what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 43 of 43 RSS Feed

Files from Dawid Golunski

Email addressgolunski at onet.eu
First Active2009-11-17
Last Active2023-03-14
GNU Wget Arbitrary File Upload / Potential Remote Code Execution
Posted Jul 6, 2016
Authored by Dawid Golunski

GNU Wget versions prior to 1.18 suffer from an arbitrary file upload vulnerability that may allow for remote code execution.

tags | exploit, remote, arbitrary, code execution, file upload
advisories | CVE-2016-4971
SHA-256 | 3ebf4d81b9c108e57502040e8018d849ca791f68c50a3e363db8ee6554556d53
Ubuntu Security Notice USN-3012-1
Posted Jun 21, 2016
Authored by Ubuntu, Dawid Golunski | Site security.ubuntu.com

Ubuntu Security Notice 3012-1 - Dawid Golunski discovered that Wget incorrectly handled filenames when being redirected from an HTTP to an FTP URL. A malicious server could possibly use this issue to overwrite local files.

tags | advisory, web, local
systems | linux, ubuntu
advisories | CVE-2016-4971
SHA-256 | ce58c9f63ee02189ccf645ed4f89fd26639c73baac37f0bbea564d04d356fe3d
CakePHP Framework 3.2.4 IP Spoofing
Posted May 14, 2016
Authored by Dawid Golunski

CakePHP Framework versions 3.2.4 and below suffer from a vulnerability that allows users to spoof the source IP address logged by the server.

tags | exploit, spoof
SHA-256 | 1622c97f61d826f0b1ac17dd524ddc11ef087ce3f89a0a231f688451fb208d52
Exim perl_startup Privilege Escalation
Posted Apr 14, 2016
Authored by Dawid Golunski, wvu | Site metasploit.com

This Metasploit module exploits a Perl injection vulnerability in Exim versions prior to 4.86.2 given the presence of the "perl_startup" configuration parameter.

tags | exploit, perl
SHA-256 | 9244d1a56ca1a0b4187fc7d9232dd5485fbbf380c0bdb9f35ea79df0019c335a
Exim Local Privilege Escalation
Posted Mar 10, 2016
Authored by Dawid Golunski

Exim versions prior to 4.86.2 suffer from a local root privilege escalation vulnerability. When Exim installation has been compiled with Perl support and contains a perl_startup configuration variable it can be exploited by malicious local attackers to gain root privileges.

tags | exploit, local, root, perl
advisories | CVE-2016-1531
SHA-256 | c8b37f6ba0c1a3bd66f5d17781dd1c98a33edc213484ca6db8095fef81937ebc
Google AdWords API PHP Client Library 6.2.0 XXE Injection
Posted Nov 9, 2015
Authored by Dawid Golunski

Google AdWords API PHP client library versions 6.2.0 and below suffer from an XML eXternal Entity injection vulnerability.

tags | exploit, php, xxe
SHA-256 | 6c9916344ebaa174cf5f48cf521868ab0c1c4407426a74e9439a33f3fc409164
Google AdWords API PHP Client Library 6.2.0 Code Execution
Posted Nov 9, 2015
Authored by Dawid Golunski

Google AdWords API PHP client library versions 6.2.0 and below suffer from an arbitrary PHP code execution vulnerability.

tags | exploit, arbitrary, php, code execution
SHA-256 | 718bc4c80011e0f627d4e11bfaf5b3cc7ec9ed3b9d1a3fe0996e87ba5f90a42d
eBay Magento XXE Injection
Posted Oct 30, 2015
Authored by Dawid Golunski

eBay Magento CE versions 1.9.2.1 and below and eBay Magento EE versions 1.14.2.1 and below suffer from an XXE injection vulnerability.

tags | exploit, xxe
SHA-256 | 08393363d6670e33368d62daac52944168d2958ae3fd00c5baedaa4999a731b3
Kirby CMS 2.1.0 Authentication Bypass / Traversal
Posted Sep 16, 2015
Authored by Dawid Golunski

Kirby CMS versions 2.1.0 and below suffer from an authentication bypass vulnerability via path traversal.

tags | exploit, bypass, file inclusion
SHA-256 | 1bb3efe2cbba1438b53a1927c92e2b5311bd0d77bbfc50ad60673508d8670f21
Kirby CMS 2.1.0 CSRF / Shell Upload
Posted Sep 16, 2015
Authored by Dawid Golunski

Kirby CMS versions 2.1.0 and below suffer from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
SHA-256 | 80c763cf1e6a51e5e12403863882e4c9a30a3f2bb3fed73058ff2d71eab9e308
Zend Framework 2.4.2 / 1.12.13 XXE Injection
Posted Aug 13, 2015
Authored by Dawid Golunski

Zend Framework versions 2.4.2 and below and 1.12.13 and below suffer from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2015-5161
SHA-256 | cccb5dc964df6b506118b1a8ca7240bbdddcf7b3aded48bd2c1c454e40f791da
NRPE 2.15 Remote Command Execution
Posted Aug 28, 2014
Authored by Dawid Golunski, Claudio Viviani

NRPE version 2.15 remote command execution exploit written in Python.

tags | exploit, remote, python
advisories | CVE-2014-2913
SHA-256 | c268de70bbf269dcf7e9d20818207c8f9d7979d2b3054cdd2d722e64c5890c38
Nagios check_dhcp 2.0.2 Race Condition
Posted Jun 29, 2014
Authored by Dawid Golunski

Nagios Plugins versions 2.0.2 suffer from a race condition in check_dhcp.

tags | exploit
SHA-256 | 34515f9830172588d1778328a6fadb3d5847b8aa2cf072dc6aece33dec8c2b8e
Nagios Plugins 2.0.1 check_dhcp Arbitrary File Read
Posted May 18, 2014
Authored by Dawid Golunski

Nagios Plugins versions 2.0.1 and below suffer from an arbitrary file read vulnerability via check_dhcp.

tags | exploit, arbitrary
SHA-256 | 06b295d336a8c90eb6729752963778c1daffd50f2c930f399a48e00d05704d46
Nagios Remote Plugin Executor 2.15 Remote Command Execution
Posted Apr 17, 2014
Authored by Dawid Golunski

Nagios Remote Plugin Executor (NRPE) versions 2.15 and below suffer from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 035764b6de0406994622b53a57f33221624085f4e55263d2f7452b0cfbc8b3ed
Zabbix 1.8.1 SQL Injection
Posted Apr 1, 2010
Authored by Dawid Golunski

Zabbix versions 1.8.1 and below suffer from a remote SQL injection vulnerability. Exploit included.

tags | exploit, remote, sql injection
SHA-256 | 7cf03746fe3bd3d20e816a8812c54167eb5cc526f5d8a2fbafe232e967dd33eb
Invision Power Board Local File Inclusion / SQL Injection
Posted Dec 5, 2009
Authored by Dawid Golunski

Invision Power Board versions 3.0.4 and below suffer from local file inclusion and remote SQL injection vulnerabilities. Versions 2.3.6 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | efe52ce1957cc2103d4b96559bf90231ce74be94e5635eacb7a3a351c7a0837e
WordPress 2.8.5 Shell Upload
Posted Nov 17, 2009
Authored by Dawid Golunski

WordPress versions 2.8.5 and below suffer from an unrestricted file upload vulnerability that allows for PHP code execution.

tags | exploit, php, code execution, file upload
SHA-256 | 8a9c0fdb59cc38abd6330f5a1a1a3775ef99f1828bf48d154ae593fee3004135
Page 2 of 2
Back12Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close