exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 133 RSS Feed

Files from Larry W. Cashdollar

Real NameLarry W. Cashdollar
Email addressprivate
Websitevapid.dhs.org
First Active1999-11-14
Last Active2020-07-15
View User Profile
Joomla/WordPress XCloner Command Execution / Password Disclosure
Posted Nov 7, 2014
Authored by Larry W. Cashdollar

XCloner plugin version 3.1.1 for WordPress and 3.5.1 for Joomla! suffers from arbitrary command execution, MySQL password disclosure, database backups exposed, unauthenticated remote access, and various other vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, bypass, info disclosure
advisories | CVE-2014-8603, CVE-2014-8604, CVE-2014-8605, CVE-2014-8606, CVE-2014-8607
SHA-256 | e7e9c754e4fa53a92070a86a3d88269734cc1335edab813113e839335bc770af
WordPress Database Manager 2.7.1 Command Injection / Credential Leak
Posted Oct 21, 2014
Authored by Larry W. Cashdollar

WordPress Database Manager plugin version 2.7.1 suffers from remote command injection and credential leakage vulnerabilities.

tags | exploit, remote, vulnerability
advisories | CVE-2014-8334, CVE-2014-8335
SHA-256 | 174d4b8c6bd2ff775a42f9856e7c4a23ceeb230356f290fe0acf21783052065c
Rooted SSH/SFTP Daemon Default Login Credentials
Posted Sep 12, 2014
Authored by Larry W. Cashdollar

Rooted SSH/SFTP Daemon installs with static default root credentials and does not prompt the user to change them.

tags | exploit, root
SHA-256 | 04c4d92a411b17314d846f4d2d72d2c504c386afce4fbd9c2181d3687821c1dc
Elastic Search 1.1.1 Arbitrary File Read
Posted Jul 30, 2014
Authored by Larry W. Cashdollar, Bouke van der Bijl

Remote exploit for Elastic Search version 1.1.1 that attempts to read /etc/hosts and /etc/passwd.

tags | exploit, remote
advisories | CVE-2014-3120
SHA-256 | 9f77dafb99af40f2c2d5742a9434d5f9d672d2a7b83bbada56a2713e609f8b41
Ruby Gem sfpagent 0.4.14 Command Injection
Posted Apr 18, 2014
Authored by Larry W. Cashdollar

Ruby Gem sfpagent version 0.4.14 suffers from a remote command injection vulnerability.

tags | exploit, remote, ruby
advisories | CVE-2014-2888
SHA-256 | 381d86b6c936ec04601fb4ec173464e5e28efd43a987894099a5abbcdeb655d0
Ruby Gem Arabic Prawn 0.0.1 Command Injection
Posted Mar 12, 2014
Authored by Larry W. Cashdollar

Arabic Prawn Ruby gem version 0.0.1 suffers from a remote command injection vulnerability.

tags | exploit, remote, ruby
advisories | CVE-2014-2322
SHA-256 | c5f02d425c1722103bd1066865763a5f030b1a9c066ab94408f02e058557d56b
WordPress Media File Renamer 1.7.0 Cross Site Scripting
Posted Feb 25, 2014
Authored by Larry W. Cashdollar

WordPress Media File Renamer plugin version 1.7.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-2040
SHA-256 | 39e43c6d9014a50baafd552c0ee274abc0e783d155db5d4cfef1cd7983dada81
Bio Basespace SDK 0.1.7 API Key Exposure
Posted Dec 15, 2013
Authored by Larry W. Cashdollar

The Bio Basespace SDK 0.1.7 Ruby Gem API client code passes the API_KEY to a curl command. This exposes the api key to the shell and process table. Another user on the system could snag the api key by just monitoring the process table.

tags | advisory, shell, info disclosure, ruby
SHA-256 | d611161b7de257aeced569b86efb86407334ac528739835cfa78af454f079352
Ruby Gem Webbynode 1.0.5.3 Command Injection
Posted Dec 13, 2013
Authored by Larry W. Cashdollar

Ruby Gem Webbynode version 1.0.5.3 suffers from a remote command injection vulnerability.

tags | exploit, remote, ruby
SHA-256 | bfaa7907aba801776aeefc69d46a1d02c5a36c3932a60c392cd07d6e4f7b0d43
Amazon Application Store / AWS/ECS2 Vulnerabilities
Posted Dec 5, 2013
Authored by Larry W. Cashdollar

The Try Before You Buy feature in Amazon's Application Store allows an external party to test software prior to download. Poor sandboxing and failed security controls allowed a malicious attacker the ability to perform portscanning of AWS backend services, spawn rogue services in the AWS cloud, and much more.

tags | advisory
SHA-256 | d565b306507e35d03c17757cc4c999aeb15676ec12278c2bf3d330d3c0b7bde0
Ruby Gem Sprout 0.7.246 Command Injection
Posted Dec 2, 2013
Authored by Larry W. Cashdollar

Ruby Gem Sprout version 0.7.246 suffers from a command injection vulnerability.

tags | exploit, ruby
SHA-256 | 0e6a16e2626b38daf12649fa0ba9330e6959dbf38f464da7f50fa85b91cab217
Ice Cold Apps Servers Ultimate 6.0.2(12) Remote Command Execution
Posted Oct 4, 2013
Authored by Larry W. Cashdollar

Ice Cold Apps Servers Ultimate version 6.0.2(12) for Android has no credentials by default and authentication is disabled for telnet/ssh/ftp, allowing remote access to the device's storage.

tags | exploit, remote
SHA-256 | c0c01528feb7496f118fefa0d1d9c613ae250458d43874a7d8415340fdbd70bb
Ruby Programming Language 1.7 File Upload
Posted Sep 12, 2013
Authored by Larry W. Cashdollar

Ruby Programming Language version 1.7 for iOS suffers from an unauthenticated file upload vulnerability.

tags | exploit, file upload, ruby
systems | apple, ios
SHA-256 | 49117ffa584a6641af0f6e0eb35c19881e9012e3d2ba442f1e392d3e04e9e543
Perl Programming Language 1.6 File Upload
Posted Sep 12, 2013
Authored by Larry W. Cashdollar

Perl Programming Language version 1.6 for iOS suffers from an unauthenticated file upload vulnerability.

tags | exploit, file upload
systems | apple, ios
SHA-256 | 82f45a8cec71c681994d1f7677a3045e65b9ca71c95f7319e7b7dee148d692d5
Personal Address Book 2.0 File Upload
Posted Sep 12, 2013
Authored by Larry W. Cashdollar

Personal Address Book version 2.0 for iOS suffers from an unauthenticated file upload vulnerability.

tags | exploit, file upload
systems | apple, ios
SHA-256 | e7ac6dc4b5192b7ef32a6958064230df219e8fc4a639833ea2487803787e34b6
Lua-Programming Language 1.6 File Upload
Posted Sep 10, 2013
Authored by Larry W. Cashdollar

Lua-Programming Language version 1.6 for iOS suffers from a remote file upload vulnerability.

tags | exploit, remote, file upload
systems | apple
SHA-256 | bb4f88d155d9c74c2279e7d163ac7dff5c0cc5fe6107f2bb1597472784143416
Android FTP Server 1.2 Privilege Escalation
Posted Sep 9, 2013
Authored by Larry W. Cashdollar

Android FTP Serve version 1.2 exposes the configuration file with full read and write permissions. A malicious party can overwrite the credentials for the administrator and escalate privileges.

tags | exploit
SHA-256 | 3dd744c0f1c0dd5fbffad80344f989d7b3436f5030e2d950967eb38f7e5aca7f
Ruby Gem Features 0.3.0 Injection
Posted Sep 9, 2013
Authored by Larry W. Cashdollar

Ruby Gem Features version 0.3.0 suffers from a file injection vulnerability that can lead to cross site scripting.

tags | exploit, xss, ruby
SHA-256 | c7a54aa106b7c9bed756067a2616950105a69b23c99d49249959d5fa0792fbd6
Fog Dragonfly 0.8.2 Command Injection
Posted Sep 3, 2013
Authored by Larry W. Cashdollar

Ruby Gem Fog Dragonfly version 0.8.2 suffers from a remote command injection vulnerability.

tags | advisory, remote, ruby
advisories | CVE-2013-5671
SHA-256 | ab3491f98a2bc70682b26926ea96e1f3e4c3c966ee732993fde62136ed2c27ca
Ruby Gem Rgpg 0.2.2 Command Injection
Posted Aug 5, 2013
Authored by Larry W. Cashdollar

Ruby Gem Rgpg version 0.2.2 suffers from a remote command injection vulnerability.

tags | exploit, remote, ruby
advisories | CVE-2013-4203
SHA-256 | c54580488fa386bb799c224ae7cf985b25c183e8936078b05fc68b8cc01bd006
Solaris Recommended Patch Cluster 6/19 Local Root
Posted Jul 8, 2013
Authored by Larry W. Cashdollar

Solaris Recommended Patch Cluster 6/19 suffers from a local root command execution vulnerability on x86.

tags | exploit, x86, local, root
systems | solaris
advisories | CVE-2010-1183
SHA-256 | 532e22bc6ff3e644f7b297fffe8d58e1796dc3a75b7965cd74a76062a5280627
Solaris 10 Patch Cluster File Clobber
Posted Jun 19, 2013
Authored by Larry W. Cashdollar

Solaris 10 patch cluster suffers from a file clobber vulnerability in /tmp.

tags | exploit
systems | solaris
SHA-256 | 03794219b3e100fca16c556ac9f4ccfaad291a40205e4a5a016b11eca6895b3e
Show In Browser 0.0.3 Ruby Gem File Injection
Posted May 24, 2013
Authored by Larry W. Cashdollar | Site rubygems.org

Show In Browser 0.0.3 is a Ruby Gem that suffers from a file injection vulnerability, allowing arbitrary text to be opened in a browser.

tags | advisory, arbitrary, ruby
SHA-256 | d8ef5225f129ed45cb3685bdff5c084d39d71818984f62b5fb94e0176be4b90f
Ruby Gem Creme Fraiche 0.6 Command Injection
Posted May 14, 2013
Authored by Larry W. Cashdollar

Ruby Gem Creme Fraiche version 0.6 suffers from a remote command injection vulnerability due to unsanitized input.

tags | exploit, remote, ruby
advisories | CVE-2013-2090
SHA-256 | 432f99098884e80c6594d67b9edd44d3c6a943e78df04188f65f7a5a60c25b58
Ruby Gem md2pdf Command Injection
Posted Apr 15, 2013
Authored by Larry W. Cashdollar

Ruby Gem md2pdf suffers from a remote command injection vulnerability.

tags | exploit, remote, ruby
advisories | CVE-2013-1948
SHA-256 | 961566ce1e369fe89fe75f7891fe11b15c66c71e0cc7df7e1c118806ee180d04
Page 3 of 6
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close