what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files from PAgVac

First Active2003-12-03
Last Active2009-12-31
PhpMyAdmin Config File Code Injection
Posted Dec 31, 2009
Authored by PAgVac, Greg Ose | Site metasploit.com

This Metasploit module exploits a vulnerability in PhpMyAdmin's setup feature which allows an attacker to inject arbitrary PHP code into a configuration file. The original advisory says the vulnerability is present in phpMyAdmin versions 2.11.x < 2.11.9.5 and 3.x < 3.1.3.1; this module was tested on 3.0.1.1. The file where our payload is written (phpMyAdmin/config/config.inc.php) is not directly used by the system, so it may be a good idea to either delete it or copy the running config (phpMyAdmin/config.inc.php) over it after successful exploitation.

tags | exploit, arbitrary, php
advisories | CVE-2009-1151
SHA-256 | c6dcd3c567ac45d96e97a2bc40e1b5ef02017edab7e4eb3995b6fbcd852cad26
Avaya Intuity Audix LX Command Execution
Posted Sep 19, 2009
Authored by PAgVac

The Avaya Intuity Audix LX suffers from remote command execution, cross site scripting, and cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, xss, csrf
SHA-256 | 1a3001936a103c3f421867c6c079d4255187d1bb1fb3aaea57235d8d2033c375
phpMyAdmin /scripts/setup.php Code Injection
Posted Jun 10, 2009
Authored by PAgVac

phpMyAdmin /scripts/setup.php PHP code injection remote command execution proof of concept exploit. Versions 3.0.1.1 and below are affected.

tags | exploit, remote, php, proof of concept
advisories | CVE-2009-1151
SHA-256 | 248840c70012e11357ef99fad4231ced49b2b483705bbb3ca00997d5808a5a1b
D2T1_-_Adrian_Pastor_-_Cracking_Into_Embeded_Devices_and_Beyond.zip
Posted Apr 21, 2008
Authored by PAgVac | Site conference.hitb.org

Cracking into Embedded Devices and Beyond - The presentation covers cracking into embedded devices by exploiting vulnerabilities present on default software running on the target device.

tags | vulnerability
SHA-256 | b17e69cf657c3562c5c8244483120184a84061a080f2c346f2373b88d8170d3e
calljack.txt
Posted Jan 22, 2008
Authored by PAgVac | Site gnucitizen.org

Call Jacking: Phreaking The BT Home Hub.

tags | paper
SHA-256 | 8434889c58e6152602c9079e136c14b2c7bbd89c0fdc662f4f56dc3e14fbed91
homehub-upnp.txt
Posted Jan 10, 2008
Authored by PAgVac | Site gnucitizen.org

Information on pwning the BT Home Hub regarding the exploitation of IGDs remotely via UPnP.

tags | advisory
SHA-256 | cc12e6ccf90e535582c2741f87e8c2594e1580a93c102655f8b333c03ce6240f
bt-pwnage.txt
Posted Nov 13, 2007
Authored by PAgVac | Site gnucitizen.org

Pwning the BT Home Hub details have been published. Various cross site scripting and cross site request forgery issues still exist.

tags | advisory, xss, csrf
SHA-256 | ab1677aacfc1c74bee9c7cfe35b991c63e556b2ab40df41d807b2900002f9b3b
bthomehub.txt
Posted Oct 10, 2007
Authored by PAgVac

It appears that the BT Home Hub is susceptible to some critical vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 7a1d22a3d50174df5079afb9fddeb87643baa008c3b4fdb1c002960066a85ff9
googleurchin-xss.txt
Posted Sep 25, 2007
Authored by PAgVac

There is a trivially exploitable cross site scripting vulnerability on Google Urchin Web Analytics 5's login page. The vulnerability has been tested on versions 5.6.00r2, 5.7.01, 5.7.02 and 5.7.03 (latest). Previous versions are most likely affected as well.

tags | advisory, web, xss
SHA-256 | ce3274e7eb56501ab425cb2bd6f2fdb2ee07e64757d3163190677f1bb8761e3f
wpregister-xss.txt
Posted Sep 25, 2007
Authored by PAgVac

Earlier versions of the Wordpress 2.0 branch are susceptible to two vanilla cross site scripting vulnerabilities in wp-register.php.

tags | exploit, php, vulnerability, xss
SHA-256 | 926d18fafb32a71ceede629f6854b332e6b8a3443676de42044243d4caab339d
luhn-check.tar
Posted Mar 20, 2007
Authored by PAgVac | Site ikwt.com

luhn-check is a tool that determines whether or not a number follows Luhn's algorithm.

tags | encryption
SHA-256 | 3025d44e5b10fc56612d185f05076c2b93f877ee1f13316c69e4f9b15861b092
rcsr.txt
Posted Nov 29, 2006
Authored by PAgVac

Full write up discussing password theft with Firefox using RCSR, aka Reverse Cross-Site Request attacks.

tags | paper
SHA-256 | ae4f7b381219369a7cde2ec73988e91a25e4193c848436f3362179131786ab74
exegesis.pdf
Posted Mar 9, 2006
Authored by PAgVac | Site public.gnucitizen.org

Purple Paper: Exegesis Of Virtual Hosts Hacking - First paper written on the topic of virtual hosts hacking. It covers basic skills such as passive discovery techniques and (almost) stealth active discovery techniques. It also presents possible scenarios of exploitation.

tags | paper
SHA-256 | 6a45b8e7895fe76ca657fbbe88dec0c24eff9e9c15bb2b9647844931fd4e3168
unidenWeak.txt
Posted Feb 25, 2006
Authored by PAgVac

The Uniden UIP1868P VoIP phone/gateway comes with a default password of admin without any login necessary.

tags | advisory
SHA-256 | a78386fb85cd6e78792518d85ed37f59213f1019b4262f6d2924ae410421771e
google-talk-cleartext-proxy-credentials.txt
Posted Oct 24, 2005
Authored by PAgVac | Site ikwt.com

Google Talk stores proxy login credentials as cleartext in the Windows Registry.

tags | advisory, registry
systems | windows
SHA-256 | 3b3ae75d3315891b6d6432914b38f8c98f55e1c846e09288efbdfb69ff944a55
Brief_intro_to_crypt.pdf
Posted Feb 26, 2005
Authored by PAgVac

Brief paper discussing the basics of cryptography and the difference between symmetric and asymmetric cryptography.

tags | paper
SHA-256 | 93735bfd1dfecd82ceb55801288ec1b11f69cb6aa350d743d7867aee56f469d7
avaya.cpp
Posted Feb 26, 2005
Authored by PAgVac

Avaya IP Office Phone Manager exploit that attempts to extract sensitive data from the Windows registry.

tags | exploit, registry
systems | windows
SHA-256 | ff0a4079c402c4cf0790dcb6c7d725ce9160fd962b77a2c52670e8f2f6179804
AvayaData.txt
Posted Feb 26, 2005
Authored by PAgVac

The Avaya IP Office Phone Manager stores sensitive user data in the Windows Registry.

tags | advisory, registry
systems | windows
SHA-256 | a8ef610343d5e19f8fd31dbe3ee860e5f5b3f1434a04a7af1d434055215974f5
WNMSB-LAN.zip
Posted Dec 3, 2003
Authored by PAgVac

WNMSB-LAN is a Windows Messenger Service Bomber. Includes C++ source and a windows executable.

systems | windows
SHA-256 | e40365e6959bbb96dece8f2fe67c334965524cfb7facc28f04554e17152d1f2b
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close