what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files from Paulos Yibelo

Email addressprivate
First Active2014-09-15
Last Active2023-11-13
View User Profile
WordPress WP Rocket 2.10.3 Local File Inclusion
Posted Nov 13, 2023
Authored by Paulos Yibelo, E1.Coders

This is a script that checks the WordPress WP Rocket plugin to see if it is a version vulnerable to local file inclusion.

tags | advisory, local, file inclusion
SHA-256 | c3229af0a58a90826c202f67b9967c50d32d7265ad9cc923c136a59dbeebe883
PHP Melody 2.7.3 Cross Site Scripting / SQL Injection
Posted Oct 12, 2017
Authored by Paulos Yibelo

PHP Melody version 2.7.3 suffers from cross site scripting and SQL injection vulnerabilities.

tags | exploit, php, vulnerability, xss, sql injection
SHA-256 | 5614049b822636ce667292c3cab2231cc4225e1397f912386bf5a79eb8d44faa
eFront 3.6.15 Code Execution
Posted Nov 5, 2016
Authored by Paulos Yibelo

eFront version 3.6.15 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | c6e64f257f167f7852a80672b6b5fc8b3f905cade9a0fe5ef321c1c60367e8ba
PHPSYSINFO 3.1.12 Local File Disclosure
Posted Feb 2, 2016
Authored by Paulos Yibelo

PHPSYSINFO versions 3.1.12 and below suffer from a local file disclosure vulnerability.

tags | exploit, local, file inclusion
SHA-256 | b91e2c3deff78812557e1059259cdd4c9d9b19aee77d73d5577ab98c615f3ab5
Magento eCommerce Vulnerable Adobe Flex SDK
Posted Apr 10, 2015
Authored by Paulos Yibelo

Magento eCommerce versions 1.9.0 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking.

tags | advisory
advisories | CVE-2011-2461
SHA-256 | 2abdab09c60b62e14aaa6b4c47c3f0c149c4561cf4f13a7a1514da1b9474cc0a
AfterLogic WebMail Lite Authentication Bypass
Posted Mar 27, 2015
Authored by Paulos Yibelo

AfterLogic WebMail Lite allows for an unauthenticated user to set an administrative password.

tags | exploit, bypass
SHA-256 | bf60678dc4156a2c4163e6ba2c9b3dc300a0635313915e2001465b0a83a9262a
Program-O 2.4.6 XSS / LFI / HTTP Response Splitting
Posted Jan 23, 2015
Authored by Paulos Yibelo, Vulnerability Laboratory | Site vulnerability-lab.com

Program-O version 2.4.6 suffers from http response splitting, cross site scripting, and local file inclusion vulnerabilities.

tags | exploit, web, local, vulnerability, xss, file inclusion
SHA-256 | 76658244af3e987274e86b16084fa6ffaf0d26aebcfead558ea9f4ca01983a80
Banana Dance Wiki CMS b2.x LFI / SQL Injection
Posted Jan 19, 2015
Authored by Paulos Yibelo, Vulnerability Laboratory | Site vulnerability-lab.com

Banana Dance Wiki CMS version b2.x suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | 5aea54712b3fcfc9bb62181feb0c7c2c80bfa25156dc0a43ef48f5ca566ca84a
Facebook Mobile Parameter Tampering Bypass
Posted Jan 16, 2015
Authored by Paulos Yibelo, Vulnerability Laboratory | Site vulnerability-lab.com

Facebook Mobile allowed for a name change prior to the 60 day limit.

tags | exploit
SHA-256 | e9022186bc9182406a9f7e6e9807d1d8c75ccb9ffbc563e752cb736aac563f8b
CatBot 0.4.2 SQL Injection
Posted Jan 16, 2015
Authored by Paulos Yibelo, Vulnerability Laboratory | Site vulnerability-lab.com

CatBot version 0.4.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8ca8d8041febb4bd7e87451a3b49b4a0db8053b94320613163e2349fd83ba080
Facebook Insecure Direct Object Reference
Posted Dec 26, 2014
Authored by Paulos Yibelo, Vulnerability Laboratory | Site vulnerability-lab.com

Facebook suffered from an insecure direct object reference vulnerability.

tags | advisory
SHA-256 | 331056674239d4a2b8597c783a977751033ec9efe723bf4173cf02c9fb7e6878
Facebook Studio Cross Site Scripting
Posted Dec 19, 2014
Authored by Paulos Yibelo, Vulnerability Laboratory | Site vulnerability-lab.com

Facebook Studio suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6c44cbb682aafd6daec44b1de42940894bcdb8d43089d73242d17f4e0333676d
Morfy CMS 1.05 Remote Command Execution
Posted Dec 17, 2014
Authored by Paulos Yibelo, Vulnerability Laboratory | Site vulnerability-lab.com

Morfy CMS version 1.05 suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2014-9185
SHA-256 | 58989d19395dfd9366042fa905b02009b55fe443fc5713b823583113c2af8e3a
Monstra 3.0.1 Bruteforce Mitigation Bypass
Posted Nov 12, 2014
Authored by Paulos Yibelo

Monstra versions 3.0.1 and below keep a tally client side in a cookie to count login attempts, allowing an attacker to completely bypass their abuse functionality.

tags | exploit, bypass
advisories | CVE-2014-9006
SHA-256 | e559a6fc29b5452cf0090e6cc326b4afa0c52ebd83000579ad0a03b5b75fae8a
Monstra 3.0.1 HTTP Response Splitting
Posted Nov 10, 2014
Authored by Paulos Yibelo

Monstra versions 3.0.1 and below suffer from an HTTP response splitting vulnerability.

tags | exploit, web
SHA-256 | 333a7cbaeed3cb481b4ccd4a7866dfecf3b66efe774dfea04879157048aaa69e
Anchor CMS 0.9.2 Header Injection
Posted Nov 10, 2014
Authored by Paulos Yibelo

Anchor CMS versions 0.9.2 and below suffer from a header injection vulnerability.

tags | exploit
advisories | CVE-2014-9182
SHA-256 | d1627d2ea7402acbd8c551b616bb1440bb991963b32d178d425ebbb7de626061
ZXDSL 831CII Cross Site Request Forgery
Posted Nov 10, 2014
Authored by Paulos Yibelo

ZXDSL 831CII suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-9027
SHA-256 | 843e8f18a1aecb19a3193b0c21a2f4b43254e1c19a3543a86ca96e33f9b2994a
ZTE ZXDSL 831 Cross Site Scripting
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE ZXDSL 831 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-9021, CVE-2014-9020
SHA-256 | fea9ea0557fdb4cf4949d6b661ca6949f9f891e48e62dfa0a42fcc32b6ace91e
ZTE 831CII Hardcoded Credential / XSS / CSRF
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE 831CII suffers from cross site request forgery, hardcoded administrative credential, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-9020, CVE-2014-9019, CVE-2014-9183
SHA-256 | 71cb47b2c17ef7f0dfffab54cfb391823034e3c990567867983eacd51e01d6ca
ZTE ZXDSL 831CII Insecure Direct Object Reference
Posted Nov 7, 2014
Authored by Paulos Yibelo

ZTE ZXDSL 831CII suffers from an insecure direct object reference vulnerability that allows for authentication bypass.

tags | exploit
advisories | CVE-2014-9184
SHA-256 | 1f03cc0b111dd69b400b5bc45c9417e5af28680d6acb649fecfb52fffe14bd19
DVWA Cross Site Request Forgery
Posted Sep 15, 2014
Authored by Paulos Yibelo

Damn Vulnerable Web Application, which is meant to be a vulnerable web application for security testing, can be leveraged by attackers to compromise your system when in use. This is a good reminder to only use DVWA on an air-gapped network. This exploits demonstrates the ability to gain code execution on the system.

tags | exploit, web, code execution, csrf
SHA-256 | 75399c599af8214d734313a75983c0648c16b80932511c55319919111ea07883
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close