what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files from Juan Galiana Lara

First Active2007-12-29
Last Active2015-01-07
Pandora 3.1 Auth Bypass / Arbitrary File Upload
Posted Jan 7, 2015
Authored by Juan Galiana Lara | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in Pandora version 3.1 as disclosed by Juan Galiana Lara. It also integrates with the built-in pandora upload which allows a user to upload arbitrary files to the '/images/' directory. This Metasploit module was created as an exercise in the Metasploit Mastery Class at Blackhat that was facilitated by egypt and mubix.

tags | exploit, arbitrary, bypass
advisories | CVE-2010-4279, OSVDB-69549
SHA-256 | a4ce59d4dd94c27dbf57cc0669eb39781c82929e9cbc36e77d98b4f23bc377e0
Pandora FMS Command Injection / SQL Injection / Path Traversal
Posted Dec 1, 2010
Authored by Juan Galiana Lara

Pandora FMS versions 3.1 and below suffer from authentication bypass, os command injection, remote SQL injection, remote file inclusion and path traversal vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file inclusion
advisories | CVE-2010-4279, CVE-2010-4278, CVE-2010-4280, CVE-2010-4281, CVE-2010-4282, CVE-2010-4283
SHA-256 | 1eb36c171f92f828e83d06f5a34529baec96147738184d46632dac589bd844f1
Facebook Cross Site Request Forgery
Posted Feb 12, 2010
Authored by Juan Galiana Lara

Facebook suffered from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 7c06005a85f096900d92826ed406c9ce0ea87835034029bd142b1096a149b394
Facebook Cross Site Scripting
Posted Feb 4, 2010
Authored by Juan Galiana Lara

The mobile interface of Facebook social network was affected by a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c7302bf39fcec502bd13d11cc9209826ade631c914ff3a356949aa5373e146f7
PHP-Calendar 1.1 Remote/Local File Inclusion
Posted Dec 18, 2009
Authored by Juan Galiana Lara

PHP-Calendar version 1.1 suffers from remote and local file inclusion vulnerabilities.

tags | exploit, remote, local, php, vulnerability, code execution, file inclusion
advisories | CVE-2009-3702
SHA-256 | 840e9b68fad40237db6a10b3a2a2bd615d1946cf2a3593cf203fb666b3defe61
Simple PHP Blog 0.5.1 Local File Inclusion
Posted Dec 18, 2009
Authored by Juan Galiana Lara

Simple PHP Blog versions 0.5.1 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, php, file inclusion
SHA-256 | f5a9b9510f60ced60ff8af1994505f1deab20f0e09d6fa4a736113387fd97849
QuiXplorer 2.41beta LFI / Traversal / Code Execution
Posted Dec 18, 2009
Authored by Juan Galiana Lara

QuiXplorer versions 2.4.1beta suffer from a remote code execution vulnerability due to being susceptible to local file inclusion and directory traversal issues.

tags | exploit, remote, local, code execution, file inclusion
SHA-256 | a3afd7e0520ee57c295c801fdb5fbffbe8ff9efc2f0571f48aac4570e60b32da
Horde 3.3.5 Cross Site Scripting
Posted Dec 17, 2009
Authored by Juan Galiana Lara

Horde version 3.3.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2009-3701
SHA-256 | 1627efc1a062f84d9d9c5667d6a97f0f55081228b23f76fefb6717a55faaf8a5
WP-Forum 2.3 SQL Injection
Posted Dec 16, 2009
Authored by Juan Galiana Lara

WP-Forum versions 2.3 and below suffer from remote SQL and blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2009-3703
SHA-256 | 31f97870491f4ea10af9fad39bc83efefe0cf49b6221c2519edecd8b21367977
WordPress MU Cross Site Scripting
Posted Nov 18, 2009
Authored by Juan Galiana Lara

WordPress MU versions 1.2.2 through 1.3.1 wp-includes/wpmu-functions.php suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | 04732f8d93fe0ce601091242ec0471c3a3dc3936c54d2536bb4d0ffd27437709
Joomla Multiple Cross Site Scripting Issues
Posted Jul 2, 2009
Authored by Juan Galiana Lara

Joomla! versions prior to 1.5.12 suffer from multiple cross site scripting vulnerabilities in relation to HTTP headers.

tags | exploit, web, vulnerability, xss
SHA-256 | 96382c9357b98c1fc2422f787e84ed89ac09e327397897640df4b58e69043ea1
Joomla! 1.5.10 JA_Purity Cross Site Scripting
Posted Jun 5, 2009
Authored by Juan Galiana Lara

Joomla! version 1.5.10 suffers from multiple persistent cross site scripting vulnerabilities in the JA_Purity template.

tags | exploit, vulnerability, xss
SHA-256 | f87cd7f78030d051ed0a2a71a6dc7ed4b7afdec1b0f6c27bca123a0dc5f7087f
ModSecurity Denial Of Service
Posted Mar 20, 2009
Authored by Juan Galiana Lara

ModSecurity versions prior to 2.5.9 are vulnerable to a remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | 8773bf44208c8558e5fc2d15ae1be757d30697c1928ff4fefbf8e5dcf130a0f1
WordPress MU Cross Site Scripting
Posted Mar 10, 2009
Authored by Juan Galiana Lara

WordPress MU versions below 2.7 suffer from a Host HTTP header cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | 4113cda2b941db88f0101e9657393b355c6a879ccc46d2953d89e73cafc8d026
eXtplorer Code Execution
Posted Mar 2, 2009
Authored by Juan Galiana Lara

The eXtplorer file management component for Joomla! and Mambo suffers from a local file inclusion vulnerability that allows for remote code execution. Versions below 2.0.0 are vulnerable.

tags | exploit, remote, local, code execution, file inclusion
SHA-256 | 0c8be37f45dd7716c3e21eb52f60bdef7051a84c86dec14021ede81924f79d5b
wordpressmu-xss.txt
Posted Sep 30, 2008
Authored by Juan Galiana Lara

WordPress MU versions below 2.6 suffer from a cross site scripting vulnerability in wpmu-blogs.php.

tags | exploit, php, xss
SHA-256 | d01df92f8463db0d7b80d62d8d9f582c1da47c5dec6ed4787fcc220dd29a1b05
hydra-patch.txt
Posted Feb 6, 2008
Authored by thc, Juan Galiana Lara

This is a patch for THC Hydra that fixes a status code parsing error for the HTTP protocol.

tags | web, protocol
SHA-256 | 9f8bbdd611cf293292e197b96cc9bc52d77927cf395d6b5e00bc56cdf3233cc4
faqmaster-multi.txt
Posted Dec 29, 2007
Authored by Juan Galiana Lara

FAQMasterFlexPlus suffers from cross site scripting and SQL injection vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | d15bc96986c91951c4905a25dcdfa25651961bb2671251caa8477328798c98d2
openbiblio-multi.txt
Posted Dec 29, 2007
Authored by Juan Galiana Lara

OpenBiblio versions 0.5.2-pre4 and below suffer from multiple vulnerabilities including local file file inclusion, SQL injection, and cross site scripting.

tags | exploit, local, vulnerability, xss, sql injection, file inclusion
SHA-256 | 67dd9f532ea1edb5529740b43cee83aeb7b4260ff981ff5913d1e2b1a9c20998
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close