Showing 1 - 7 of 7

Files from Chris Graham

First Active	2010-01-26
Last Active	2015-11-09

SolarWinds LEM 6.1.0 Remote Command Execution: Posted Nov 9, 2015; Authored by Chris Graham; Solarwinds Log and Event Manager version 6.1.0 suffers from a remote command execution vulnerability.; tags | exploit, remote; systems | linux; SHA-256 | 1d41bb7d6cfb1f5a3165b5c57dacf9edcca07fe28c504326d8fdfa69cee8fba5; Download | Favorite | View

Symantec Endpoint Protection Manager Remote Command Execution: Posted Feb 26, 2014; Authored by Chris Graham, Stefan Viehboeck | Site metasploit.com; This Metasploit module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager versions 11.0, 12.0 and 12.1. When supplying a specially crafted XXE request an attacker can reach SQL injection affected components. As xp_cmdshell is enabled in the included database instance, it's possible to execute arbitrary system commands on the remote system with SYSTEM privileges.; tags | exploit, remote, arbitrary, sql injection, xxe; advisories | CVE-2013-5014, CVE-2013-5015; SHA-256 | ef19d7abd0e99695337b2df4433d4785cfa21593bd61b704d3aa78a9d8ce5183; Download | Favorite | View

Symantec Endpoint Protection Manager Remote Command Execution: Posted Feb 23, 2014; Authored by Chris Graham; Symantec Endpoint Protection Manager suffers from a remote command execution vulnerability. Versions 11.0, 12.0, and 12.1 are affected.; tags | exploit, remote; advisories | CVE-2013-5014, CVE-2013-5015; SHA-256 | 1230fa397327e1f414c650a845b08b3ed515236c94fa13a2c1c80e976a099209; Download | Favorite | View

HP Data Protector EXEC_BAR Remote Command Execution: Posted Feb 17, 2014; Authored by Chris Graham; HP Data Protector EXEC_BAR remote command execution exploit that affects versions 6.10, 6.11, and 6.20.; tags | exploit, remote; advisories | CVE-2013-2347; SHA-256 | 61724438d24f7c3fae1f27461fbde907581b70b0ea7feeb0605890476a22853c; Download | Favorite | View

Epicor Returns Management SOAP-Based Blind SQL Injection: Posted May 18, 2012; Authored by Digital Defense, r@b13$, Chris Graham | Site digitaldefense.net; Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.; tags | advisory, arbitrary, sql injection; SHA-256 | af6d326b8689f781d6e0c85593aa09136aec99822187d885bfc8880af29789ef; Download | Favorite | View

Metropolis Technologies OfficeWatch Directory Traversal: Posted Oct 3, 2011; Authored by Digital Defense, r@b13$, Chris Graham | Site digitaldefense.net; Metropolis Technologies OfficeWatch enables a web server on TCP port 80 that is susceptible to a directory traversal. An attacker may send a ../ (dot-dot-slash) sequence to traverse out of the web root and access arbitrary files on the host.; tags | advisory, web, arbitrary, root, tcp; SHA-256 | 4aba0388d8f62c4675129cd9356d9b16ec2a4a24eaf06d3eacdd7b61b4eeec3b; Download | Favorite | View

Digital Defense VRT Advisory 2009.27: Posted Jan 26, 2010; Authored by Digital Defense, r@b13$, Chris Graham, Rob Kraus; The login page of the F2L-3000 version 4.0.0 is vulnerable to SQL Injection. Exploitation of the vulnerability may allow attackers tobypass authentication and access sensitive information stored on the device.; tags | advisory, sql injection; SHA-256 | 0aa31d61a17571c0fb1db50bfa89f614672ac6e1de71f37e6ea906313453af1b; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days