Showing 1 - 4 of 4

Files from Enrico Cinquini

osTicket 1.9.12 XSS / File Upload / Access Bypass / Session Fixation: Posted Feb 6, 2016; Authored by Enrico Cinquini, Giovanni Cerrato; osTicket version 1.9.12 suffers from authentication bypass, session fixation, file upload, and cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss, bypass, file upload; SHA-256 | 4a19a2aa2c84b0fa5c0f2520b95e243cb8d22dc866f5c95fa4f4089635a66cbc; Download | Favorite | View

Collabtive 1.0 XSS / Shell Upload / Privilege Escalation: Posted Jul 22, 2013; Authored by Enrico Cinquini; Collabtive version 1.0 suffers from cross site scripting, remote shell upload, and arbitrary account deletion vulnerabilities.; tags | exploit, remote, arbitrary, shell, vulnerability, xss; SHA-256 | db6047545975993b9eb3318de2e4ffdb0ea6799f5df0acdd3e8af273d4493481; Download | Favorite | View

Elgg 1.8.8 Insecure Installation: Posted Nov 1, 2012; Authored by Danilo Massa, Enrico Cinquini; Elgg version 1.8.8 suffers from an insecure installation vulnerability.; tags | advisory; SHA-256 | 1e4bb604f2161f37a4acd42f8b02dc3f5b8876fc19bab006c1f3fd5af506bb3c; Download | Favorite | View

Liferay JSON Server API Authentication: Posted Aug 3, 2012; Authored by Danilo Massa, Enrico Cinquini; The Liferay JSON implementation does not check if a user calling a method on a serviceClass is disabled. Usually the default administrator user, test@liferay.com, is used to create a new administrator and disabled without a change to the default password, so it is possible to use it to execute JSON API calls. Versions 6.0.5 and 6.0.6 are vulnerable.; tags | exploit, bypass; SHA-256 | 840d89136b0bbd34dcc7fbaa674c8f425af2c5bab7ef9bb1fac81338af82ef39; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days