exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Openfire 3.10.2 Cross Site Scripting
Posted Sep 15, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Openfire version 3.10.2 suffers from multiple persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-6972
SHA-256 | 5e15bc6f2c51349cfedc2d25ff91bba4a25bd06fc746b9b8e10eb08cc281cbbc

Related Files

Openfire Authentication Bypass / Remote Code Execution
Posted Jul 19, 2023
Authored by h00die-gr3y | Site metasploit.com

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This Metasploit module will use the vulnerability to create a new admin user that will be used to upload a Openfire management plugin weaponized with a java native payload that triggers remote code execution. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the first version on the 4.8 branch, which is version 4.8.0.

tags | exploit, java, remote, web, code execution
advisories | CVE-2023-32315
SHA-256 | 88a0702601cff01264e02916f842525d503acf8b450db38e6b24d4a2d9099b89
CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissions
Posted Mar 7, 2023
Authored by Systems Research Group

CoreDial sipXcom sipXopenfire versions 21.04 and below suffer from XMPP message system command argument injection and insecure service file permissions that when chained together gives root.

tags | exploit, root
advisories | CVE-2023-25355, CVE-2023-25356
SHA-256 | b306297e359b80aaed39f16e6cdc8e7a70a93aff1cb4084d52e8dfcfadc31596
Openfire 4.6.0 Cross Site Scripting
Posted Dec 10, 2020
Authored by j5s

Openfire version 4.6.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, xss
SHA-256 | f9c7f42f5cd677f2e3c3280fd7992e2595856f2a86b2332e2d48c94b993b1751
Openfire 4.4.1 Cross Site Scripting
Posted Oct 11, 2019
Authored by Daniel Bishtawi | Site netsparker.com

Openfire version 4.4.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c8cd190de875e1a2748c12d3c36958a18961d0b35d125bc5fd41cb6f0f69ee0a
Ignite Realtime Openfire 3.7.1 Cross Site Scripting
Posted Jun 5, 2018
Authored by Yavuz Atlas

Ignite Realtime Openfire version 3.7.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-11688
SHA-256 | c10f3c6ace6529c0ad221c414802d91b8aafa5e9cc0a5c883951f87d29b5c532
Amazon S3 Open Redirect
Posted Mar 30, 2017
Authored by Ghostman

Amazon S3 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | cc5afbb9a4b12138b7c5db47bdc0b8bb94e014dae51869e09b079aaf22a799b5
Gentoo Linux Security Advisory 201612-50
Posted Dec 31, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-50 - Multiple vulnerabilities have been found in Openfire, the worst of which could lead to privilege escalation. Versions less than 4.1.0 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2015-6972, CVE-2015-6973, CVE-2015-7707
SHA-256 | 3c1df0aaa23400fdf285f6cdd7ebc3a5090dc54bebf822e15d09feb645c3e10b
OpenFire 4.0.1 Cross Site Request Forgery / Cross Site Scripting
Posted Jul 6, 2016
Authored by Florian Nivette

OpenFire versions 3.10.2 through 4.0.1 suffer from cross site request forgery and cross site scripting vulnerabilities. These issues are similar as findings discovered by hyp3rlinx but leverage different pages.

tags | exploit, vulnerability, xss, csrf
SHA-256 | be513ac2a1d466d9fc24adcadf3d11b3c22f9970e5d75746d50da08647e6334e
CF Image Host 1.6.6 Cross Site Scripting
Posted Nov 16, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

CF Image Host version 1.6.6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 5aebca1b9f045bc969d039b5496d6960cda4b824e2248290684f290c24ab8154
CF Image Host 1.6.6 Command Injection
Posted Nov 16, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

CF Image Host version 1.6.6 suffers from a remote command injection vulnerability.

tags | exploit, remote
SHA-256 | 3bdd452cf772fc135e145528adbae009a496b93c527c63ea2a8b533c396898cc
CF Image Host 1.6.6 Cross Site Request Forgery
Posted Nov 16, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

CF Image Host version 1.6.6 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 3ae3bf2225e27dc0567a1770d302662b64ef0e7cbedf10d0c07be86aa05f8bd1
b374k 3.2.3 2.8 CSRF / Command Injection
Posted Nov 13, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

b374k web shell versions 2.8 and 3.2.3 suffer from a cross site request forgery vulnerability that allows for remote command injection.

tags | exploit, remote, web, shell, csrf
SHA-256 | 7a3f5f494c2b27e756fd6b73c4b14796921e7612b045ce5d5b218e90626c8178
Microsoft .NET Framework XSS / Privilege Escalation
Posted Nov 11, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft .NET Framework suffers from cross site scripting and elevation of privilege vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2015-6099
SHA-256 | 67e140fbcdfd0cfa86769915aa1660f8416cb51af113ed025468412f12623927
NXFilter 3.0.3 Cross Site Scripting
Posted Nov 9, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

NXFilter version 3.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 25d37f8adf5afa9c7c98764fff4c727777d4b671efb6c7a9a03dd0ec08335501
NXFilter 3.0.3 Cross Site Request Forgery
Posted Nov 9, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

NXFilter version 3.0.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 7bc6dd411cd4472cf1c1681c9e4ae97ab9d2970ba375615bec05bd0f544a3f2d
Spetnik TCPing Utility 2.1.0 Buffer Overflow
Posted Nov 2, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

If TCPing is called with an specially crafted CL argument it will cause an exception and overwrite the pointers to next SEH record and SEH handler with our buffer and malicious shellcode. Spetnik TCPing version 2.1.0 is affected.

tags | exploit, tcp, shellcode
SHA-256 | f06cc5b1273a53dd542910fc1defe06e91902dd50c024cd10a345a30dfa1bc90
PHP Server Monitor 3.1.1 Privilege Escalation
Posted Oct 30, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

PHP Server Monitor version 3.1.1 suffers from a privilege escalation vulnerability.

tags | exploit, php
SHA-256 | aafa69a15ff0e3770a96c5012d8cb850bdb3fda9ba48a991cb0678d1cb2b0ff6
PHP Server Monitor 3.1.1 Cross Site Request Forgery
Posted Oct 30, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

PHP Server Monitor version 3.1.1 suffers from a cross site request forgery vulnerability.

tags | exploit, php, csrf
SHA-256 | c6dd900ebf2986cd3b5ad60ba13c81ef576d594f7507b637176981a3472236fa
Blat 2.7.6 Buffer Overflow
Posted Oct 14, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Blat version 2.7.6 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 21911e93027d280e190872f956f0eb12482a0f9573adbf3e42f6c5e7e8327a60
AdobeWorkgroupHelper.exe 2.8.3.3 Buffer Overflow
Posted Oct 12, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

If AdobeWorkgroupHelper.exe is called with an overly long command line argument it is vulnerable to a stack based buffer overflow exploit. Version 2.8.3.3 is affected.

tags | exploit, overflow
SHA-256 | ef450a73a8d6362812ddab4a5aa611d7e0c3cdb0cf7886a183004492328ce245
Zope Management Interface 4.3.7 Cross Site Request Forgery
Posted Oct 7, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Zope Management Interface version 4.3.7 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-7293
SHA-256 | 4a44c59001f1f7565864d480e019a3a4fd024ae8fa91414db943f1b82c6bccf1
LanWhoIs.exe 1.0.1.120 Buffer Overflow
Posted Oct 7, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

LanWhoIs.exe version 1.0.1.120 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 7574eb8ce3b4e579f9b7bdfda42d4551f13c05418bf0b8426310d33e3bde8949
LanSpy 2.0.0.155 Buffer Overflow
Posted Oct 6, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

LanSpy version 2.0.0.155 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 2e17ea86e3b7e6207891ab7629ef137a4bc24466fafb4299bf5316035b1c6609
FTGate 2009 SR3 Cross Site Scripting
Posted Oct 2, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

FTGate 2009 SR3 May 13 2010 Build 6.4.000 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 99a355c0ad599328abceaf0fae609ea435adbf8015e3bff1bf74e184f3f138db
FTGate 7 Cross Site Request Forgery
Posted Oct 2, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

FTGate version 7 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | fd79666db0bf16b4789a4b47b07c05cca8adffccf0476cac004649e4884f28ce
Page 1 of 4
Back1234Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close