the original cloud security
Showing 1 - 25 of 78 RSS Feed

Files from Akastep

First Active2011-01-02
Last Active2015-03-17
Applicure Dotdefender WAF 5.13-13282 Cross Site Scripting
Posted Mar 17, 2015
Authored by Akastep

Applicure Dotdefender WAF versions 5.13-13282 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | a9f92655da6950f9d0df2f27d09f42aa
Protecting IIS With Apache Mod Proxy And Dotdefender WAF
Posted Mar 17, 2015
Authored by Akastep

This is a whitepaper discussing using Apache with mod_proxy and Dotdefender to protect IIS installs. Written in Azerbaijani.

tags | paper
MD5 | d52a48cac7f353140489e0ea242197fc
NETIS DL4322D XSS / CSRF / DoS
Posted Oct 16, 2014
Authored by Akastep

NETIS DL4322D 300Mbps Wireless N ADSL2+ modem router suffers from cross site request forgery, cross site scripting, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, info disclosure, csrf
MD5 | 5cafd193388eec34ba7ec5ad30879245
EaseUS Todo Backup 5.8.0.0 Hardcoded Password
Posted Mar 20, 2014
Authored by Akastep

EaseUS Todo Backup version 5.8.0.0 comes with a hardcoded administrative password that is a potential backdoor.

tags | exploit
MD5 | 9d4ba97087cb7cbb7f183dc491c10c5d
Basic Authentication Bruteforcer
Posted Mar 16, 2014
Authored by Akastep

This is a php script for brute forcing basic authentication. Takes a word list as input.

tags | cracker, php
MD5 | 96142b20d260ef197791576e823247de
WordPress LayerSlider 4.6.1 CSRF / Traversal
Posted Mar 11, 2014
Authored by Akastep

WordPress LayerSlider plugin version 4.6.1 suffers from cross site request forgery and directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion, csrf
MD5 | c8817a417f940dc5c706240eeb452e98
MiniWeb (Build 300) Arbitrary File Upload
Posted Aug 14, 2013
Authored by Akastep, Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in MiniWeb HTTP server (build 300). The software contains a file upload vulnerability that allows an unauthenticated remote attacker to write arbitrary files to the file system. Code execution can be achieved by first uploading the payload to the remote machine as an exe file, and then upload another mof file, which enables WMI (Management Instrumentation service) to execute the uploaded payload. Please note that this module currently only works for Windows before Vista.

tags | exploit, remote, web, arbitrary, code execution, file upload
systems | windows
advisories | OSVDB-92198, OSVDB-92200
MD5 | fa38cf29be5e352355ed7ba6d0f4e3e4
RootPanel SQL Injection
Posted Jul 22, 2013
Authored by Akastep

RootPanel suffers from a remote SQL injection vulnerability that allows for account takeover.

tags | exploit, remote, sql injection
MD5 | 795ec693341a08d1900f0a8130932ac9
InstantCMS 1.6 Remote PHP Code Execution
Posted Jul 3, 2013
Authored by Akastep | Site metasploit.com

This Metasploit module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval(), in InstantCMS versions 1.6.

tags | exploit, arbitrary, php
MD5 | e6fe49a21c081f6767abccc8e0116845
InstantCMS 1.6 Code Execution
Posted Jun 26, 2013
Authored by Akastep

InstantCMS version 1.6 remote PHP code execution exploit that spawns a reverse shell.

tags | exploit, remote, shell, php, code execution
MD5 | 5a786e6ec0ba28fb6a279b4e589c45a7
Avira Personal Privilege Escalation
Posted May 12, 2013
Authored by Akastep

Avira Personal appears to suffer from a privilege escalation vulnerability.

tags | exploit
MD5 | d67bbd39ef75b76d3078e00030abe2b5
MiniWeb File Upload / Directory Traversal
Posted Apr 9, 2013
Authored by Akastep

MiniWeb build 300 suffers from remote arbitrary file upload and directory traversal vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, file inclusion, file upload
MD5 | d7d4c6430847f0af7f16ae7822ca5f7a
Easy FTP Server 1.7.0.2 Denial Of Service
Posted Apr 6, 2013
Authored by Akastep

Easy FTP Server version 1.7.0.2 CPU consumption denial of service exploit that causes the condition when sending a POST request with an empty body. Written in AutoIT.

tags | exploit, denial of service
MD5 | 244f7e407ebca209425ca4a54481d4f2
SmallFTPd 1.0.3 Denial Of Service
Posted Apr 3, 2013
Authored by Akastep

SmallFTPd version 1.0.3 denial of service exploit that is written in AutoIT.

tags | exploit, denial of service
MD5 | f1fd56651b0f35bf3e1a37fa38d9b07a
TinyWeb 1.93 Denial Of Service
Posted Apr 1, 2013
Authored by Akastep

TinyWeb version 1.93 remote denial of service exploit.

tags | exploit, remote, denial of service
MD5 | f7329ebb1ee46c8750d9e955594ef6df
ClipShare 4.1.4 SQL Injection / Plaintext Password
Posted Mar 14, 2013
Authored by Akastep

ClipShare version 4.1.4 suffers from remote blind SQL injection and plaintext password vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 7418514787f8284d8aea9ea8e440433f
Glossword 1.8.12 Arbitrary File Upload
Posted Feb 26, 2013
Authored by Akastep, Brendan Coles | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Glossword versions 1.8.8 through 1.8.12 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the 'gw_temp/a/' directory.

tags | exploit, arbitrary, file upload
advisories | OSVDB-89960
MD5 | 4f1934a968cdbb5fa314b491cfd0ec99
CKEditor 4.0.1 CSRF / XSS / Path Disclosure
Posted Feb 19, 2013
Authored by Akastep

CKEditor version 4.0.1 suffers from cross site request forgery, cross site scripting, and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion, info disclosure, csrf
MD5 | 1f58cd6059c53dfb81ea20b836e673d0
Glossword 1.8.12 XSS / CSRF / Shell Upload / Database Disclosure
Posted Feb 3, 2013
Authored by Akastep

Glossword version 1.8.12 suffers from database backup disclosure, cross site request forgery, cross site scripting, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, csrf
MD5 | 666af829d52b5101506e29ed164005d2
Glossword 1.8.3 SQL Injection
Posted Feb 3, 2013
Authored by Akastep

Glossword version 1.8.3 remote SQL injection exploit written in AutoIT.

tags | exploit, remote, sql injection
MD5 | 5ed80c3f320c9c79964569aeaaec0e04
PHP Weby Directory Software 1.2 SQL Injection / Cross Site Request Forgery
Posted Jan 25, 2013
Authored by Akastep

PHP Weby Directory Software version 1.2 suffers from cross site request forgery and remote blind SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, sql injection, csrf
MD5 | 655cfb6834b9506dbd235393b2bfc3e6
Weboptima CMS Add Administrator / Shell Upload
Posted Jan 23, 2013
Authored by Akastep

Weboptima CMS suffers from add administrator and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, add administrator
MD5 | 3643a702108fdb2bb08d1d7e1a8dfed3
PHP-Charts 1.0 PHP Code Execution
Posted Jan 20, 2013
Authored by Akastep | Site metasploit.com

This Metasploit module exploits a PHP code execution vulnerability in php-Charts version 1.0 which could be abused to allow users to execute arbitrary PHP code under the context of the webserver user. The 'url.php' script calls eval() with user controlled data from any HTTP GET parameter name.

tags | exploit, web, arbitrary, php, code execution
advisories | OSVDB-89334
MD5 | 4f7b656eb76a787a79203f9a1c768c21
PHP Charts 1.0 Code Execution
Posted Jan 16, 2013
Authored by Akastep

PHP Charts version 1.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, php, code execution
MD5 | 68464c5f9fb1bf3ee86df968d0400282
Business Solutions CMS Add Admin
Posted Jan 10, 2013
Authored by Akastep

Business Solutions CMS add administrator exploit that does not require authentication.

tags | exploit
MD5 | 0ffd3882003ceff982bf72e3495bf10c
Page 1 of 4
Back1234Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close