exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files

Sonar 3.4.1 Cross Site Scripting
Posted Feb 15, 2013
Authored by Kacper | Site devilteam.pl

Sonar version 3.4.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | da83d02310daea94e8be2a54b299f802fa374cffed0e8c946fa47d875567844a

Related Files

perfSONAR 4.4.5 Cross Site Request Forgery
Posted Nov 30, 2022
Authored by Ryan Moore | Site github.com

A partial blind cross site request forgery (CSRF) vulnerability exists in perfSONAR versions 4.x through 4.4.5 within the /perfsonar-graphs/ test results page. Parameters and values can be injected/passed via the URL parameter, forcing the client to connect unknowingly in the background to other sites via transparent XMLHTTPRequests. This partial blind CSRF bypasses the built-in whitelisting function in perfSONAR.

tags | exploit, csrf
advisories | CVE-2022-41413
SHA-256 | 44092efeff9a22718267fc8ee3d1add5f9f7c1bd035ed2fb94ece0d6baf60239
perfSONAR 4.4.4 Open Proxy / Relay
Posted Nov 30, 2022
Authored by Ryan Moore | Site github.com

perfSONAR bundles with it a graphData.cgi script, used to graph and visualize data. There is a flaw in graphData.cgi allowing for unauthenticated users to proxy and relay HTTP/HTTPS traffic through the perfSONAR server. The vulnerability can potentially be leveraged to exfiltrate or enumerate data from internal web servers. This vulnerability was patched in perfSONAR version 4.4.5. Versions 4.x through 4.4.4 are affected. There is a whitelisting function that will mitigate, but is disabled by default.

tags | exploit, web, cgi
advisories | CVE-2022-41412
SHA-256 | 57258cc3a50359f248bba303d6a0892af6f77e5cbd93340c72b5018222e14550
Sonar Qube 8.3.1 Unquoted Service Path
Posted Jul 17, 2020
Authored by Velayutham Selvaraj

Sonar Qube version 8.3.1 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | c44cba3fc030821c0c854200d28259db076bfb6550edb82330fb302301aa5a2b
SonarSource SonarQube 7.3 Information Disclosure
Posted Nov 28, 2018
Authored by dubfr33

SonarSource SonarQube versions 7.3 and below suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2018-19413
SHA-256 | 181609b1236e0b843500d4b4daa0c9bbe9a1ffa24780b31dc2fd2c271679e4c6
SonarQube Jenkins Password Disclosure
Posted Aug 13, 2016
Authored by Christian Catalano, Rv3Lab

The SonarQube Jenkins plugin in Jenkins CI suffers from a plain text password disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2013-5676
SHA-256 | 127c8c86b8c0bf44289f1b21f47a30d02721a2459668e7f5692d4d16b1178397
sonar-1.0BETA4.tar.gz
Posted Aug 30, 2002
Site autosec.sourceforge.net

Sonar is a network reconnaissance utility which runs all its scans from plugins. The currently supported plugins are an ICMP scan and an ACK scan which can see if hosts that don't respond to ICMP are online.

Changes: This release fixes a few annoying bugs. The ICMP scan has been made more versatile, allowing you to choose an ICMP type and ICMP code. Upgrades from older releases are recommended.
tags | tool, scanner
systems | unix
SHA-256 | a7a19f5a0590498af29fa545a487e733df287143e87c5bc8627cf0a9ad6ed224
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close