exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files from Daniel Fabian

Email addressd.fabian at sec-consult.com
First Active2004-03-30
Last Active2010-02-23
Xerox WorkCentre 5665/5675/5687 Backdoor
Posted Feb 23, 2010
Authored by Daniel Fabian | Site sec-consult.com

Xerox WorkCentre versions 5665, 5675, and 5687 suffers from backdoor and authentication vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 5f40de32a9dd28a731693198b0787cdbd7dff2200019016edc179dd16ce2dbae
LetoDMS Local File Inclusion / Cross Site Request Forgery
Posted Jan 16, 2010
Authored by Daniel Fabian, Lukas Weichselbaum | Site sec-consult.com

LetoDMS versions 1.7.2 and below suffer from cross site request forgery and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
SHA-256 | c9b6e49cdbd9d24344a2e48a4b49a02dfc63f27df1f1c9790f6bea3a57ed26ab
SEC-20051125-0.txt
Posted Nov 30, 2005
Authored by Daniel Fabian | Site sec-consult.com

SEC-CONSULT Security Advisory 20051125-0 - vTiger versions 4.2 and below have been found susceptible to SQL injection, cross site scripting, code execution, directory traversal, and arbitrary file upload flaws.

tags | exploit, arbitrary, code execution, xss, sql injection, file upload
SHA-256 | c40cfc60da4956c1504de1864fab0f8bc8c5873f798f96b78f0c2755e01d5af9
SEC-20051025-0.txt
Posted Oct 27, 2005
Authored by Daniel Fabian | Site sec-consult.com

SEC-CONSULT Security Advisory 20051025-0 - The Snoop PHP web client is susceptible to a remote command execution vulnerability when a specially crafted URL is supplied. Versions 1.2 and earlier are affected.

tags | exploit, remote, web, php
SHA-256 | 3d4b8192b526f1b4f047163bef662b30bca31b99670048e5fedfcec7d1e728d6
phpMeta.txt
Posted Dec 30, 2004
Authored by Daniel Fabian

PHP version 4.3.9 is vulnerable to meta character attacks. The bug could enable an attacker to read arbitrary files from the filesystem of a webserver that hosts PHP scripts. In addition PHP versions 4.3.6 until 4.3.9 as well as PHP versions 5.0.0 until 5.0.2 contain a bug that enables an attacker to manipulate the file name of uploaded files to perform directory traversal.

tags | advisory, arbitrary, php
SHA-256 | 183b6826fc0c2ca99353a42baba5a113c56394fdc9b6de72752fccc716136314
sugarSales.txt
Posted Dec 30, 2004
Authored by Daniel Fabian

Multiple Vulnerabilities have been found in the open source customer relationship management software SugarSales. These vulnerabilities include full path disclosure, file inclusion, remote command execution, and SQL injection attacks. Versions up to 2.0.1c are susceptible.

tags | exploit, remote, vulnerability, sql injection, file inclusion
SHA-256 | 660b515e225040f3e8eb1e3937e6f49ab123225c3521ba0b2e94fe8eb9e7c085
kdeSMB.txt
Posted Dec 11, 2004
Authored by Daniel Fabian

The KDE program Konquerer allows for browsing SMB shares comfortably through the GUI. By placing a shortcut to an SMB share on KDE's desktop, an attacker can disclose his victim's password in plaintext.

tags | advisory
SHA-256 | d82ec6638f5d0580ca26f1a42305b4b27eb5326e45e9c6fec5e0cf1b63ceed39
WR850G.txt
Posted Sep 29, 2004
Authored by Daniel Fabian | Site sec-consult.com

The firmware of Motorola's wireless WR850G router has a flaw that enables an attacker to log into the router's web interface without knowing username or password and the ability to gain knowledge of the router's username and password after logging in.

tags | advisory, web
SHA-256 | 53a21852c0242beeb54ba7eefa07e509f4a3ca8e3fb4efdc7230f7b036ceeeb4
phpEscape.txt
Posted Jun 7, 2004
Authored by Daniel Fabian | Site sec-consult.com

PHP offers the function escapeshellarg() to escape arguments to shell commands in a way that makes it impossible for an attacker to execute additional commands. However due to a bug in the function, this does not work with the windows version of PHP. Versions 4.3.6 and below are susceptible.

tags | exploit, shell, php
systems | windows
SHA-256 | 3665a6afbcf2c1f3e80aaebbd19c3b186545ef0c4c98f8e8daf399053845af2f
linbit.txt
Posted Mar 30, 2004
Authored by Daniel Fabian | Site sec-consult.com

SEC-CONSULT Security Advisory - Linbit Linbox is vulnerable to authentication circumvention on its administration portal, password disclosure for all existing users, and using the obtained passwords, any account can be logged into via SSH.

tags | advisory
SHA-256 | 64158a7cf03bea19c8dd9020b9f99b7e6bcf2fe97d86ac1d244377dc6d5c7978
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close