what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files from Jack Misiura

First Active2020-05-05
Last Active2021-02-12
SolarWinds Serv-U FTP Server 15.2.1 Cross Site Scripting
Posted Feb 12, 2021
Authored by Jack Misiura

SolarWinds Serv-U FTP Server versions through 15.2.1 do not correctly sanitize and validate the user-supplied directory names, allowing malicious users to create directories that when clicked on (in the breadcrumb menu) will trigger cross site scripting payloads.

tags | exploit, xss
advisories | CVE-2020-28001
SHA-256 | 63b2c20217bc49cd26d5d1117a3e0ef300ddd3efe77e545937de5ae02474c7ac
Download | Favorite | View
SolarWinds Serv-U FTP Server 15.2.1 Path Traversal
Posted Feb 12, 2021
Authored by Jack Misiura

SolarWinds Serv-U File Server versions through 15.2.1 do not correctly validate path information, allowing the disclosure of files and directories outside of the user's home directory via a specially crafted GET request.

tags | exploit, file inclusion
advisories | CVE-2020-27994
SHA-256 | 64b515c78c524df69e596a9ac43e62c6feeaae73ff31f506f5da5c63c7573d1a
Download | Favorite | View
OpenAsset Digital Asset Management SQL Injection
Posted Dec 11, 2020
Authored by Jack Misiura

OpenAsset Digital Asset Management suffers from an authenticated blind remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2020-28860
SHA-256 | 895921eb0a53976c8b5da677f784a32391efcbd1cc80d796ef72378efa54580a
Download | Favorite | View
OpenAsset Digital Asset Management Cross Site Request Forgery
Posted Dec 11, 2020
Authored by Jack Misiura

OpenAsset Digital Asset Management suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2020-28858
SHA-256 | 078180c0088a10bb5564b3436104fdcc80f9d53548b5cf7063cb5edac1d63305
Download | Favorite | View
OpenAsset Digital Asset Management Insecure Direct Object Reference
Posted Dec 11, 2020
Authored by Jack Misiura

OpenAsset Digital Asset Management was found to provide several endpoints which allowed for unauthenticated data retrieval in a CSV format. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

tags | exploit
advisories | CVE-2020-28861
SHA-256 | a0acbb09078931bf9f089e891b334d18ce2ebf45b68c44d5c001bc986f5e04b9
Download | Favorite | View
OpenAsset Digital Asset Management Cross Site Scripting
Posted Dec 11, 2020
Authored by Jack Misiura

The OpenAsset Digital Asset Management web application suffers from multiple reflected and persistent cross site scripting vulnerabilities. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

tags | exploit, web, vulnerability, xss
advisories | CVE-2020-28857, CVE-2020-28859
SHA-256 | f23463f784d061541c79ecdec79a17114bfcaa396f5627dde1e0c79a90a2ae45
Download | Favorite | View
OpenAsset Digital Asset Management IP Access Control Bypass
Posted Dec 11, 2020
Authored by Jack Misiura

The OpenAsset Digital Asset Management web application allowed for spoofing of IP addresses by using X-Forwarded-For header. By default, the web application would allow all traffic in for 127.0.0.1, in order to prevent users from accidentally blocking themselves. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

tags | exploit, web, spoof, bypass
advisories | CVE-2020-28856
SHA-256 | ad00d431157ae8f7dd34f7235a000e058a087a21a50442a4aad8f2801e7fdb27
Download | Favorite | View
WordPress DirectoriesPro 1.3.45 Cross Site Scripting
Posted Dec 11, 2020
Authored by Jack Misiura

WordPress DirectoriesPro plugin version 1.3.45 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-29303, CVE-2020-29304
SHA-256 | 6aa12eb5e2a30f4c4d114b32f8b866bc1a6a86a0191f2dd3043d5c986c598b92
Download | Favorite | View
WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass
Posted Aug 20, 2020
Authored by Jack Misiura

WordPress NAB Transact WooCommerce plugin version 2.1.0 suffers from a payment bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2020-11497
SHA-256 | 38cc536fa634ad0e7e4c8028f098b79ee4e5dc38a1859d06b32822642b372df3
Download | Favorite | View
WordPress WooCommerce Advanced Order Export 3.1.3 Cross Site Scripting
Posted May 5, 2020
Authored by Jack Misiura

WordPress WooCommerce Advanced Order Export plugin version 3.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-11727
SHA-256 | 1ebb98495b8fa8dad24676dddccc093fc59175e279731d6f0c3ed82e9cbe5251
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close