exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

Files from Chris Graham

First Active2010-01-26
Last Active2015-11-09
SolarWinds LEM 6.1.0 Remote Command Execution
Posted Nov 9, 2015
Authored by Chris Graham

Solarwinds Log and Event Manager version 6.1.0 suffers from a remote command execution vulnerability.

tags | exploit, remote
systems | linux
SHA-256 | 1d41bb7d6cfb1f5a3165b5c57dacf9edcca07fe28c504326d8fdfa69cee8fba5
Symantec Endpoint Protection Manager Remote Command Execution
Posted Feb 26, 2014
Authored by Chris Graham, Stefan Viehboeck | Site metasploit.com

This Metasploit module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager versions 11.0, 12.0 and 12.1. When supplying a specially crafted XXE request an attacker can reach SQL injection affected components. As xp_cmdshell is enabled in the included database instance, it's possible to execute arbitrary system commands on the remote system with SYSTEM privileges.

tags | exploit, remote, arbitrary, sql injection, xxe
advisories | CVE-2013-5014, CVE-2013-5015
SHA-256 | ef19d7abd0e99695337b2df4433d4785cfa21593bd61b704d3aa78a9d8ce5183
Symantec Endpoint Protection Manager Remote Command Execution
Posted Feb 23, 2014
Authored by Chris Graham

Symantec Endpoint Protection Manager suffers from a remote command execution vulnerability. Versions 11.0, 12.0, and 12.1 are affected.

tags | exploit, remote
advisories | CVE-2013-5014, CVE-2013-5015
SHA-256 | 1230fa397327e1f414c650a845b08b3ed515236c94fa13a2c1c80e976a099209
HP Data Protector EXEC_BAR Remote Command Execution
Posted Feb 17, 2014
Authored by Chris Graham

HP Data Protector EXEC_BAR remote command execution exploit that affects versions 6.10, 6.11, and 6.20.

tags | exploit, remote
advisories | CVE-2013-2347
SHA-256 | 61724438d24f7c3fae1f27461fbde907581b70b0ea7feeb0605890476a22853c
Epicor Returns Management SOAP-Based Blind SQL Injection
Posted May 18, 2012
Authored by Digital Defense, r@b13$, Chris Graham | Site digitaldefense.net

Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.

tags | advisory, arbitrary, sql injection
SHA-256 | af6d326b8689f781d6e0c85593aa09136aec99822187d885bfc8880af29789ef
Metropolis Technologies OfficeWatch Directory Traversal
Posted Oct 3, 2011
Authored by Digital Defense, r@b13$, Chris Graham | Site digitaldefense.net

Metropolis Technologies OfficeWatch enables a web server on TCP port 80 that is susceptible to a directory traversal. An attacker may send a ../ (dot-dot-slash) sequence to traverse out of the web root and access arbitrary files on the host.

tags | advisory, web, arbitrary, root, tcp
SHA-256 | 4aba0388d8f62c4675129cd9356d9b16ec2a4a24eaf06d3eacdd7b61b4eeec3b
Digital Defense VRT Advisory 2009.27
Posted Jan 26, 2010
Authored by Digital Defense, r@b13$, Chris Graham, Rob Kraus

The login page of the F2L-3000 version 4.0.0 is vulnerable to SQL Injection. Exploitation of the vulnerability may allow attackers tobypass authentication and access sensitive information stored on the device.

tags | advisory, sql injection
SHA-256 | 0aa31d61a17571c0fb1db50bfa89f614672ac6e1de71f37e6ea906313453af1b
Page 1 of 1
Back1Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close