what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files from Francesco Ongaro

Email addressascii at ush.it
First Active2005-10-27
Last Active2015-10-09
Veeam Backup And Replication 6 / 7 / 8 Privilege Escalation
Posted Oct 9, 2015
Authored by Francesco Ongaro, Antonio Parata, Pasquale Florillo

Veeam Backup and Replications versions 6 through 8 suffer from log disclosure and broken password security vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2015-5742
SHA-256 | 297149a77606ab6deac1de2bb98b0f033747ba6db8266944dfe68b46fdffd256
Nginx, Varnish, Cherokee, etc Log Injection
Posted Jan 11, 2010
Authored by Francesco Ongaro, Alessandro Tanasi, Giovanni Pellerano | Site ush.it

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to log escape sequence injection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2009-4487, CVE-2009-4488, CVE-2009-4489, CVE-2009-4490, CVE-2009-4491, CVE-2009-4492, CVE-2009-4493, CVE-2009-4494, CVE-2009-4495, CVE-2009-4496
SHA-256 | ca929167a6a430b66650857a093ae76e47f6db643eb8bafffa59b6ebc10896d0
Jetty 6.x / 7.x Information Disclosure / XSS
Posted Oct 26, 2009
Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it

Jetty versions 6.x and 7.x suffer from cross site scripting, injection, and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | 5f6bdd64a6596d46cbd0a5ae2448106b4656a8543eb8f07317ef5d4b92ae82d9
Vtiger CRM 5.0.4 Code Exection / XSS / XSRF / LFI
Posted Aug 18, 2009
Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it

Vtiger CRM version 5.0.4 suffers from code execution, local file inclusion, cross site scripting, and cross site request forgery vulnerabilities.

tags | exploit, local, vulnerability, code execution, xss, file inclusion, csrf
SHA-256 | a0599a490c531c182849299f81372c277f5eeeadc04bccdc6e9da1eb256e8a74
PHP Filesystem Attack Vectors - Part Two
Posted Jul 28, 2009
Authored by Francesco Ongaro, Giovanni Pellerano | Site ush.it

Whitepaper discussing a large amount of PHP filesystem attack vectors. Take Two.

tags | paper, php
SHA-256 | 50ea2f5921192ef048630929273e79e8dc80d288a30593b6b7ef6639a9180257
SugarCRM 5.2.0e Code Execution
Posted Jun 15, 2009
Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it

SugarCRM versions 5.2.0e and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | b46bbb1752deb1c9295ffea5807d2e474bb3c4c6de135549995c2c9d75270085
FormMail 1.92 XSS / HTTP Response Splitting
Posted May 13, 2009
Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it

FormMail version 1.92 suffers from cross site scripting, header injection, and HTTP response splitting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | dda541988029f268bc02136426254f2b6bbc63e0e3c487848827415005cc289e
Zabbix 1.6.2 XSRF / LFI / Code Execution
Posted Mar 3, 2009
Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it

Zabbix version 1.6.2 suffers from remote code execution, cross site request forgery, and local file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion, csrf
SHA-256 | 6fc6a1f1b3df47f2608e299ed5ea4014c5c4b5292607adb72d978c18e293dc26
PHP Filesystem Attack Vectors
Posted Feb 9, 2009
Authored by Francesco Ongaro, Giovanni Pellerano | Site ush.it

Whitepaper discussing a large amount of PHP filesystem attack vectors.

tags | paper, php
SHA-256 | cf9fb603acb1135b3f8a595653d1d18a8937d01270074b11448182d48a251260
Moodle 1.9.3 Remote Code Execution
Posted Dec 12, 2008
Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it

Moodle version 1.9.3 suffers from a remote code execution vulnerability. Full details provided.

tags | exploit, remote, code execution
SHA-256 | 604fed1136c665e395b41c51641f80c673942dba92e616551632c7f5f1aac44e
Collabtive 0.4.8 Multiple Vulnerabilities
Posted Nov 10, 2008
Authored by Francesco Ongaro, Antonio Parata, Giovanni Pellerano | Site ush.it

Collabtive version 0.4.8 suffers from cross site scripting, authentication bypass, and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, xss
SHA-256 | 79b3e4b4ba18d65ce36a36f1ab3e00c7d5d25169f28c965cb0522f75f65a1536
Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities
Posted May 20, 2008
Authored by Francesco Ongaro, Antonio Parata | Site ush.it

Mantis Bug Tracker version 1.1.1 suffers from remote code execution, cross site scripting, and cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, csrf
SHA-256 | f69ef268367fecefac3205565ba9c1d3f5e36237f4b833741139a9350750a069
WiKID wClient-PHP 3.0-2 Cross Site Scripting
Posted Apr 11, 2008
Authored by Francesco Ongaro, Antonio Parata | Site ictsc.it

WiKID wClient-PHP versions 3.0-2 and below suffer from multiple cross site scripting vulnerabilities.

tags | advisory, php, vulnerability, xss
SHA-256 | 67d10cd0b31c2647b3ef2d33f5dd1920c1101c3453e62e3516e332f15ae75f08
Cacti 0.8.7a Multiple Vulnerabilities
Posted Feb 12, 2008
Authored by Francesco Ongaro, Antonio Parata | Site ictsc.it

Multiple security vulnerabilities such as cross site scripting and SQL injection have been discovered in Cacti versions 0.8.7a and below. Full exploitation details provided.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | 40eeb2e3bd758718bab24d1dda1ef1a8de3acea488b2f6daa45622393b146ba0
Original Photo Gallery Remote Command Execution
Posted Oct 3, 2007
Authored by Francesco Ongaro, Antonio Parata | Site ush.it

Original Photo Gallery versions 0.11.2 and below suffer from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 6b9f382d9d8b5fa95f99764ba3fda63a36150fe8da621a53e0b5a82ae7f6bb06
Php Nuke POST Cross Site Scripting On Steroids
Posted Mar 13, 2007
Authored by Stefano Di Paola, Francesco Ongaro | Site ush.it

PHP Nuke version 8.0, and possibly lower versions, are susceptible to a POST cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | 240246141b63832150858dd16b81a45662e47408b15b013ca75d852b41f72486
PHP import_request_variables() Arbitrary Variable Overwrite
Posted Mar 9, 2007
Authored by Stefano Di Paola, Francesco Ongaro | Site wisec.it

PHP versions greater than or equal to 4.0.7 and less than or equal to 5.2.1 suffer from an arbitrary variable overwrite in import_request_variables().

tags | exploit, arbitrary, php
SHA-256 | 5fa15988075ab903a6fb5db15ca53a4cf5cbc587310a227e5c83e5aa6494637b
Milkeyway-0.1.1.txt
Posted Mar 20, 2006
Authored by Francesco Ongaro | Site ush.it

Milkeyway Captive Portal versions 0.1 and 0.1.1 are vulnerable to many SQL injection and XSS vulnerabilities. Detailed POC included.

tags | exploit, vulnerability, sql injection
SHA-256 | ac204592ba8d46b51a0cd05581ac6ff707420ab9e164e86a54872fef2b8f131e
WebCalendar Multiple Vulnerabilities
Posted Dec 1, 2005
Authored by Francesco Ongaro | Site ush.it

WebCalendar 1.0.1 is susceptible to SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 23e27c95c7836fb9ed4b91fc3f6d56dabd8ce00e2c70c418b4563aabab3e4fb9
PHP Web Statistik Multiple Vulnerabilities
Posted Dec 1, 2005
Authored by Francesco Ongaro | Site ush.it

PHP Web Statistik version 1.4 suffers from injection vulnerabilities.

tags | advisory, web, php, vulnerability
SHA-256 | 1254628e2da8b1b1b6f411da297d1ea9e16f19f55e843ac8d21250c14532a6ef
FreeWebStat Multiple Cross Site Scripting
Posted Dec 1, 2005
Authored by Francesco Ongaro | Site ush.it

FreeWebStat version 1.0 rev37 is vulnerable to multiple cross site scripting flaws.

tags | advisory, xss
SHA-256 | 0020303ba5ebcc0da8d674752ec0c2c826555fce3288cdd245981ad3915983ad
PHP iCalendar Cross Site Scripting
Posted Oct 27, 2005
Authored by Francesco Ongaro | Site ush.it

PHP iCalendar versions 2.0a2, 2.0b, 2.0c, and 2.0.1 are susceptible to a cross site scripting vulnerability. Exploitation details provided.

tags | exploit, php, xss
SHA-256 | 9f0ca61b9a7c8067bc32bf77050ea673995d4a2229d755fff83257c3138fc38e
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close