exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files from Felipe Daragon

Email addressfelipe at syhunt.com
First Active2008-01-24
Last Active2014-05-28
Lua Web Application Security Vulnerabilities
Posted May 28, 2014
Authored by Felipe Daragon | Site syhunt.com

This paper highlights risks associated with unvalidated input in Lua-based applications.

tags | paper
SHA-256 | b4f14650e83aeefc80c835944c58d54d354b9a258c6d244b09f76bbd9c1c50be
Sandcat Browser 5.0-beta.1
Posted May 28, 2014
Authored by Felipe Daragon

Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and when you need to examine live web applications.

tags | tool, web
systems | unix
SHA-256 | cf989c86c0521b79f36955f23b5884a66b9f8bfdc0e7670e64ccb43a1afda929
CGILua 5.x Predictable Session Identifier
Posted May 1, 2014
Authored by Felipe Daragon | Site syhunt.com

A vulnerability in the session library that ships with CGILua since version 5.0 beta may allow remote attackers to easily and quickly guess valid session IDs generated by a Lua web application and perform session hijacking.

tags | advisory, remote, web
advisories | CVE-2014-2875
SHA-256 | d47d6ee8b23d4dfc00517ad05df39563c3ec959859f6a90ece46d4098f19ee5c
Google V8 Server-Side Javascript Injection
Posted Feb 27, 2012
Authored by Felipe Daragon | Site syhunt.com

This is a brief write up discussing Google V8 server-side javascript (SSJS) injection.

tags | paper, javascript
SHA-256 | 7652f540e79f74e1eff943b389b6f7f03423371c27f0d655323015f9f003002b
Time-Based Blind NoSQL Injection
Posted Dec 19, 2011
Authored by Felipe Daragon | Site syhunt.com

This is a brief write up discussing time-based NoSQL injection attacks using javascript.

tags | paper, javascript, sql injection
SHA-256 | 38f29f6bb429406f5f75bcf44692f842d085e1f1bc2d98124da439be4d863cc3
Visual Synapse Directory Traversal
Posted Oct 8, 2010
Authored by Felipe Daragon | Site syhunt.com

Visual Synapse HTTP server suffers from a directory traversal vulnerability.

tags | exploit, web, file inclusion
advisories | CVE-2010-3743
SHA-256 | 038f38bdf4e7117803ec5bc6d22f030c1807fe0e79f28bb04eb182d7d342adfb
Klinzmann A-A-S 2.0.48 XSRF Exploit
Posted May 13, 2009
Authored by Felipe Daragon | Site syhunt.com

Klinzmann Application Access Server version 2.0.48 cross site request forgery exploit.

tags | exploit, csrf
advisories | CVE-2009-1464
SHA-256 | 8fbdf9086123ab178a93c6aa387ee37b227bad398eb09b10822fe24d631ab585
Klinzmann A-A-S XSRF / Code Execution
Posted May 13, 2009
Authored by Felipe Daragon | Site syhunt.com

The Klinzmann Application Access Server suffers from cross site request forgery, command execution, default password, and insecure password storage vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2009-1464, CVE-2009-1465, CVE-2009-1466
SHA-256 | e216edbf657d61bdb2e559c269b7118db00d7f30c8cb83b7248238c64f6b103d
hfs-spoof.txt
Posted Jan 24, 2008
Authored by Felipe Daragon, Alec Storm | Site syhunt.com

HFS versions 1.5g through 2.3 suffer from username spoofing and log injection vulnerabilities.

tags | advisory, spoof, vulnerability
advisories | CVE-2008-0407, CVE-2008-0408
SHA-256 | 5b3cbaf4dc12bfae2a139d34b04a6f0260e498eb9425aab233e032444fa1c0a7
hfshack.txt
Posted Jan 24, 2008
Authored by Felipe Daragon, Alec Storm | Site syhunt.com

Syhunt HFSHack version 1.0b is an exploit for various vulnerabilities found in HFS versions 1.5 through 2.3.

tags | exploit, vulnerability
advisories | CVE-2008-0405, CVE-2008-0406, CVE-2008-0407, CVE-2008-0408, CVE-2008-0409, CVE-2008-0410
SHA-256 | cf5241d98b767c660b1da691f06531bdf11802f7be9b965f8b6a271445f08f40
hfs-manipulate.txt
Posted Jan 24, 2008
Authored by Felipe Daragon, Alec Storm | Site syhunt.com

HFS versions 2.2 through 2.3 suffer from arbitrary file manipulation and denial of service vulnerabilities.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2008-0405, CVE-2008-0406
SHA-256 | b808645f02dd720f4b5dc129b8f8e58df6ca146c7b5158604938c0d0f8bbd55e
hfs-xss.txt
Posted Jan 24, 2008
Authored by Felipe Daragon, Alec Storm | Site syhunt.com

HFS versions 2.3 through 2.0 suffer from cross site scripting and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
advisories | CVE-2008-0409, CVE-2008-0410
SHA-256 | c6417b3811c50e7ea4316acb3c097304bd8f5ebfd4d871f85cbc2532a0cd2f0d
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    49 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close