what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 50 RSS Feed

Files from loneferret

First Active2009-12-07
Last Active2016-08-16
Pi-Hole 2.8.1 Cross Site Scripting
Posted Aug 16, 2016
Authored by loneferret

Pi-Hole version 2.8.1 with web interface version 1.3 suffers from a persistent cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | dcdfd8e2b303c612ea99f185e33cfd910d4a217f8d34dbe3ab23d1823435c694
Cyclope Employee Surveillance 8.6.1 Insecure File Permissions
Posted Dec 8, 2015
Authored by loneferret

Cyclope Employee Surveillance versions 8.6.1 and below suffer from a multiple of insecure file permission vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 8981697f97cfe24c24bb514331bf9925b6437179a12c2575f829d880e167c2c3
eM Client 5.0.18025.0 Cross Site Scripting
Posted Sep 10, 2013
Authored by loneferret

eM Client e-mail client version 5.0.18025.0 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 58d63f0347684b64df7ea221869f6c49d7b63d4b6ed451c1bfe8a5229f8066e7
PHP Server Monitor Cross Site Scripting
Posted Nov 21, 2012
Authored by loneferret

PHP Server Monitor version 2.0.1 suffers from a stored cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | a66b0a9487b95c5307915eccadb39223d33aa5451ae999c36c581fabd1220cfc
WeBid 1.0.5 Directory Traversal
Posted Nov 19, 2012
Authored by loneferret

WeBid versions 1.0.5 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 691fd6a645c981162b89806c3a38adbbac74928e9a8c6bdd1391a139433a93d9
Web Help Desk 11.0.7 Cross Site Scripting
Posted Oct 8, 2012
Authored by loneferret

Web Help Desk version 11.0.7 suffers from a stored cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | 92d407863cc4660b9160ec7ee4b566b3f02ec436aa4aadd47f903d4acf797aa7
qdPM 7 Arbitrary PHP File Upload
Posted Sep 14, 2012
Authored by loneferret, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in qdPM - a web-based project management software. The user profile's photo upload feature can be abused to upload any arbitrary file onto the victim server machine, which allows remote code execution. Please note in order to use this module, you must have a valid credential to sign in.

tags | exploit, remote, web, arbitrary, code execution
advisories | OSVDB-82978
SHA-256 | f5f6ba93d6feeeed1d320115b76b89c669688a7089990888c0aafa5f2993314c
op5 Monitoring 5.4.2 XSS / CSRF / SQL Injection
Posted Aug 24, 2012
Authored by loneferret

op5 Monitoring version 5.4.2 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | 027aefb418d26810247858030e2eef7f6b9be2c5cf3721ff4c1fb7885e01cfdd
Clipbucket 2.5 Directory Traversal
Posted Aug 22, 2012
Authored by loneferret

Clipbucket version 2.5 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 60276daddff1d6ad33d0d4b4a077e3bd663c889d534719331c76356e88d80d43
Clipbucket 2.5 Blind SQL Injection
Posted Aug 22, 2012
Authored by loneferret

Clipbucket version 2.5 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7dc8211e010244ae9cf4425d8fab83465c7a0a8ecade28de6cd2185bc60a2be2
Sphpforum 0.4 Cross Site Scripting / SQL Injection
Posted Aug 16, 2012
Authored by loneferret

Sphpforum version 0.4 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 7502224f9e635dc27202e748cdf5015178a6e1641cbf8304333b802649a8903c
Cyclope Employee Surveillance Solution 6.0 LFI / SQL Injection
Posted Aug 16, 2012
Authored by loneferret

Cyclope Employee Surveillance Solution version 6.0 suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | 273066191a655c86d91a70052edaa3a834b3139d3603270a7d1527b8ca95aea6
Cyclope Employee Surveillance Solution 6 SQL Injection
Posted Aug 14, 2012
Authored by loneferret, sinn3r | Site metasploit.com

This Metasploit module exploits a SQL injection found in Cyclope Employee Surveillance Solution. Because the login script does not properly handle the user-supplied username parameter, a malicious user can manipulate the SQL query, and allows arbitrary code execution under the context of 'SYSTEM'.

tags | exploit, arbitrary, code execution, sql injection
advisories | OSVDB-84517
SHA-256 | 943d1370d3c4c203bec054c6328adda12b9aa04b01b7010bb71dea9ec2bef8a7
Spytech NetVizor 6.1 Denial Of Service
Posted Aug 12, 2012
Authored by loneferret

Spytech NetVizor version 6.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 624d60f1e5fa6722803c808e21f27d4d93882b992953c1ecb81168ae1771bcae
Cyclope Employee Surveillance Solution 6.0 SQL Injection
Posted Aug 9, 2012
Authored by loneferret

Cyclope Employee Surveillance Solution version 6.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bd0909c3e422bbfd18d2ea996c369f5da57e023725ed14f2b97843f25e7ef12a
Axigen Mail Server 8.0.1 Cross Site Scripting
Posted Aug 8, 2012
Authored by loneferret

Axigen Mail Server version 8.0.1 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-2592
SHA-256 | b712d8ab578b4188e22a4207f80f37e1183a304194159d181703507b37e78350
EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting
Posted Aug 8, 2012
Authored by loneferret

EmailArchitect Enterprise Email Server version 10.0 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-2591
SHA-256 | 1d614ed71a8927d8aefe626bbcff7dd35a56dc0ab018757a65f61785d9f38e5f
ESCON SupportPortal Pro 3.0 Cross Site Scripting
Posted Aug 8, 2012
Authored by loneferret

ESCON SupportPortal Pro version 3.0 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-2590
SHA-256 | 276e0b8f015732fce0ae5dbd7e7bdd804d1aa558b1f1268b2d84dc292f750351
MailEnable Enterprise 6.5 Cross Site Scripting
Posted Aug 8, 2012
Authored by loneferret

MailEnable Enterprise version 6.5 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-2588
SHA-256 | fd72faeb58eb75ffa50d2abc0e461b01e20ed0f5d946c64e0d92334ec5a8ef56
AfterLogic Mailsuite Pro 6.3 Cross Site Scripting
Posted Aug 8, 2012
Authored by loneferret

AfterLogic Mailsuite Pro (VMware Appliance) version 6.3 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-2587
SHA-256 | 70975b139f142c6b5aa2788169c1656874f10ae8fd42b3b7714b3d1791acff41
MailTraq 2.17.3.3150 Cross Site Scripting
Posted Aug 8, 2012
Authored by loneferret

MailTraq version 2.17.3.3150 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-2586
SHA-256 | 146ace147ff06c7f56045da0af62a91fa81e836cd9400ac850544756e07b726e
qdPM 7 Shell Upload
Posted Jun 14, 2012
Authored by loneferret

qdPM version 7 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | de7d737317088da35d6c5415b3002cc2704e760c0485eed4b429a49321a72e9c
phpAccounts 0.5.3 SQL Injection
Posted Jun 9, 2012
Authored by loneferret

phpAccounts version 0.5.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 30cdfeba324743b1bf4c4c95682a87039a6577116abd1abe95054f052c5f2cf5
Simple Web Content Management System 1.1 SQL Injection
Posted Jun 1, 2012
Authored by loneferret

Simple Web Content Management System version 1.1 suffers from multiple remote SQL injection vulnerabilities. Most of these issues were already priorly discovered in early 2011 by John Leitch for versions 1.21 and below.

tags | exploit, remote, web, vulnerability, sql injection
SHA-256 | 82966c3a58927288ab4557775bf16493908a7de8d6566a8d84e89069b47fae4f
PBBoard 2.1.4 SQL Injection
Posted May 29, 2012
Authored by loneferret

PBBoard version 2.1.4 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 7fe5b20927aaffae29776bb564eeb8a96670bea62bb6fcb45a4fd730c7f8b817
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close