exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files from Ivan Huertas

First Active2010-01-20
Last Active2020-04-29
Open-AudIT 3.2.2 Command Injection / SQL Injection
Posted Apr 29, 2020
Authored by Core Security Technologies, Ivan Huertas, Pablo A. Zurro | Site coresecurity.com

Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file upload
advisories | CVE-2020-11941, CVE-2020-11942, CVE-2020-11943
SHA-256 | d8e9402b9604c3706a2115909b60726c461d0262c2196626918539a2164e5352
QNAP Q'Center change_passwd Command Execution
Posted Jul 17, 2018
Authored by Ivan Huertas, Brendan Coles | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the change_passwd API method within the web interface of QNAP Q'Center virtual appliance versions prior to 1.7.1083. The vulnerability allows the 'admin' privileged user account to execute arbitrary commands as the 'admin' operating system user. Valid credentials for the 'admin' user account are required, however, this module also exploits a separate password disclosure issue which allows any authenticated user to view the password set for the 'admin' user during first install. This Metasploit module has been tested successfully on QNAP Q'Center appliance version 1.6.1075.

tags | exploit, web, arbitrary
advisories | CVE-2018-0706, CVE-2018-0707
SHA-256 | 2512d7b1edc015bac56416ba2dcdd6270221ff0334fb6e455fe43015d981b8ba
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
Posted Jul 11, 2018
Authored by Core Security Technologies, Ivan Huertas | Site coresecurity.com

QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2018-0706, CVE-2018-0707, CVE-2018-0708, CVE-2018-0709, CVE-2018-0710
SHA-256 | d468f350b0e3bb3d4bd9bf10b3b49470163d611522cabc435f5fd39081341998
Dell EMC Isilon OneFS XSS / Path Traversal
Posted Mar 22, 2018
Authored by Ivan Huertas, Maximiliano Vidal | Site emc.com

Dell EMC Isilon OneFS suffers from incorrect authorization, cross site request forgery, and path traversal vulnerabilities.

tags | advisory, vulnerability, csrf
advisories | CVE-2018-1186, CVE-2018-1187, CVE-2018-1188, CVE-2018-1189, CVE-2018-1201, CVE-2018-1202, CVE-2018-1203, CVE-2018-1204, CVE-2018-1213
SHA-256 | d370d6ca7380127f4ee9a10cf1e94c01b4a479767738e0f423d758f610c85187
Dell EMC Isilon OneFS XSS / Code Execution / CSRF
Posted Feb 14, 2018
Authored by Core Security Technologies, Ivan Huertas, Maximiliano Vidal | Site coresecurity.com

Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss, csrf
advisories | CVE-2018-1186, CVE-2018-1187, CVE-2018-1188, CVE-2018-1189, CVE-2018-1201, CVE-2018-1202, CVE-2018-1203, CVE-2018-1204, CVE-2018-1213
SHA-256 | 59ab98938a25d8249efefd24dd954dee7bc863a7a6ee5476a2d7d2db32b025ba
Lenovo ShareIT Information Disclosure / Hardcoded Password
Posted Jan 25, 2016
Authored by Core Security Technologies, Ivan Huertas | Site coresecurity.com

Lenovo ShareIT suffers from hard-coded password, information exposure, missing encryption, and missing authorization vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2016-1489, CVE-2016-1490, CVE-2016-1491, CVE-2016-1492
SHA-256 | 96d4f6a74a820b941b3d27b4014182f1cacb7fd773eb0e70d29238ade9b5878d
Blackberry WebDesktop Cross Site Scripting
Posted Apr 14, 2011
Authored by Ivan Huertas | Site cybsec.com

CYBSEC Security Advisory - A cross site scripting vulnerability was found in Blackberry WebDektop, because the application fails to sanitize user-supplied input. The vulnerability can be triggered if a logged-in user follows a specially crafted link, executing malicious Javascript code on the user's browser.

tags | exploit, javascript, xss
SHA-256 | 425100c93bdabb1ce32e4448daf3a93ed9596972d3ee05c2e2f14c674f1aeeac
InterScan Web Security Virtual Appliance 5.0 Cross Site Scripting
Posted Jul 2, 2010
Authored by Ivan Huertas | Site cybsec.com

InterScan Web Security Virtual Appliance version 5.0 suffers from a permanent cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | d60343329b98b29fcbff997e59b730f730f821f2e44103c45085db4e6f514328
InterScan Web Security 5.0 Arbitrary File Download
Posted Jun 25, 2010
Authored by Ivan Huertas | Site cybsec.com

InterScan Web Security version 5.0 suffers from an arbitrary file download vulnerability.

tags | exploit, web, arbitrary
SHA-256 | d58d5d356f23e4da6f88b89f43c49c252c7555e0f48e9d6bb1b3c1eda549cbbd
InterScan Web Security 5.0 Arbitrary File Upload
Posted Jun 25, 2010
Authored by Ivan Huertas | Site cybsec.com

InterScan Web Security version 5.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, web, arbitrary, file upload
SHA-256 | 1684dc5cae0527fe6847d9f58a2654f77852efe94ac6037b475eab45d6b8ec4d
InterScan Web Security 5.0 Local Privilege Escalation
Posted Jun 25, 2010
Authored by Ivan Huertas | Site cybsec.com

InterScan Web Security version 5.0 suffers from a local privilege escalation vulnerability.

tags | exploit, web, local
SHA-256 | c03b30071efd39649f473633d9b056d835c22798ac9cb37e2ec1d2cd7d8e9c18
CYBSEC - FreePBX 2.5.1 SQL Injection
Posted Jan 20, 2010
Authored by Ivan Huertas | Site cybsec.com

CYBSEC Security Advisory - FreePBX version 2.5.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 026a6ed661d4917cd101f28c3c89107f8112ab835545d2385cac3dd86544ac06
CYBSEC - FreePBX 2.5.x / 2.6.0 XSS
Posted Jan 20, 2010
Authored by Ivan Huertas | Site cybsec.com

CYBSEC Security Advisory - FreePBX versions 2.5.x and 2.6.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 452c894fb6c851fac787cbcde557d463faf00c09e38dec9c28edc93085a55a4e
CYBSEC - FreePBX 2.5.x Information Disclosure
Posted Jan 20, 2010
Authored by Ivan Huertas | Site cybsec.com

CYBSEC Security Advisory - FreePBX 2.5.x suffers from an administrator password disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 4eac1feb91df50fe5ea5e6a1c29031fbf8f9ec53203e14bb9fe5d26f08eb8801
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close