what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files from Rodolfo Tavares

Email addressrodolfo.tavares at tempest.com.br
First Active2019-09-13
Last Active2024-08-31
Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
Posted Aug 31, 2024
Authored by Rodolfo Tavares, rodnt, Tempest Security | Site metasploit.com

This Metasploit module allows an authenticated user to retrieve the usernames and encrypted passwords of other users in Piwigo through SQL injection using the (filter_user_id) parameter.

tags | exploit, sql injection
advisories | CVE-2023-26876
SHA-256 | 9bbbad3a776fd24cf01f86397e96953115766823984339cff090461bcc35c03f
Download | Favorite | View
LumisXP 16.1.x Cross Site Scripting
Posted Jul 11, 2024
Authored by Rodolfo Tavares | Site tempest.com.br

LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in XsltResultControllerHtml.jsp.

tags | exploit, xss
advisories | CVE-2024-33326
SHA-256 | 44811fffdad55f59cab99ee680cea0158c35b26606a7a72215c8b74fff752970
Download | Favorite | View
LumisXP 16.1.x Cross Site Scripting
Posted Jul 11, 2024
Authored by Rodolfo Tavares | Site tempest.com.br

LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in UrlAccessibilityEvaluation.jsp.

tags | exploit, xss
advisories | CVE-2024-33327
SHA-256 | 62722fa4e4796c8ac819f4f74bff3b88e4c3207619569dd0af373cca85ccd325
Download | Favorite | View
LumisXP 16.1.x Cross Site Scripting
Posted Jul 11, 2024
Authored by Rodolfo Tavares | Site tempest.com.br

LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in main.jsp

tags | exploit, xss
advisories | CVE-2024-33328
SHA-256 | 6b2f2821d4c2d0424a401ff4ad365da2713d18f6c494dadd54e7fce8dfe51786
Download | Favorite | View
LumisXP 16.1.x Hardcoded Credentials / IDOR
Posted Jul 11, 2024
Authored by Rodolfo Tavares | Site tempest.com.br

LumisXP versions 15.0.x through 16.1.x have a hardcoded privileged identifier that allows attackers to bypass authentication and access internal pages and other sensitive information.

tags | exploit
advisories | CVE-2024-33329
SHA-256 | 507655a40fa21c33f270fff3ee33944627b6c9719d3c667e8ec61677948d5b35
Download | Favorite | View
Piwigo 13.5.0 SQL Injection
Posted Apr 28, 2023
Authored by Rodolfo Tavares | Site tempest.com.br

Piwigo version 13.5.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2023-26876
SHA-256 | b4b2bf2bd02e5e6e2f24ce835e44e52d016f467252a6d79a30e013c6f3028a74
Download | Favorite | View
WordPress WPvivid Backup Path Traversal
Posted Oct 4, 2022
Authored by Rodolfo Tavares | Site tempest.com.br

WordPress WPvivid Backup plugin versions prior to 0.9.76 suffer from a path traversal vulnerability.

tags | exploit
advisories | CVE-2022-2863
SHA-256 | fb090fe06b8107185b5b73bdfac52e984a5bd3987e4e8a14397734095d06addf
Download | Favorite | View
LiquidFiles 3.4.15 Cross Site Scripting
Posted May 19, 2022
Authored by Rodolfo Tavares | Site tempest.com.br

LiquidFiles version 3.4.15 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-30140
SHA-256 | 64fb0fffa85d330dbc47f539a594fa8fcad4c9362b419983c93474d08ba4e151
Download | Favorite | View
PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting
Posted May 19, 2022
Authored by Rodolfo Tavares | Site tempest.com.br

PHPIPAM version 1.4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2021-46426
SHA-256 | 050c77ae0f13a5b4247218de44f8bf133ca516aae7da4d73aba802231bdde893
Download | Favorite | View
PHPIPAM 1.4.4 SQL Injection
Posted Jan 25, 2022
Authored by Rodolfo Tavares

PHPIPAM version 1.4.4 suffers from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2022-23046
SHA-256 | 52735c203f763f807bb821587b48986c8565cba03c4abbab39523388cea432b8
Download | Favorite | View
Envira Gallery Lite 1.8.3.2 Cross Site Scripting
Posted Jan 13, 2021
Authored by Rodolfo Tavares | Site tempest.com.br

Envira Gallery Lite edition version 1.8.3.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-35581, CVE-2020-35582
SHA-256 | 9dbf149ef3ee66457f73ea7147ed74161ff3ef6881909b863f14b4bf54649b7c
Download | Favorite | View
Typesetter CMS 5.1 Remote Code Execution
Posted Oct 20, 2020
Authored by Rodolfo Tavares

Typesetter CMS version 5.1 authenticated remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2020-25790
SHA-256 | 88686ca78f33a87564ebb395cb531dd62ea51ec4e0d7bece14f7859cf8a4c103
Download | Favorite | View
Typesetter CMS 5.1 Remote Code Execution
Posted Oct 7, 2020
Authored by Rodolfo Tavares | Site tempest.com.br

Typesetter version 5.1 is vulnerable to code execution via /index.php/Admin/Uploaded. An attacker can exploit this by uploading a zip that contains a malicious php file inside. After extracting the zip file containing the malicious php file, it is possible to execute commands on the target operation system.

tags | advisory, php, code execution
advisories | CVE-2020-25790
SHA-256 | ee974c9d37c8aba758fd4db3a34e859ee9e9a7a9e7db287f6d35e858f330de34
Download | Favorite | View
GilaCMS 1.11.5 Cross Site Request Forgery / Cross Site Scripting
Posted Jun 23, 2020
Authored by Rodolfo Tavares | Site tempest.com.br

GilaCMS version 1.11.5 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2019-20803, CVE-2019-20804
SHA-256 | 6603d87a861a3d845fa61f9b588c6b86e0c8fe070114880b2f66b4cd804da8df
Download | Favorite | View
Piwigo 2.9.5 Cross Site Request Forgery / Cross Site Scripting
Posted Sep 13, 2019
Authored by Rodolfo Tavares

Piwigo version 2.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2019-13363, CVE-2019-13364
SHA-256 | 8a705d66a11dea3ced8ff1ddbb628df03886926a4d88a4506f71c1bceda77cb7
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close