what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 104 RSS Feed

Files from James Bercegay

Real NameJames Bercegay
Email addressprivate
Websitewww.gulftech.org
First Active2003-12-23
Last Active2019-09-23
View User Profile
Piwigo 2.9.5 Cross Site Scripting / SQL Injection / Command Execution
Posted Sep 23, 2019
Authored by James Bercegay | Site gulftech.org

Piwigo versions 2.9.5 and below suffer from cross site scripting, command execution, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | b600b5958b0ee6dee3f9d65b7bdd5d3dfc7b58658165a1ff9a81bb89f53f20c0
Webmin 1.920 rpc.cgi Remote Root
Posted Sep 2, 2019
Authored by James Bercegay

This Metasploit module exploits Webmin versions 1.930 and below. This exploit takes advantage of a code execution issue within the function unserialise_variable() located in web-lib-funcs.pl, in order to gain root. The only prerequisite is a valid session id.

tags | exploit, web, root, code execution
SHA-256 | a204c6065da489d3ae9470a7346273b6cabd6fe1e769d74907481d037f95676d
D-Link DNS-325 ShareCenter 1.05B03 Shell Upload / Command Injection
Posted Jan 15, 2018
Authored by James Bercegay | Site gulftech.org

D-Link DNS-325 ShareCenter versions 1.05B03 and below suffer from remote shell upload and command injection vulnerabilities.

tags | exploit, remote, shell, vulnerability
SHA-256 | 1d616d13ec26238dd932f3e0e6c63790101f854e43be4a7b9cc005eb538134a7
D-Link DNS-343 ShareCenter 1.05 Command Injection
Posted Jan 15, 2018
Authored by James Bercegay | Site gulftech.org

D-Link DNS-343 ShareCenter versions 1.05 and below suffer from a remote command injection vulnerability.

tags | exploit, remote
SHA-256 | d832c2d9c95f21a1c3cb7649d5a90e5a9d834f91134ce4a5797f72a044e07fe9
Synology PhotoStation 6.7.2-3429 SQL Injection / File Disclosure
Posted Jan 9, 2018
Authored by James Bercegay | Site gulftech.org

Synology PhotoStation versions 6.7.2-3429 and below suffer from file disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | ad09b2ea0675a31e268f69980f1207ad88aa1a915e3330c604acafaf780e7aa6
Synology PhotoStation 6.7.2-3429 Remote Root
Posted Jan 9, 2018
Authored by James Bercegay | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in Synology PhotoStation. When combined these issues can be leveraged to gain a remote root shell.

tags | exploit, remote, shell, root, vulnerability
SHA-256 | c2633b99ae20f01a367fb4e5e36b30f18ba62871b2f3aa8d07c433862694a6b6
WDMyCloud 2.30.165 CSRF / File Upload / Code Execution / Backdoor / DoS
Posted Jan 5, 2018
Authored by James Bercegay | Site gulftech.org

WDMyCloud versions 2.30.165 and below suffer from file upload, hard coded backdoor, command injection, cross site request forgery, denial of service, and information disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability, info disclosure, file upload, csrf
SHA-256 | ce132c1c025b9c99726907316a22365125d232109740666b4c9f8d0eab5e2273
D-Link DNS-320L 'mydlinkBRionyg' Backdoor
Posted Jan 5, 2018
Authored by James Bercegay | Site metasploit.com

This Metasploit module exploits two issues. The first issue is that there is a hard coded backdoor within DNS-320L devices. Using this backdoor access we can then reach buggy code which is vulnerable to command injection. Root shell will be spawned upon successful exploitation. Firmware versions 1.0 (2012/6/15) to 6.0 (2015/07/28) are vulnerable.

tags | exploit, shell, root
SHA-256 | 3175543cab0a2c0cb2bc860f1b30d10378dff5f312632ca9ec263bf5372403af
Western Digital WDMyCloud 'mydlinkBRionyg' Backdoor
Posted Jan 5, 2018
Authored by James Bercegay | Site metasploit.com

This Metasploit module exploits two issues. The first issue is that there is a hard coded backdoor within WDMyCloud devices. Using this backdoor access we can then reach buggy code which is vulnerable to command injection. A root shell will be spawned upon successful exploitation.

tags | exploit, shell, root
SHA-256 | addbabad254d2c62cc2568d94364398b112815e807d11bba42ea1c6c550f8dea
D-Link DNS-320L ShareCenter Backdoor Account / Remote Root
Posted Jan 5, 2018
Authored by James Bercegay | Site gulftech.org

D-Link DNS-320L ShareCenter contains a backdoor account that allows for remote root command execution.

tags | exploit, remote, root
SHA-256 | acd60d040c7712f3d33b0be911ce4f5bdf7d9de33338a9562900b73c80bce2d9
vBulletin Search UI SQL Injection
Posted Jul 21, 2011
Authored by James Bercegay | Site gulftech.org

vBulletin suffers from a Search UI remote SQL injection vulnerability. Proof of concept code included.

tags | exploit, remote, sql injection, proof of concept
SHA-256 | ff18a6080f828d0166944b872e6dd81a31c0dcaeaa4d4bb564bd68099b4dfd64
Joomla 1.6.x Administrator PHP Code Execution
Posted May 31, 2011
Authored by James Bercegay | Site gulftech.org

This Metasploit module can be used to gain a remote shell to a Joomla! 1.6.x install when administrator credentials are known. This is achieved by uploading a malicious component which is used to execute the selected payload.

tags | exploit, remote, shell
SHA-256 | 612d16778b5cce15c16e50253fe4bc1f0dbda9b28aac75b76518ca8050eb526c
Joomla 1.6.0 SQL Injection
Posted May 31, 2011
Authored by James Bercegay | Site gulftech.org

A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage the SQL Injection to extract admin credentials, and then store those credentials within the notes_db. The vulnerability is due to a validation issue in /components/com_content/models/category.php that erroneously uses the "string" type whenever filtering the user supplied input. This issue was fixed by performing a whitelist check of the user supplied order data against the allowed order types, and also escaping the input.

tags | exploit, php, sql injection
advisories | CVE-2011-1151
SHA-256 | 647e5aeb46772c7d0cdb8e0649db65e77ffaa67a35949d881a8ff0eac18b6c6d
vBulletin 4.1.2 search.php SQL Injection
Posted May 30, 2011
Authored by James Bercegay | Site gulftech.org

vBulletin versions 4 through 4.1.2 are vulnerable to a preauth SQL Injection issue that may be used by an attacker to extract user credentials, and potentially gain administrative access, potentially leading to remote PHP code execution.

tags | exploit, remote, php, code execution, sql injection
SHA-256 | 66a76054bed8d3379af551d8013a3dd18f852a2244d56170a687f6adc9318f37
Joomla 1.6.0 SQL Injection / PHP Execution
Posted Apr 29, 2011
Authored by James Bercegay | Site metasploit.com

A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage the SQL Injection to extract admin credentials, and use those credentials to execute arbitrary PHP code against the target. The vulnerability is due to a validation issue in /components/com_content/models/category.php that erroneously uses the "string" type whenever filtering the user supplied input. This issue was fixed by performing a whitelist check of the user supplied order data against the allowed order types, and also escaping the input.

tags | exploit, arbitrary, php, sql injection
advisories | CVE-2011-1151
SHA-256 | 28c21a2ec7d950cbd9d0976d7cd73119b9bed67f6d2b34e15cc02ba5fdbc2d93
NING Application Self Replicating Malware
Posted Aug 31, 2010
Authored by James Bercegay

This is a proof of concept, self replicating, social network based malware for NING.

tags | exploit, proof of concept
SHA-256 | de4f62f605510fd85d965fa28f6ecc9117079527689671ded2199c9061472bc2
Facebook Friend Finder Email Leakage
Posted Aug 26, 2010
Authored by James Bercegay | Site gulftech.org

Facebook's Friend Finder feature suffers from an email enumeration vulnerability.

tags | exploit
SHA-256 | 0a89d40eb5af83a2d4da92778f431ef869846fc0f793b50091c3195809f8ec10
websvn-xssfhce.txt
Posted Oct 24, 2008
Authored by James Bercegay | Site gulftech.org

WebSVN versions 2.0 and below suffer from cross site scripting, file handling, and php code execution vulnerabilities.

tags | exploit, php, vulnerability, code execution, xss
SHA-256 | 7e57b2ac943d4faa4a4781f6bacfc67d829212eef353da5cbf880cc3241e29c0
advancedelectron-exec.txt
Posted Sep 20, 2008
Authored by James Bercegay | Site gulftech.org

Advanced Electron Forum (AEF) versions 1.0.6 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 6b7cad6edd71c0decb297e6dfa8f90c22132ac89bc5b7f3919c9f73a320b9989
zencart138a-sql.txt
Posted Sep 4, 2008
Authored by James Bercegay | Site gulftech.org

Zen Cart versions 1.3.8a and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | be50c144a7bb9397136e61ebc33e8a71f17305cf9da35b26ea43ff0369df72ee
cscart-sql.txt
Posted Sep 3, 2008
Authored by James Bercegay | Site gulftech.org

CS-Cart versions 1.3.5 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c34743899f62cb832bb5555cff30c0fb0ef5563bbccf281f5f5a8afb277cecfa
crafty-sql.txt
Posted Aug 26, 2008
Authored by James Bercegay | Site gulftech.org

Crafty Syntax Live Help versions 2.14.6 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 64d8d5a4d5584020885aa211271e020ff1a652044d38061ffb50dddcd2edf986
vanilla-xss.txt
Posted Aug 20, 2008
Authored by James Bercegay | Site gulftech.org

Vanilla versions 1.1.4 and below suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 346c9d54e0e5e6c06b6f3c66ff64c41701e2171c21a9548c4df6c305da4be922
sunshop414-sql.txt
Posted Aug 19, 2008
Authored by James Bercegay | Site gulftech.org

SunShop versions 4.1.4 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b9b0236660e7221db2644efb42fb13c59164bf6676c5ece6cda69a8598f17982
phplivehelper-sqlexec.txt
Posted Aug 18, 2008
Authored by James Bercegay | Site gulftech.org

PHP Live Helper versions 2.0.1 and below suffer from SQL injection and code execution vulnerabilities.

tags | exploit, php, vulnerability, code execution, sql injection
SHA-256 | 46230141253c1f845832295a25c7d9fcc09dda0b4e82d2a14406407c4d68c9bf
Page 1 of 5
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close