Showing 1 - 12 of 12
Files from sqlhacker
| Real Name | Hoyt LLC Research |
|---|
| Email address | private |
|---|
| First Active | 2010-09-21 |
|---|
| Last Active | 2013-05-08 |
|---|
Personal Background
Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.
Hoyt LLC combines litigation expertise with research and forensic analysis applied to Governance, Risk and Compliance systems.
URL http://www.cloudscan.me
Additional Details
Hoyt LLC is committed to protecting and securing end-users and personal information and the Hoyt LLC Research Blog and CDN Exploit Search is visible proof of our effort to provide training, education and knowledge into the Public Domain.
Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.
When we fingerprint a critical (with authentication credentials) vulnerability, we develop a Private Security Notification and only disseminate information about the vulnerability, the risk it poses, and what customers can do to protect themselves against it, to the specific Vendor identified.
Non-authenticated vulnerabilities are investigated and report as identified consistent with Full Disclosure, which is immediate and simultaneous with Vendor notification.
Companies large and small need the help of security researchers whom discover emerging and known security vulnerabilities, our investigation and reporting on emerging vulnerabilities provide transparency to an otherwise opaque security picture of applications and products used in wide-scale deployment.
The identification and reporting of emerging and known vulnerabilities is more difficult when details of a vulnerability are made public before by another 3rd party prior to an update being developed. When such events occur, Full Disclosure is our primary consideration, in order to protect the Public against malicious attackers whom may exploit the vulnerability.
The responsibility for all software and hardware products rests with the Vendor alone, and we suggest that Vendors take that responsibility very seriously. Vulnerable Applications create Legal, Compliance and Regulatory exposure for all parties.
There has traditionally been an unwritten rule among security professionals that the discoverer of an emerging or known security vulnerability has an obligation to give the Vendor an opportunity to correct the vulnerability before publicly disclosing it. Once the Public are protected, Full Disclosure of the vulnerability is entirely in order, and helps the industry at large improve its products.
Hoyt LLC observes these established security research and vulnerability notification practices and comments that a security professional is acknowledged by a Vendor when they reported the vulnerability to a Vendor confidentially, worked with the Vendor to identify the scope and true risk, and helped the Vendor disseminate information about it after the threat was mitigated.
- Brother MFC-9970CDW Firmware 0D Cross Site Scripting
- Posted May 8, 2013
- Authored by sqlhacker
Brother MFC-9970CDW Firmware 0D suffers from multiple cross site scripting vulnerabilities.
- tags | exploit, vulnerability, xss
- advisories | CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673, CVE-2013-2674, CVE-2013-2675, CVE-2013-2676
- SHA-256 |
3420f3b475a358c1a02b1bf5b99838fcee8f5ab5d58b149eb50a76ae057e4a0f
- Download | Favorite | View
- Cisco Linksys E4200 Cross Site Scripting / Local File Inclusion
- Posted May 7, 2013
- Authored by sqlhacker
Cisco Linksys E4200 firmware suffers from cross site scripting and local file inclusion vulnerabilities.
- tags | exploit, local, vulnerability, xss, file inclusion
- systems | cisco
- advisories | CVE-2013-2678, CVE-2013-2679, CVE-2013-2680, CVE-2013-2681, CVE-2013-2682, CVE-2013-2683, CVE-2013-2684
- SHA-256 |
59820449af959f72e12353106ed7dd3292754025d1b09dccf9477170e26b0b2e
- Download | Favorite | View
- Movable Type Pro 5.13en Cross Site Scripting
- Posted Oct 20, 2012
- Authored by sqlhacker
Movable Type Pro version 5.13en suffers from a stored cross site scripting vulnerability.
- tags | exploit, xss
- advisories | CVE-2012-1503
- SHA-256 |
bf82bb648dc9f22cb36a1677d8d850cec96c1e5d3c90e9d4374694ff15a16e67
- Download | Favorite | View
- JIRA / GreenHopper Cross Site Scripting
- Posted Sep 4, 2012
- Authored by sqlhacker
JIRA version 4.4.3 with GreenHopper version 5.9.8 suffers from cross site request forgery and stored cross site scripting vulnerabilities.
- tags | advisory, vulnerability, xss, csrf
- advisories | CVE-2012-1500
- SHA-256 |
eb467b467fc6222efa2c041bb7e3071fc8edfe9cce34a13f350ebc31b450647b
- Download | Favorite | View
- SmarterTools SmarterMail 8.0 Cross Site Scripting
- Posted Mar 15, 2011
- Authored by sqlhacker
SmarterTools SmarterMail version 8.0 suffers from multiple cross site scripting vulnerabilities.
- tags | exploit, vulnerability, xss
- SHA-256 |
d79dc1dfa1dea9c0c04be9585a4091dccd9d4c5cd706ede9b1b1418dce1a10e4
- Download | Favorite | View
- SmarterStats 6.0 XSS / DoS / Command Execution / Traversal
- Posted Mar 11, 2011
- Authored by sqlhacker
SmarterStats version 6.0 suffers from cross site scripting, denial of service, command execution, and directory traversal vulnerabilities.
- tags | advisory, denial of service, vulnerability, xss, file inclusion
- SHA-256 |
0836c7412eeb88d123a674b23d5f7ccaf25ad59b6cf315b294ccc95936d268b5
- Download | Favorite | View
- SmarterMail 7.x Cross Site Scripting / Shell Upload / Traversal
- Posted Mar 10, 2011
- Authored by sqlhacker
SmarterMail version 7.x suffers from cross site scripting, shell upload and directory traversal vulnerabilities.
- tags | exploit, shell, vulnerability, xss, file inclusion
- SHA-256 |
5542870334cfbed1b3626bc964047046d9f725188b24a641c1a04d3d7474cf98
- Download | Favorite | View
- Paypal.com Cross Site Scripting
- Posted Nov 2, 2010
- Authored by sqlhacker
Paypal.com suffers from header injection and cross site scripting vulnerabilities. The cross site scripting works against Chrome and Safari but not Internet Explorer 8.
- tags | exploit, vulnerability, xss
- SHA-256 |
34df326662e37124a69232c034611719bc24fe687fe186213c04c2af98781253
- Download | Favorite | View
- Plesk Small Business Manager 10.2 Cross Site Scripting / SQL Injection
- Posted Oct 24, 2010
- Authored by sqlhacker
Plesk Small Business Manager version 10.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
- tags | exploit, remote, vulnerability, xss, sql injection
- SHA-256 |
4875002bc8592473f63668e32dd0729cd9ea682f1ec0de433cc123fa108a819c
- Download | Favorite | View
- SmarterMail 7.x LDAP Injection
- Posted Oct 4, 2010
- Authored by sqlhacker
SmarterMail version 7.2.3925 suffers from a LDAP injection vulnerability.
- tags | exploit
- SHA-256 |
a35fb51611d497bf74601e9a950e6412d34cb7726e467546312f6d499af71053
- Download | Favorite | View
- SmarterMail 7.x Cross Site Scripting
- Posted Oct 4, 2010
- Authored by sqlhacker
SmarterMail version 7.2.3925 suffers from a cross site scripting vulnerability.
- tags | exploit, xss
- SHA-256 |
5e568360a60db57bdd1502c94d5f663903dea56acbe16bd8ebfff52f2f4820ef
- Download | Favorite | View
- SmarterMail 7.1.3876 Directory Traversal
- Posted Sep 21, 2010
- Authored by sqlhacker
SmarterMail version 7.1.3876 suffers from a directory traversal vulnerability.
- tags | exploit, file inclusion
- SHA-256 |
ace2442491053747a431df1026f5e2044cc7284a386c1e83455a87398d2d70fa
- Download | Favorite | View
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed