all things security
Showing 1 - 25 of 41 RSS Feed

Files from Kacper Szurek

First Active2014-11-20
Last Active2017-10-04
Netgear ReadyNAS Surveillance 1.4.3-16 Remote Command Execution
Posted Oct 4, 2017
Authored by Kacper Szurek

Netgear ReadyNAS Surveillance version 1.4.3-16 suffers from a remote command execution vulnerability.

tags | exploit, remote
MD5 | f5b04fcd738b0b833d61f1bc22f69ffc
Synology Photo Station 6.7.3-3432 / 6.3-2967 Remote Code Execution
Posted Aug 8, 2017
Authored by Kacper Szurek

Synology Photo Station versions 6.7.3-3432 and 6.3-2967 suffer from a code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2017-11151, CVE-2017-11152, CVE-2017-11153, CVE-2017-11154, CVE-2017-11155
MD5 | fc56028ea9f8ca5bac93622f17bc02ae
ManageEngine Desktop Central 10 Build 100087 Remote Code Execution
Posted Jul 24, 2017
Authored by Kacper Szurek

This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 10. When uploading a file, the FileUploadServlet class does not check the user-controlled fileName parameter. This allows a remote attacker to create a malicious file and place it under a directory that allows server-side scripts to run, which results in remote code execution under the context of SYSTEM. This exploit was successfully tested on version 10, build 100087.

tags | exploit, remote, code execution
MD5 | 386fa43dc27bca19440cf9b03bd04679
QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 Authentication Bypass
Posted May 11, 2017
Authored by Kacper Szurek

QNAP PhotoStation version 5.2.4 and MusicStation version 4.8.4 suffer from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 9e5b18523ce0b371a5bd11a3f875f96a
Dell Customer Connect 1.3.28.0 Privilege Escalation
Posted Apr 25, 2017
Authored by Kacper Szurek

Dell Customer Connect (DCCService.exe) version 1.3.28.0 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 648406b9705b9801363957956c58c5f8
CyberGhost 6.0.4.2205 Privilege Escalation
Posted Mar 6, 2017
Authored by Kacper Szurek

CyberGhost version 6.0.4.2205 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | dc4945587436a4b85d1bfe3f59fb626b
ShadeYouVPN.com Client For Windows 2.0.1.11 Privilege Escalation
Posted Feb 14, 2017
Authored by Kacper Szurek

ShadeYouVPN.com client for Windows version 2.0.1.11 suffers from a local privilege escalation vulnerability due to executing any file path sent through a socket without verification as the SYSTEM user.

tags | exploit, local
systems | windows
MD5 | eeb2d9e157b6f60968f0fa2df69af3c4
IVPN 2.6.6120.33863 Privilege Escalation
Posted Feb 6, 2017
Authored by Kacper Szurek

IVPN client for Windows version 2.6.6120.33863 suffers from a privilege escalation vulnerability.

tags | exploit
systems | windows
MD5 | 2e33e44ecee081e6ed4044dac77bff10
Viscosity For Windows 1.6.7 Privilege Escalation
Posted Jan 31, 2017
Authored by Kacper Szurek

Viscosity for Windows version 1.6.7 suffers from a privilege escalation vulnerability. It is possible to execute openvpn with a custom dll as SYSTEM using ViscosityService because the path is not correctly validated.

tags | exploit
systems | windows
MD5 | 1efec6f3ea2f04fc83efd29c4e2ad149
WD My Cloud Mirror 2.11.153 Remote Command Execution / Authentication Bypass
Posted Jan 25, 2017
Authored by Kacper Szurek

WD My Cloud Mirror version 2.11.153 suffers from remote command execution and authentication bypass vulnerabilities.

tags | exploit, remote, vulnerability, bypass
MD5 | 3a03bededda8df40bf30974851a7f210
SentryHD 02.01.12e Privilege Escalation
Posted Jan 18, 2017
Authored by Kacper Szurek

SentryHD version 02.01.12e suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 85e02391e5639b13c5e60eed556d48a7
WordPress WP Support Plus Responsive Ticket System 7.1.3 Privilege Escalation
Posted Jan 10, 2017
Authored by Kacper Szurek

WordPress WP Support Plus Responsive Ticket System plugin version 7.1.3 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | dced8fe75b1b1c06cad1684e4aae9a49
AbanteCart 1.2.7 Cross Site Scripting
Posted Dec 6, 2016
Authored by Kacper Szurek

AbanteCart version 1.2.7 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | 73a8698aed600c14ecdb8be6392b460c
WinPower 4.9.0.4 Privilege Escalation
Posted Nov 29, 2016
Authored by Kacper Szurek

WinPower version 4.9.0.4 suffers from a privilege escalation vulnerability. Proof of concept code included.

tags | exploit, proof of concept
MD5 | ed0607905b845ef7350dce9ad139b90e
e107 CMS 2.1.2 Privilege Escalation
Posted Nov 9, 2016
Authored by Kacper Szurek

e107 CMS version 2.1.2 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 20603bb3632e7a19654f23b0e5c6ca1a
Dolphin 7.3.0 SQL Injection
Posted Sep 20, 2016
Authored by Kacper Szurek

Dolphin version 7.3.0 suffers from an error-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ab7bc57de68f6ec42241a33d72ceca65
Tiki Wiki CMS 15.0 Arbitrary File Download
Posted Jul 11, 2016
Authored by Kacper Szurek

Tiki Wiki CMS version 15.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
MD5 | f041d98f51a1e19fa76e0f68994bc8bb
phpMyFAQ 2.9.0 Cross Site Scripting
Posted Jun 9, 2016
Authored by Kacper Szurek

phpMyFAQ version 2.9.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7b4a39d81777ece41502f1968880743d
WordPress Double Opt-In For Download 2.0.9 SQL Injection
Posted Jun 6, 2016
Authored by Kacper Szurek

WordPress Double Opt-In for Download plugin version 2.0.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 14ca094f5880c19cc863d6b90c3d39af
Tiny Tiny RSS Blind SQL Injection
Posted Feb 15, 2016
Authored by Kacper Szurek

Tiny Tiny RSS suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2b70c9d055a100bd38a20ffa63dc9270
WordPress Simple Ads Manager 2.9.4.116 SQL Injection
Posted Dec 30, 2015
Authored by Kacper Szurek

WordPress Simple Ads Manager plugin version 2.9.4.116 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2a5355428fa2f26280f1c837fff29c79
WordPress Admin Management Xtended 2.4.0 Privilege Escalation
Posted Dec 14, 2015
Authored by Kacper Szurek

WordPress Admin Management Xtended plugin version 2.4.0 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | f1a4394c59e0c7e2366f90079d13c44c
WP Fastest Cache 0.8.4.8 Blind SQL Injection
Posted Nov 12, 2015
Authored by Kacper Szurek

WordPress WP Fastest Cache plugin version 0.8.4.8 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 237dc4ead3f9d96d77a0dac035edef49
WordPress Video Gallery 2.7 SQL Injection
Posted Aug 9, 2015
Authored by Kacper Szurek

WordPress Video Gallery plugin version 2.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 33d438464dbfabd84ced36091a390837
FreiChat 9.6 SQL Injection
Posted Jul 14, 2015
Authored by Kacper Szurek

FreiChat version 9.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d99307cd0ee4d201553feac0c557241a
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    2 Files
  • 23
    Oct 23rd
    16 Files
  • 24
    Oct 24th
    4 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close