Files from Yann CAM

Personal Background

Chimein.mozilla.org Cross Site Scripting

Posted Apr 3, 2017

Authored by Yann CAM

Chimein.mozilla.org suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | 677bf08f3abab45727864c625f11fef8a1d0809f03498843151760f1272f19e3

Download | Favorite | View

pfSense 2.3.2 Cross Site Request Forgery / Cross Site Scripting

Posted Mar 3, 2017

Authored by Yann CAM

pfSense version 2.3.2 suffers from cross site request forgery and cross site scripting vulnerabilities that can assist in gaining a reverse-shell remotely as root.

tags | exploit, shell, root, vulnerability, xss, csrf

SHA-256 | cd39c0002c9cbad6f84b7ff1bc8b8dfac8bd266558a55a8c5b35198aec6c2e57

Download | Favorite | View

IPFire proxy.cgi Remote Command Execution

Posted Jun 9, 2016

Authored by h00die, Yann CAM | Site metasploit.com

IPFire, a free linux based open source firewall distribution, versions prior to 2.19 Update Core 101 contain a remote command execution vulnerability in the proxy.cgi page.

tags | exploit, remote, cgi

systems | linux

SHA-256 | 4455d8714ad0f2e393232ebc31503bf395db118a9964e731f57356a841e46f2a

Download | Favorite | View

IPFire XSS / CSRF / Command Execution

Posted May 4, 2016

Authored by Yann CAM

IPFire versions prior to 2.19 Update Core 101 suffer from cross site request forgery, cross site scripting, and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, xss, csrf

SHA-256 | 393c4154c8ab09e53ef78432d4d5a0accb2f9b3bd87cd8af0908b10dc7dbb5b3

Download | Favorite | View

access.redhat.com Cross Site Scripting

Posted May 2, 2016

Authored by Yann CAM

access.redhat.com suffered from a cross site scripting vulnerability.

tags | exploit, xss

systems | linux, redhat

SHA-256 | 96ad56fe26f9c2e147c24cf7b7252f6f7db7be5f8055546b074f93638fcc666a

Download | Favorite | View

Fortinet Cross Site Scripting

Posted Dec 4, 2015

Authored by Yann CAM

The login.fortinet.com site suffered from a reflective cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 66571f8144851a8371be1d5f8d2edae17f7278739655c44af22a1cea57e1fcba

Download | Favorite | View

Checkpoint Cross Site Scripting

Posted Nov 11, 2015

Authored by Yann CAM

Multiple Checkpoint.com subdomains suffered from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | b045743d4a38a25084493dfc1460f3946c324bcbf543693134beed4eb46cbd10

Download | Favorite | View

tools.cisco.com Cross Site Scripting

Posted Oct 31, 2015

Authored by Yann CAM

Cisco's tools site suffered from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

systems | cisco

SHA-256 | 1f9fd61e7de68f122c09b61c8fb1d95447232133a9e9981cbe4adf441844fcdc

Download | Favorite | View

Oracle.com Cross Site Scripting

Posted Apr 6, 2015

Authored by Yann CAM

Oracle.com suffered from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 6c4b6e99ca086b5b03c0f64ae43d2959fece8ee22e1ed5f22a41e02102ac10d6

Download | Favorite | View

Synology.com Cross Site Scripting

Posted Apr 3, 2015

Authored by Yann CAM

Synology.com suffered from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | df36960f10fd715ad89f78bcc5f4c2fdfa17ca95a83d0ace087bc886131e0aec

Download | Favorite | View

Samba / OpenLDAP Jitterbug Cross Site Scripting

Posted Apr 2, 2015

Authored by Yann CAM

Samba and OpenLDAP Jitterbug instances suffered from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 4b67442c2d4607cdb7bef4db6decebca7bad32c636e64c6031a791331f5c7bfe

Download | Favorite | View

Java.com Cross Site Scripting

Posted Apr 1, 2015

Authored by Yann CAM

Java.com suffered from multiple cross site scripting vulnerabilities.

tags | exploit, java, vulnerability, xss

SHA-256 | f43f2c501c3edc319bb1b75fa7176fd0ea09edceb2d1d23e7062ae9c772ff818

Download | Favorite | View

NASA.gov Cross Site Scripting

Posted Apr 1, 2015

Authored by Yann CAM

NASA.gov suffered from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 1940dedc996e0a901e36e9ad94a1152f1b3844fb6cf1697bc6d72173b54ec02d

Download | Favorite | View

NASA.gov Cross Site Scripting

Posted Jan 27, 2015

Authored by Yann CAM

Multiple nasa.gov subdomains suffered from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | 6191218f1434ba043aed4a65a60f43793bbac40fe0e83ed770b31f5accb7a689

Download | Favorite | View

SmoothWall 3.1 Cross Site Request Forgery / Cross Site Scripting

Posted Dec 22, 2014

Authored by Yann CAM

SmoothWall version 3.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf

SHA-256 | 0ecd6b1d2c66cc12e55433bc1802ad78969ec513f2f9896445b3df9992cf57b2

Download | Favorite | View

eBay.com ocsnext CSS Injection

Posted Dec 22, 2014

Authored by Yann CAM

The eBay.com ocsnext sub-domain suffers from a CSS injection vulnerability.

tags | exploit

SHA-256 | 14a1a806af2d04d309cc8ea67c5c091b21b8e0f149d31e638c6272bf68d40cbc

Download | Favorite | View

IPCop 2.1.4 Cross Site Request Forgery / Cross Site Scripting

Posted Dec 22, 2014

Authored by Yann CAM

IPcop versions 2.1.4 and below suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf

SHA-256 | 7e439926866485cdf320f5390188f46feb4dc5a8ae64a514bf41d3797c973712

Download | Favorite | View

get3.adobe.com Cross Site Scripting

Posted Dec 8, 2014

Authored by Yann CAM

Adobe's get3.adobe.com site suffered from a reflective cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 5d5629ac99ef89b0f45c5ad8cfe201d0e1d75d982e7e15012c86a8b9be463662

Download | Favorite | View

ZeroShell Remote Code Execution

Posted Sep 25, 2013

Authored by Yann CAM | Site metasploit.com

This Metasploit module exploits a vulnerability found in ZeroShell 2.0 RC2 and lower. It will leverage an unauthenticated local file inclusion vulnerability in the "/cgi-bin/kerbynet" url. The file retrieved is "/var/register/system/ldap/rootpw". This file contains the admin password in cleartext. The password is used to login as the admin user. After the authentication process is complete it will use the RunScript action to execute the payload with root privileges.

tags | exploit, local, cgi, root, file inclusion

SHA-256 | f2193eea137458685913c7447d099d29999247310ec1af67fb445ea5bf5576dc

Download | Favorite | View

ZeroShell 2.0RC2 File Disclosure / Command Execution

Posted Aug 13, 2013

Authored by Yann CAM

ZeroShell version 2.0RC2 suffers from remote command execution and file disclosure vulnerabilities.

tags | exploit, remote, vulnerability, info disclosure

SHA-256 | a3301b1b1b854ed7a03d68ac3c2b4962977e82f6b314949e717334f8076016a4

Download | Favorite | View

pfSense 2.0.1 XSS / CSRF / Command Execution

Posted Jan 4, 2013

Authored by Yann CAM

pfSense version 2.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities. The cross site request forgery proof of concept also demonstrates a remote command execution vulnerability.

tags | exploit, remote, vulnerability, xss, proof of concept, csrf

SHA-256 | 94f420cccc815bf5e6c23bf9a91dc74dd47d39e3a3f76ad09f158b2b4de134dc

Download | Favorite | View

m0n0wall 1.33 Cross Site Request Forgery

Posted Dec 6, 2012

Authored by Yann CAM

m0n0wall version 1.33 suffers from a cross site request forgery vulnerability that can allow for remote root access to the system.

tags | exploit, remote, root, csrf

SHA-256 | 1b261f2077e935c28820221d08703fe931bcb8ca1a2cf5cd6c210fe30523260a

Download | Favorite | View