what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 64 RSS Feed

Files

SolarView Compact 6.0 Command Injection
Posted May 17, 2022
Authored by Ahmed Alroky

SolarView Compact version 6.0 suffers from a command injection vulnerability.

tags | exploit
advisories | CVE-2022-29303
SHA-256 | 893deed2e4181f38ba09efbd6381b56f6ca00311c05547810779183d11af7196

Related Files

SolarView Compact 6.00 Command Injection
Posted Mar 14, 2024
Authored by ByteHunter

SolarView Compact version 6.00 suffers from a remote command injection vulnerability.

tags | exploit, remote
advisories | CVE-2023-23333
SHA-256 | 036c73fd4d8c1b4db5a8dfeb1d025199673968fe8cec024982fdbe68c19a7ca1
SolarView Compact 6.00 Remote Command Execution
Posted Sep 6, 2023
Authored by h00die-gr3y | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on the SolarView Compact version 6.00 web application via the vulnerable endpoint downloader.php. After exploitation, an attacker will have full access with the same user privileges under which the webserver is running (typically as user contec).

tags | exploit, web, php
advisories | CVE-2023-23333
SHA-256 | d0437fdd852a45a2f8dcde9836a0c763b4e6b928a9997b6532fb7346909945a8
Ubuntu Security Notice USN-6010-3
Posted Apr 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6010-3 - USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. An attacker could potentially exploit this issue to perform spoofing attacks. Lukas Bernhard discovered that Firefox did not properly manage memory when doing Garbage Collector compaction. An attacker could potentially exploits this issue to cause a denial of service. Zx from qriousec discovered that Firefox did not properly validate the address to free a pointer provided to the memory manager. An attacker could potentially exploits this issue to cause a denial of service. Alexis aka zoracon discovered that Firefox did not properly validate the URI received by the WebExtension during a load request. An attacker could potentially exploits this to obtain sensitive information. Trung Pham discovered that Firefox did not properly validate the filename directive in the Content-Disposition header. An attacker could possibly exploit this to perform reflected file download attacks potentially tricking users to install malware. Ameen Basha M K discovered that Firefox did not properly validate downloads of files ending in .desktop. An attacker could potentially exploits this issue to execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29538, CVE-2023-29539, CVE-2023-29540, CVE-2023-29541, CVE-2023-29548
SHA-256 | 28a0d5910e512b4af6cca1c5d9dce55d15bf50d2e6d7a0ad119fdafd23d0ddad
Ubuntu Security Notice USN-6010-2
Posted Apr 18, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6010-2 - USN-6010-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. An attacker could potentially exploit this issue to perform spoofing attacks. Lukas Bernhard discovered that Firefox did not properly manage memory when doing Garbage Collector compaction. An attacker could potentially exploits this issue to cause a denial of service. Zx from qriousec discovered that Firefox did not properly validate the address to free a pointer provided to the memory manager. An attacker could potentially exploits this issue to cause a denial of service. Alexis aka zoracon discovered that Firefox did not properly validate the URI received by the WebExtension during a load request. An attacker could potentially exploits this to obtain sensitive information. Trung Pham discovered that Firefox did not properly validate the filename directive in the Content-Disposition header. An attacker could possibly exploit this to perform reflected file download attacks potentially tricking users to install malware. Ameen Basha M K discovered that Firefox did not properly validate downloads of files ending in .desktop. An attacker could potentially exploits this issue to execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29538, CVE-2023-29539, CVE-2023-29540, CVE-2023-29541, CVE-2023-29548
SHA-256 | 91b321d6bb292302d0902231bbb90982f43608fbd09b88542bb4eb7885242ffa
SolarView Compact 6.00 Cross Site Scripting
Posted Jun 20, 2022
Authored by Ahmed Alroky

SolarView Compact version 6.00 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2022-29299, CVE-2022-29301
SHA-256 | 25d560f3ffdb43d77020e39409d019b6357d829359c682ee2a18df30976b41c7
SolarView Compact 6.00 Directory Traversal
Posted Jun 3, 2022
Authored by Ahmed Alroky

SolarView Compact version 6.00 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2022-29298
SHA-256 | 76fa7594e9d56713a54e10432aeac724bc02a1a6c903e3b19cb19936c489db0c
Auerswald COMpact 8.0B Backdoors
Posted Dec 6, 2021
Site redteam-pentesting.de

RedTeam Pentesting discovered several backdoors in the firmware for the Auerswald COMpact 5500R PBX. These backdoors allow attackers who are able to access the web-based management application full administrative access to the device. Versions 8.0B and below are affected.

tags | exploit, web
advisories | CVE-2021-40859
SHA-256 | dd5ca7ea4caa5162c8b67967d3278af0abfd50ff21e9371c5bd80f2300d42ed3
Auerswald COMpact 8.0B Arbitrary File Disclosure
Posted Dec 6, 2021
Site redteam-pentesting.de

RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allows users with the "sub-admin" privilege to access any files on the PBX's file system. Versions 8.0B and below are affected.

tags | exploit, web
advisories | CVE-2021-40858
SHA-256 | d996a18ccf6aeaf710400d44518247e46de43b267d135f9213bec807dc59597d
Auerswald COMpact 8.0B Privilege Escalation
Posted Dec 6, 2021
Site redteam-pentesting.de

RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allows low-privileged users to access passwords of administrative user accounts. Affected versions include 8.0B and below.

tags | exploit, web
advisories | CVE-2021-40857
SHA-256 | dac326b33fff7e529507312696bf7c1980ce40578237f9caf02f0b838930f9b6
Rittal Products Bypass / Command Injection / Privilege Escalation
Posted Jul 10, 2020
Authored by Johannes Kruchem, C. Svoboda | Site sec-consult.com

Multiple Rittal Products based on the same software suffer from CLI menu bypass, insecure configuration, hard-coded backdoor account, outdated component, command injection, and privilege escalation vulnerabilities. Products include but are not limited to CMC III PU Compact, CMC III PU 7030.000 PDU (whole portfolio), LCP-CW, and IoT Interface 3124.300.

tags | exploit, vulnerability
advisories | CVE-2020-11951, CVE-2020-11952, CVE-2020-11953, CVE-2020-11955, CVE-2020-11956
SHA-256 | 9d5e13a39f03bb1911253ad043b021ed88fe002de985be551eb7fc9a7aafa105
Siemens SIPROTEC 4 / Compact EN100 Ethernet Module Denial Of Service
Posted Feb 16, 2018
Authored by M. Can Kurnaz

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module versions prior to 4.25 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2015-5374
SHA-256 | 16a8f6a4cbac0980db97586ac9521fc1517703378293eebab8f22e877006a684
DAWIN - Distributed Audit and Wireless Intrustion Notification 2.0
Posted Apr 28, 2015
Authored by Mark Osborne | Site loud-fat-bloke.co.uk

DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.

Changes: Bug fixes.
tags | tool, wireless
systems | unix
SHA-256 | eec29a64f031854e639f5edda7e65d034b41f755867195fb575def106ccf5112
Ubuntu Security Notice USN-2355-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2355-1 - Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-5471, CVE-2014-5472
SHA-256 | 6bb051a04b06b8f356fa6ace8abe900b0e5f36a2d10b0d99e687194d614f39f8
Ubuntu Security Notice USN-2357-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2357-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kernel Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3601, CVE-2014-5471, CVE-2014-5472
SHA-256 | 0ebb86614e3898d4a547dc9127eb1ace7ab6fa1c8b81e79dc053df7fce2da65e
Ubuntu Security Notice USN-2354-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2354-1 - Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-5471, CVE-2014-5472
SHA-256 | cc00d48b3eea531226e9d223ac3a99209cf8c6e5080f17972bfb51e37ce4567e
Ubuntu Security Notice USN-2356-1
Posted Sep 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2356-1 - Jack Morgenstein reported a flaw in the page handling of the KVM (Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3601, CVE-2014-5471, CVE-2014-5472
SHA-256 | ce2fd3f7419d213c47c8c6b1fbeea798fbd8c810f8df48d686af866f5ffb68db
DAWIN - Distributed Audit and Wireless Intrustion Notification
Posted Sep 17, 2014
Authored by Mark Osborne | Site loud-fat-bloke.co.uk

DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.

tags | tool, wireless
systems | linux
SHA-256 | 900a69552ae4f2e1b99cd5231bc485c4e70297254407c0b371ac96a0d19853b9
Open-FTPD 1.2 Arbitrary File Upload
Posted Aug 12, 2013
Authored by Serge Gorbunov | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities found in Open&Compact FTP server. The software contains an authentication bypass vulnerability and a arbitrary file upload vulnerability that allows a remote attacker to write arbitrary files to the file system as long as there is at least one user who has permission. Code execution can be achieved by first uploading the payload to the remote machine as an exe file, and then upload another mof file, which enables WMI (Management Instrumentation service) to execute the uploaded payload. Please note that this module currently only works for Windows before Vista.

tags | exploit, remote, arbitrary, vulnerability, code execution, bypass, file upload
systems | windows
advisories | CVE-2010-2620, OSVDB-65687
SHA-256 | 1c6829f3aa5790761fb910b2f802e2c160f810883ffc902bf2614ece3bbacfae
Open And Compact FTP Server 1.2 Bypass / Directory Traversal
Posted Aug 8, 2013
Authored by Wireghoul

Open and Compact FTP server version 1.2 authentication bypass and directory traversal SAM retrieval exploit.

tags | exploit, bypass, file inclusion
advisories | CVE-2010-2620, OSVDB-65687
SHA-256 | 0aa630f3b70ad7a6a9b5a6a29346d0cca04ee11570d82597dcfe2a39b5d05d09
OCS Cisco Scanner 0.2
Posted Jan 11, 2013
Authored by OverIP | Site hacklab.tk

Compact mass scanner for Cisco routers with default telnet/enable passwords.

Changes: Various updates and bug fixes.
tags | tool, scanner
systems | cisco, unix
SHA-256 | 867a0b5fd20fabea27f9b864ebcfd8aa4198e3378d494f86556283265b4301b0
OWASP Mantra - Lexicon 0.91 Beta
Posted May 11, 2012
Site getmantra.com

OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals, etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the source code release.

Changes: Firefox 12 is now used as the base. NoRedirect Extension, FireEncrypter, Ra.2 XSS scanner, and more have been added. Known issues have been addressed.
tags | web
SHA-256 | 541d48c626a68f4fde63c7fca65c1f14bbaf9ece1f236099d199f6a931b408c7
HP Security Bulletin HPSBPV02754 SSRT100803 2
Posted Apr 27, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBPV02754 SSRT100803 2 - A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches using a compact flash card which may contain malware content that is a PC trojan executable. The ProCurve switch operating system is not infected with the malware and the content on the compact flash card has no impact on the operation of the switch. Reuse of the compact flash card in a personal computer and manual execution of the malware content could result in a compromise of that system's integrity. Revision 2 of this advisory.

tags | advisory, trojan
advisories | CVE-2012-0133
SHA-256 | ce91c089270db6db060c9c1d7c9215979ae30446e5abfbcc9e91e77982f91126
HP Security Bulletin HPSBPV02754 SSRT100803
Posted Apr 12, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBPV02754 SSRT100803 - A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches containing compact flash cards which may be infected with a virus. Reuse of an infected compact flash card in a personal computer could result in a compromise of that system's integrity. Revision 1 of this advisory.

tags | advisory, virus
advisories | CVE-2012-0133
SHA-256 | aa894cef3a0c2ea1f2d4d52dda2a5961a24ed2dc9729d8ce131a84f0c7de1ae2
Fake POP3 Daemon
Posted Feb 7, 2012
Authored by James Stevenson | Site stev.org

This is a compact fake pop3 daemon that logs password attacks.

tags | tool
systems | unix
SHA-256 | 6606163274f3cfc9bf7e8b5a1201ab59ffdc8e9baedab41009ce14200a0d62a3
OWASP Mantra Armada 0.81 Beta
Posted Dec 31, 2011
Site getmantra.com

OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.

Changes: New add-ons have been added. The base itself has been upgraded. Galley integration has been added along with a better look and feel.
tags | tool, web
SHA-256 | 384cc6304a9f881aea8174598cb196a3476ff4511782032d9cc6022cb4240905
Page 1 of 3
Back123Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close