what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files from Luca Carettoni

Email addressluca.carettoni at ikkisoft.com
First Active2005-07-28
Last Active2015-03-30
JBoss JMXInvokerServlet Remote Command Execution
Posted Mar 30, 2015
Authored by Luca Carettoni

This code exploits a common misconfiguration in JBoss Application Server. Whenever the JMX Invoker is exposed with the default configuration, a malicious "MarshalledInvocation" serialized Java object allows to execute arbitrary code. This exploit works even if the "Web-Console" and the "JMX Console" are protected or disabled.

tags | exploit, java, web, arbitrary
SHA-256 | 2f89a911033600e43c401de947c053ee9c90b4063ccb92f8ff41a305ec2aa1aa
Zend Java Bridge Remote Code Execution
Posted Mar 30, 2011
Authored by Luca Carettoni

Zend Java Bridge version 3.1 remote code execution exploit that takes advantage of a specific flaw in the javamw.jar service.

tags | exploit, java, remote, code execution
SHA-256 | 5b230d5d0d8b69815ef55baf27ebfe72e28fd2c2e03ebc062420fdb5fcd6d19e
NetSupport Manager Agent Remote Buffer Overflow
Posted Mar 4, 2011
Authored by Luca Carettoni, jduck, Evan | Site metasploit.com

This Metasploit module exploits a buffer overflow in NetSupport Manager Agent. It uses a similar ROP to the proftpd_iac exploit in order to avoid non executable stack.

tags | exploit, overflow
advisories | CVE-2011-0404, OSVDB-70408
SHA-256 | 97cfba55ad99e70aab89080a5fd28096914ddedef3359cfe0a68bdb2d98b0bff
NetSupport Manager Agent Remote Buffer Overflow
Posted Jan 8, 2011
Authored by Luca Carettoni

NetSupport Manager Agent suffers from a stack-based buffer overflow vulnerability. Version 11 for Linux, 9.50 for Solaris, and 11.00 for Mac OS X are confirmed vulnerable. The advisory and exploit are both included in this archive.

tags | exploit, overflow
systems | linux, solaris, apple, osx
SHA-256 | 6417f7b4beba8da9495af360dd98ebbd189845733d7c21caf922ea23a26883be
IBM WebSphere Arbitrary File Retrieval
Posted Jan 7, 2011
Authored by Luca Carettoni

IBM WebSphere suffers from arbitrary file retrieval vulnerabilities.

tags | advisory, arbitrary, vulnerability, info disclosure
SHA-256 | de8dc2b772ab07ee4cd4c5c0720677050407868ec9368f5cf31cdc98f583d590
Oracle Secure Backup Server Bypass / Command Injection
Posted Sep 15, 2009
Authored by Luca Carettoni | Site ikkisoft.com

Oracle Secure Backup Administration Server suffers from authentication bypass and command injection vulnerabilities.

tags | exploit, vulnerability, bypass
advisories | CVE-2009-1977, CVE-2009-1978
SHA-256 | 8bbf1a7668ebf7f94b2ec20073f80c9f8f048f84184c40ab8880774b4df54dd6
HTTP Parameter Pollution
Posted May 19, 2009
Authored by Stefano Di Paola, Luca Carettoni | Site ikkisoft.com

This is a presentation called HTTP Parameter Pollution that focuses on manipulation and injection of HTTP GET/POST parameters.

tags | paper, web
SHA-256 | df989e106011230b8418a8adeaad6d36878992bf93ca8fd2ac0c12fef5be85fa
Mortbay Jetty Denial Of Service
Posted May 8, 2009
Authored by Luca Carettoni | Site ikkisoft.com

Mortbay Jetty versions 7.0.0-pre5 and below dispatcher servlet denial of service exploit.

tags | exploit, denial of service
SHA-256 | f66271be2229a03b1932399b1b0b4487d492f57519db5138a2bb1f932b5197b8
ZeroShell Code Execution
Posted Feb 9, 2009
Authored by Luca Carettoni | Site ikkisoft.com

ZeroShell versions 1.0beta11 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 15b6637e4b0289913a8d4d63a52e96e1a32f244030761fbf336ec8cf371497fd
3Com Router Authentication Bypass
Posted Feb 9, 2009
Authored by Luca Carettoni | Site ikkisoft.com

The 3Com OfficeConnect wireless cable/dsl router suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | aa080901b45cce39e49530c28026faaa434bace8effcbd668c55029fb4655d06
LC-2008-07.txt
Posted Nov 6, 2008
Authored by Luca Carettoni | Site ikkisoft.com

DFLabs PTK versions 1.0 and below suffer from a local command execution vulnerability. Full exploitation details provided.

tags | exploit, local
SHA-256 | 5695f2251816085038d0b232c49173e5e2e8df4fefa8aac2a2c8d23da4b18bdb
nokiaminimap-crash.txt
Posted Oct 11, 2008
Authored by Luca Carettoni | Site secunia.com

The Nokia Mini Map Browser suffers from a silent crash vulnerability.

tags | advisory
SHA-256 | ea8657ee3bff0560317b033c2fec9f30414dbc0595ff68403bf49e94ffbca132
dirTraversal.txt
Posted Oct 8, 2008
Authored by Luca Carettoni | Site ikkisoft.com

This is a list of fuzzing vectors used in order to trigger directory traversal vulnerabilities. It is quite a huge list composed using different encodings and bizarre attack patterns reported in several vulnerability advisories.

tags | vulnerability, fuzzer
SHA-256 | 4ba540799aa51a24dc790a72c68a21a526b853367d539adee6941a805954e2e4
hpsnh-xss.txt
Posted Aug 27, 2008
Authored by Luca Carettoni, Claudio Criscione, Lavakumar Kuppan | Site ikkisoft.com

Further analysis regarding the HP System Management

tags | exploit, xss
advisories | CVE-2008-1663
SHA-256 | 50cafab5d8ea833ac02ac9ae4a102f63d72c36a385c1f8949e6ee5291fbf724f
philipsvoip-multi.txt
Posted Feb 14, 2008
Authored by Luca Carettoni | Site securenetwork.it

The Philips VOIP841 DECT cordless phone with an embedded Skype client suffers from a hidden administrative interface with a default login, directory traversal, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | ca377cc63b1fdc961af36a095f187918a72cd8179c8b5930245727e8467eb649
sphpblog-multi.txt
Posted Sep 26, 2007
Authored by Luca Carettoni, Luca De Fulgentis | Site securenetwork.it

Simple PHP Blog version 0.5.0.1, 0.4.8, and all previous versions suffer from cross site scripting and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, php, vulnerability, xss, file upload
SHA-256 | 3027e00fe1c5d2f7de12da1db873e56561637229d6fbf0c6be6c6cc5383dd35c
gcaldaemon-dos.txt
Posted Sep 19, 2007
Authored by Luca Carettoni | Site securenetwork.it

GCALDaemon version 1.0-beta13 is susceptible to denial of service attacks via a specially crafted HTTP request.

tags | exploit, web, denial of service
SHA-256 | bf70ecc515ce42e68f77786ee109556869210e65b7c5f9d7ca197255326672c8
boa-bypass.txt
Posted Sep 18, 2007
Authored by Luca Carettoni, Claudio "paper" Merloni | Site securenetwork.it

It is possible to bypass HTTP basic authentication on Boa version 0.93.15.

tags | advisory, web, bypass
SHA-256 | ca7942dc4171dd5917fcf795566ace2e929664f8d6e883117aa9a78d535cf174
hummingbirdVulns.txt
Posted Jan 11, 2006
Authored by Luca Carettoni, Federico Maggi | Site securenetwork.it

Hummingbird Collaboration versions 5.2.1 and below suffer from cross site scripting, improper file handling, and information disclosure vulnerabilities.

tags | advisory, vulnerability, xss, info disclosure
SHA-256 | f3a90a238b8ae699d77c308f0f0bf299c07360001f625c4774af61491c1676e7
SiemensSANTIS50.txt
Posted Jul 28, 2005
Authored by Luca Carettoni

By sending trigger packets to the management port (280/http-mgmt) of a Siemens Santis 50 wireless router, the device freezes the web interface and allows unauthenticated access to the telnet CLI.

tags | exploit, web
SHA-256 | 55fd63fc68a9ff21180c20280c664708b42386f538608ed1c889437dee91b9b0
Page 1 of 1
Back1Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    9 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close