exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 41 of 41 RSS Feed

Files from Dawid Golunski

Email addressgolunski at onet.eu
First Active2009-11-17
Last Active2021-09-16
CakePHP Framework 3.2.4 IP Spoofing
Posted May 14, 2016
Authored by Dawid Golunski

CakePHP Framework versions 3.2.4 and below suffer from a vulnerability that allows users to spoof the source IP address logged by the server.

tags | exploit, spoof
SHA-256 | 1622c97f61d826f0b1ac17dd524ddc11ef087ce3f89a0a231f688451fb208d52
Exim perl_startup Privilege Escalation
Posted Apr 14, 2016
Authored by Dawid Golunski, wvu | Site metasploit.com

This Metasploit module exploits a Perl injection vulnerability in Exim versions prior to 4.86.2 given the presence of the "perl_startup" configuration parameter.

tags | exploit, perl
SHA-256 | 9244d1a56ca1a0b4187fc7d9232dd5485fbbf380c0bdb9f35ea79df0019c335a
Exim Local Privilege Escalation
Posted Mar 10, 2016
Authored by Dawid Golunski

Exim versions prior to 4.86.2 suffer from a local root privilege escalation vulnerability. When Exim installation has been compiled with Perl support and contains a perl_startup configuration variable it can be exploited by malicious local attackers to gain root privileges.

tags | exploit, local, root, perl
advisories | CVE-2016-1531
SHA-256 | c8b37f6ba0c1a3bd66f5d17781dd1c98a33edc213484ca6db8095fef81937ebc
Google AdWords API PHP Client Library 6.2.0 XXE Injection
Posted Nov 9, 2015
Authored by Dawid Golunski

Google AdWords API PHP client library versions 6.2.0 and below suffer from an XML eXternal Entity injection vulnerability.

tags | exploit, php, xxe
SHA-256 | 6c9916344ebaa174cf5f48cf521868ab0c1c4407426a74e9439a33f3fc409164
Google AdWords API PHP Client Library 6.2.0 Code Execution
Posted Nov 9, 2015
Authored by Dawid Golunski

Google AdWords API PHP client library versions 6.2.0 and below suffer from an arbitrary PHP code execution vulnerability.

tags | exploit, arbitrary, php, code execution
SHA-256 | 718bc4c80011e0f627d4e11bfaf5b3cc7ec9ed3b9d1a3fe0996e87ba5f90a42d
eBay Magento XXE Injection
Posted Oct 30, 2015
Authored by Dawid Golunski

eBay Magento CE versions 1.9.2.1 and below and eBay Magento EE versions 1.14.2.1 and below suffer from an XXE injection vulnerability.

tags | exploit, xxe
SHA-256 | 08393363d6670e33368d62daac52944168d2958ae3fd00c5baedaa4999a731b3
Kirby CMS 2.1.0 Authentication Bypass / Traversal
Posted Sep 16, 2015
Authored by Dawid Golunski

Kirby CMS versions 2.1.0 and below suffer from an authentication bypass vulnerability via path traversal.

tags | exploit, bypass, file inclusion
SHA-256 | 1bb3efe2cbba1438b53a1927c92e2b5311bd0d77bbfc50ad60673508d8670f21
Kirby CMS 2.1.0 CSRF / Shell Upload
Posted Sep 16, 2015
Authored by Dawid Golunski

Kirby CMS versions 2.1.0 and below suffer from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
SHA-256 | 80c763cf1e6a51e5e12403863882e4c9a30a3f2bb3fed73058ff2d71eab9e308
Zend Framework 2.4.2 / 1.12.13 XXE Injection
Posted Aug 13, 2015
Authored by Dawid Golunski

Zend Framework versions 2.4.2 and below and 1.12.13 and below suffer from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2015-5161
SHA-256 | cccb5dc964df6b506118b1a8ca7240bbdddcf7b3aded48bd2c1c454e40f791da
NRPE 2.15 Remote Command Execution
Posted Aug 28, 2014
Authored by Dawid Golunski, Claudio Viviani

NRPE version 2.15 remote command execution exploit written in Python.

tags | exploit, remote, python
advisories | CVE-2014-2913
SHA-256 | c268de70bbf269dcf7e9d20818207c8f9d7979d2b3054cdd2d722e64c5890c38
Nagios check_dhcp 2.0.2 Race Condition
Posted Jun 29, 2014
Authored by Dawid Golunski

Nagios Plugins versions 2.0.2 suffer from a race condition in check_dhcp.

tags | exploit
SHA-256 | 34515f9830172588d1778328a6fadb3d5847b8aa2cf072dc6aece33dec8c2b8e
Nagios Plugins 2.0.1 check_dhcp Arbitrary File Read
Posted May 18, 2014
Authored by Dawid Golunski

Nagios Plugins versions 2.0.1 and below suffer from an arbitrary file read vulnerability via check_dhcp.

tags | exploit, arbitrary
SHA-256 | 06b295d336a8c90eb6729752963778c1daffd50f2c930f399a48e00d05704d46
Nagios Remote Plugin Executor 2.15 Remote Command Execution
Posted Apr 17, 2014
Authored by Dawid Golunski

Nagios Remote Plugin Executor (NRPE) versions 2.15 and below suffer from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 035764b6de0406994622b53a57f33221624085f4e55263d2f7452b0cfbc8b3ed
Zabbix 1.8.1 SQL Injection
Posted Apr 1, 2010
Authored by Dawid Golunski

Zabbix versions 1.8.1 and below suffer from a remote SQL injection vulnerability. Exploit included.

tags | exploit, remote, sql injection
SHA-256 | 7cf03746fe3bd3d20e816a8812c54167eb5cc526f5d8a2fbafe232e967dd33eb
Invision Power Board Local File Inclusion / SQL Injection
Posted Dec 5, 2009
Authored by Dawid Golunski

Invision Power Board versions 3.0.4 and below suffer from local file inclusion and remote SQL injection vulnerabilities. Versions 2.3.6 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | efe52ce1957cc2103d4b96559bf90231ce74be94e5635eacb7a3a351c7a0837e
WordPress 2.8.5 Shell Upload
Posted Nov 17, 2009
Authored by Dawid Golunski

WordPress versions 2.8.5 and below suffer from an unrestricted file upload vulnerability that allows for PHP code execution.

tags | exploit, php, code execution, file upload
SHA-256 | 8a9c0fdb59cc38abd6330f5a1a1a3775ef99f1828bf48d154ae593fee3004135
Page 2 of 2
Back12Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close