overflow
advisories | CVE-2012-4987
SHA-256 | 4574d497f5b7de99ddcba37f9338d21972b688102da3b115f156e7604e82c00b
Layton Helpbox 4.4.0 Cross Site Scripting
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-4972
SHA-256 | 3827c1464b24bc29ab3e651ff29501dbfd6b5cd47b535b390f6cad47d2082994
Layton Helpbox 4.4.0 Login Bypass
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 suffers from login bypass vulnerabilities due to improper cookie design.

tags | exploit, vulnerability, bypass
advisories | CVE-2012-4974
SHA-256 | 16ee66d4cbd6d224b10fa5f95bc298defb75ded84f60334c0975efd6f7d244e2
Layton Helpbox 4.4.0 Stored Cross Site Scripting
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 suffers from embedded cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2012-4972
SHA-256 | 84e000e3e44575e7d56f64a765baeb3ba0680194d10cef458af3c321b7470c55
Layton Helpbox 4.4.0 Password Disclosure
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 discloses login and password information for the database in an error page.

tags | exploit, info disclosure
advisories | CVE-2012-4976
SHA-256 | ffb1e252d827f52f414c14552b658fe20322ca6da03f2bccb5d2f3d6fa1aa597
Layton Helpbox 4.4.0 Unencrypted Login
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 fails to use encrypted transport for logging users into the system.

tags | advisory
advisories | CVE-2012-4977
SHA-256 | 65c129f2aa3caef6fbe2d3cbf9480e7a26059454a9f06e7eb3c1a9a695199165
Layton Helpbox 4.4.0 Authorization Bypass
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 suffers from an authorization bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2012-4975
SHA-256 | 8d734fa89fe9433ad116e55adc6c356d0f247f3c345dfda0b0958a1e8896b8d4
Layton Helpbox 4.4.0 SQL Injection
Posted Oct 26, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Layton Helpbox version 4.4.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2012-4971
SHA-256 | 6c5cc1580cd23e491855f8f601ab13345165ca92e85aa068fc7ba33c894be7fc
XnView JLS File Decompression Heap Overflow
Posted Oct 3, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

XnView versions 1.99 and 1.99.1 suffers from a heap-based buffer overflow vulnerability. Proof of concept JLS file included.

tags | exploit, overflow, proof of concept
systems | linux
advisories | CVE-2012-4988
SHA-256 | 12f75e008d1e820f5810b663abe9e6f03819746e68bc912e53351dc21ea9a32f
Toshiba ConfigFree CF7 File Remote Command Execution
Posted Sep 22, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a command execution vulnerability in the Toshiba ConfigFree CF7 file format used on Toshiba laptops to import and export network configurations. An attacker could execute arbitrary commands with the privileges of the current logged-in user by enticing a Toshiba laptop user to download and execute a crafted CF7 file.

tags | advisory, arbitrary
advisories | CVE-2012-4981
SHA-256 | 1a28addbea1119b8595d7ce90329399c3a421d1b2c932af1c19cb5566dc660f6
Toshiba ConfigFree CF7 ProfileName Overflow
Posted Sep 22, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a stack buffer overflow vulnerability in the Toshiba ConfigFree CF7 file format used on Toshiba laptops. An attacker could execute arbitrary code by enticing a Toshiba laptop user to download and execute a malicious CF7 file if they manipulate the ProfileName.

tags | advisory, overflow, arbitrary
advisories | CVE-2012-4980
SHA-256 | 05232d34ddffe76d5100c661203316977746d8be7a62f96774f60c7a08b9cade
Toshiba ConfigFree CF7 Comment Field Overflow
Posted Sep 22, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a stack buffer overflow vulnerability in the Toshiba ConfigFree CF7 file format used on Toshiba laptops. An attacker could execute arbitrary code by enticing a Toshiba laptop user to download and execute a malicious CF7 file.

tags | advisory, overflow, arbitrary
advisories | CVE-2012-4980
SHA-256 | dc729d72f0909efd4007c17c952629e8a732811f980783d117f4597ca4769c47
Microcart 1.0 Cross Site Scripting
Posted Sep 20, 2012
Authored by Joseph Sheridan, Chris Cooper | Site reactionpenetrationtesting.co.uk

The administrative directory of Microcart version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-4241
SHA-256 | b822f2ee3606abdec8e3d8c1169fd994859e77baee7e7c7873b395f74a283d68
Microcart 1.0 Checkout Cross Site Scripting
Posted Sep 20, 2012
Authored by Joseph Sheridan, Chris Cooper | Site reactionpenetrationtesting.co.uk

Microcart version 1.0 Checkout suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2012-4241
SHA-256 | 10e01b1c87c017a984b968431a262fdf7f0d5932bc6408833c10e6cd532d4310
WordPress MF Gig Calendar 0.9.2 Cross Site Scripting
Posted Sep 20, 2012
Authored by Joseph Sheridan, Chris Cooper | Site reactionpenetrationtesting.co.uk

WordPress MF Gig Calendar plugin version 0.9.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-4242
SHA-256 | c0e1143e484b74d6ece34e62ebffd227079faf6c38d75dd73c87dd12b2bf6c21
Wordpress Download Monitor 3.3.5.7 Cross Site Scripting
Posted Sep 11, 2012
Authored by Joseph Sheridan, Chris Cooper | Site reactionpenetrationtesting.co.uk

Wordpress Download Monitor version 3.3.5.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-4768
SHA-256 | 62a3d6dc277efb88b7649f9126607e4ef62d62c1c19ec0fb2fabddcef3b89547
Group-Office Calendar 4.0.88 SQL Injection
Posted Sep 3, 2012
Authored by Joseph Sheridan, Chris Cooper | Site reactionpenetrationtesting.co.uk

Group-Office Calendar versions 4.0.71, 4.0.73, and 4.0.88 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2012-4240
SHA-256 | 75efd32a5429a359441d4ca694173d09e02c6484a233c5fcf825d4647f3814dc
Group-Office Cleartext Credentials Stored In Cookies
Posted Aug 14, 2012
Authored by Joseph Sheridan, Chris Cooper | Site reactionpenetrationtesting.co.uk

Group-Office version 4.0.71 stores credentials in the clear in cookies.

tags | advisory, info disclosure
advisories | CVE-2012-4239
SHA-256 | 63d144d75532557bd4e2c7319685e0f502852e50757da183cc38c9429081c7c9
GIMP 2.8.0 Denial Of Service
Posted Jun 29, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a file handling denial of service in GIMP (the GNU Image Manipulation Program) for the 'fit' file format affecting all versions (Windows and Linux) up to 2.8.0. A file in the fit format with a malformed 'XTENSION' header will cause a crash in the GIMP program. The flaw is triggered by opening a crafted 'fit' file or allowing the file explorer dialog to preview the file. Proof of concept included.

tags | exploit, denial of service, proof of concept
systems | linux, windows
advisories | CVE-2012-3236
SHA-256 | 0341418c409c2905c278b5539d3f0236be8f96cdfce5f9140782b205443ab209
Irfanview Plugins 4.33 Overflow
Posted Jun 29, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

IrfanView Formats PlugIn is prone to an overflow condition. The JLS Plugin (jpeg_ls.dll) library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a context-dependent attacker could potentially execute arbitrary code. Proof of concept included. Irfanview Plugins version 4.33 is affected.

tags | exploit, overflow, arbitrary, proof of concept
systems | linux
advisories | CVE-2012-3585
SHA-256 | cd8bb7da17eb6fd5c44d2f4ceac57a18c44aca435eea690d9247652a97f176d8
GIMP script-fu Server Buffer Overflow
Posted Jun 2, 2012
Authored by juan vazquez, Joseph Sheridan | Site metasploit.com

This Metasploit module exploits a buffer overflow in the script-fu server component on GIMP <= 2.6.12. By sending a specially crafted packet, an attacker may be able to achieve remote code execution under the context of the user. This Metasploit module has been tested on GIMP for Windows from installers provided by Jernej Simoncic.

tags | exploit, remote, overflow, code execution
systems | windows
advisories | CVE-2012-2763, OSVDB-82429
SHA-256 | 639458a065dfbd4eece13f18e4a4a8606ca0ea7c1392c33c55adb20317d1bdad
GIMP 2.6 script-fu Buffer Overflow
Posted May 31, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a buffer overflow in the script-fu server component of GIMP (the GNU Image Manipulation Program) in all 2.6 versions (Windows and Linux versions) affecting both the script-fu console and the script-fu network server. A crafted msg to the script-fu server overflows a buffer and overwrites several function pointers allowing the attacker to gain control of EIP and potentially execute arbitrary code. Proof of concept code included.

tags | exploit, overflow, arbitrary, proof of concept
systems | linux, windows
advisories | CVE-2012-2763
SHA-256 | 3314be7d12f71ac43757fa38c7b5d582d33d0a31d034dd7a8a87b9037b9edecb
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close