what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files from Shai rod

First Active2012-08-17
Last Active2022-12-23
OpenTSDB 2.4.0 Command Injection
Posted Dec 23, 2022
Authored by Shai rod, Erik Wynter | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 (CVE-2020-35476) in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.0 or lower, the module performs additional checks to obtain the configured metrics and aggregators. It then randomly selects one metric and one aggregator and uses those to instruct the target server to plot a graph. As part of this request, the yrange parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully tested against OpenTSDB version 2.3.0.

tags | exploit, remote, root, code execution
advisories | CVE-2020-35476
SHA-256 | 7183104f20371379d7bbd3538dcce42a94117e14b0bb74805ced99f7bd85603f
Wiki Web Help 0.3.9 Cross Site Scripting
Posted Aug 28, 2012
Authored by Shai rod

Wiki Web Help version 0.3.9 suffers from a stored cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | e68fce127757a39e865dc1d2314d2b2291059f24abc8dca32bd3b811ac595f4e
XWiki 4.2-milestone-2 Cross Site Scripting
Posted Aug 28, 2012
Authored by Shai rod

XWiki version 4.2-milestone-2 suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c25959b05ad0c3c4ffa247f3a057eebafca9fa9ae6be574d7c1032d7c874d265
BusinessWiki 2.5 RC3 XSS / File Upload
Posted Aug 24, 2012
Authored by Shai rod

BusinessWiki version 2.5 RC3 suffers from stored cross site scripting and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
SHA-256 | 3725bb68e77ae2e7617725d831f798e0e1658ef7fa444cc6f69d669edf4238cd
LetoDMS 3.3.6 Cross Site Request Forgery / Cross Site Scripting
Posted Aug 23, 2012
Authored by Shai rod

LetoDMS version 3.3.6 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | cc686fb290023aab67729a888697ad6f9f571447f91ee8c435efc2afc092c18c
XODA 0.4.5 Arbitrary PHP File Upload
Posted Aug 23, 2012
Authored by juan vazquez, Shai rod | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in XODA 0.4.5. Attackers can abuse the "upload" command in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution. The module has been tested successfully on XODA 0.4.5 and Ubuntu 10.04.

tags | exploit, arbitrary, php, code execution, file upload
systems | linux, ubuntu
SHA-256 | 4946a84183062b1d9abffb6b439d5931f024409a5402b78aa7244159e2a59c5b
OpenDocMan 1.2.6.1 Cross Site Request Forgery
Posted Aug 22, 2012
Authored by Shai rod

OpenDocMan version 1.2.6.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 4517da3cfba89fe1336b3b7a7ed87a979770c9d980737cf914add115f588b397
XODA Document Management System 0.4.5 XSS / Shell Upload
Posted Aug 22, 2012
Authored by Shai rod

XODA Document Management System version 0.4.5 suffers from cross site scripting and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss
SHA-256 | 9eddc44c334a05db869e4aa52c5baa45e22307853cc1e881f9d5952c9471991d
GWebmail 0.7.3 XSS / LFI / Command Execution
Posted Aug 18, 2012
Authored by Shai rod

GWebmail version 0.7.3 suffers from cross site scripting and local file inclusion vulnerabilities. The local file inclusion vulnerability can lead to code execution.

tags | exploit, local, vulnerability, code execution, xss, file inclusion
SHA-256 | 8e295acd93b990831af2c346b6cfda11d37e6c13e0529a902ae15177b38b8646
Hupa Webmail 0.0.2 Cross Site Scripting
Posted Aug 18, 2012
Authored by Shai rod

Hupa Webmail version 0.0.2 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b2d8e8baa0477f3ccf906cd01d359b0b1523e78bacdf85aa16f08a39337a9a87
Hivemail Webmail 1.41F Build 103 Cross Site Scripting
Posted Aug 18, 2012
Authored by Shai rod

Hivemail Webmail version 1.41F Build 103 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | eb95ec4181e9ca1b97c0f5ba9d1860bd1bcdd90beeb3838a6000d6ba38904914
Uebimiau Webmail 2.7.2 Cross Site Scripting
Posted Aug 18, 2012
Authored by Shai rod

Uebimiau Webmail version 2.7.2 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2c434409adcbc630ee48e54434f8b2e8b729fe6e1cc6a3a840e0de3754b97a07
Hastymail2 Webmail 1.1 RC2 Cross Site Scripting
Posted Aug 17, 2012
Authored by Shai rod

Hastymail2 Webmail version 1.1 RC2 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e5603aa49a000259245c4d8c25c238c4b532a5ced67a9626f40e89c41de66dc6
T-dah Webmail 3.2.0 Cross Site Scripting
Posted Aug 17, 2012
Authored by Shai rod

T-dah Webmail version 3.2.0 suffers from stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | f849cce7db945350fcf31a0846493b9158d0a5016e1c297b052c01017c41218b
Roundcube Webmail 0.8.0 Cross Site Scripting
Posted Aug 17, 2012
Authored by Shai rod

Roundcube Webmail version 0.8.0 suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 6dfa0a7ef6c176b11b524cca79272af01deb78987c2cd19c827f958047b30f1e
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close