exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 601 RSS Feed

Files

PhpMyAdmin Config File Code Injection
Posted Dec 31, 2009
Authored by PAgVac, Greg Ose | Site metasploit.com

This Metasploit module exploits a vulnerability in PhpMyAdmin's setup feature which allows an attacker to inject arbitrary PHP code into a configuration file. The original advisory says the vulnerability is present in phpMyAdmin versions 2.11.x < 2.11.9.5 and 3.x < 3.1.3.1; this module was tested on 3.0.1.1. The file where our payload is written (phpMyAdmin/config/config.inc.php) is not directly used by the system, so it may be a good idea to either delete it or copy the running config (phpMyAdmin/config.inc.php) over it after successful exploitation.

tags | exploit, arbitrary, php
advisories | CVE-2009-1151
SHA-256 | c6dcd3c567ac45d96e97a2bc40e1b5ef02017edab7e4eb3995b6fbcd852cad26
QuickTime Streaming Server parse_xml.cgi Remote Execution
Posted Dec 31, 2009
Authored by H D Moore | Site metasploit.com

The QuickTime Streaming Server contains a CGI script that is vulnerable to metacharacter injection, allow arbitrary commands to be executed as root.

tags | exploit, arbitrary, cgi, root
advisories | CVE-2003-0050
SHA-256 | 87169439514fb0afb74e3cd42e5f97a61ab10eb7cfb959af7b8efa2b61313896
PHP Include Generic Exploit
Posted Dec 31, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits various php include vulnerabilities.

tags | exploit, php, vulnerability
SHA-256 | e357d04e020edf1f4d458c10f229063fd076425a03411ffdd5eba7edcc75455a
Zabbix Agent net.tcp.listen Command Injection
Posted Dec 31, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a metacharacter injection vulnerability in the FreeBSD and Solaris versions of the Zabbix agent. This flaw can only be exploited if the attacker can hijack the IP address of an authorized server (as defined in the configuration file).

tags | exploit
systems | solaris, freebsd
SHA-256 | e5f0f890d82d1ebacd0b8289ec44368a0492b00a6c37a1e9b2d6510aaa02d3da
K-Rate SQL Injection
Posted Dec 31, 2009
Authored by e.wiZz!

K-Rate suffers from a remote SQL injection vulnerability in view.php.

tags | exploit, remote, php, sql injection
SHA-256 | aa1c01b4102a6516af200a3259b76ab9569c1d5af7900235a4e7a2eb8e293581
UranyumSoft Ylan Servisi Database Disclosure
Posted Dec 31, 2009
Authored by LionTurk

UranyumSoft Ylan Servisi suffers from a remote database disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | a35779d7d59444546e8f0c2a617d9f2465f76cb92425e710429f0a4b75aeb3b1
WingFTP 3.2.4 Cross Site Request Forgery
Posted Dec 31, 2009
Authored by Ams

WingFTP version 3.2.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | b59dc9a226776116ef463203bc6f45c9546d3061b923e74c7c8abc66701ec2a8
Opera 10.10 Status Bar Obfuscation
Posted Dec 31, 2009
Authored by 599eme Man

Opera 10.10 suffers from a simple status bar obfuscation vulnerability.

tags | exploit
SHA-256 | f62aceb7f0da2b92830284cb98a0f7d2e4ff89322384310aa3aabf9c1b30f181
Joomla RD Download File Disclosure
Posted Dec 30, 2009
Authored by Fl0riX

The Joomla RD Download component suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
SHA-256 | 5705c7f19c549aa257c56f2ef4fc27d8b316fae0eeb3d107a542408ce399787b
Joomla Airmonoblock Blind SQL Injection
Posted Dec 30, 2009
Authored by Fl0riX

The Joomla Airmonoblock component suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9a580206568c9ac0ee5600419251364646fedcf3bb8526f77d97a402300e03ca
My Book World Edition NAS Cross Site Scripting
Posted Dec 30, 2009
Authored by emgent

My Book World Edition NAS suffers from remote command execution and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss
SHA-256 | 03996dc15cc7b4484adfb2f56f2af911023b0cee66da42b3abab4cafce908e78
RoseOnlineCMS Local File Inclusion
Posted Dec 30, 2009
Authored by cr4wl3r

RoseOnlineCMS versions 3 B1 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 2ede8b833493781a7bd20f0019ca7d0f1fd2e6203bc5fdb51d00e99f193694b9
I-Rater Basic Shell Upload
Posted Dec 30, 2009
Authored by indoushka

I-Rater basic suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | bca6fd53c061c6d5dfac064fce00a061cf5e9cdaac310c0e43ee8adf8844d0c4
PicMe 2.1.0 Cross Site Scripting
Posted Dec 30, 2009
Authored by indoushka

PicMe version 2.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 02c7a6d64b3897c3efc19d594ca6cfd70d4f41087373b30dcc426bbe0f1268ea
Mambo View Full Listing SQL Injection
Posted Dec 30, 2009
Authored by Fl0riX

The Mambo View Full Listing component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 71173e2299013ab9d9d5b0a0b5b0612b624c32ba5aafb813f1fc93ed90a38e13
Diesel Job Site 1.4 RFI / XSS / Bypass
Posted Dec 30, 2009
Authored by indoushka

Diesel Job Site version 1.4 suffers from remote file inclusion, cross site scripting, and bypass vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, bypass, file inclusion
SHA-256 | 006aaae6c4f97408cd52fc12f42ef7dd86bc3bdfaf031b85130c69723dcad704
I-Escorts Directory SQL Injection
Posted Dec 30, 2009
Authored by R3d-D3v!L

I-Escorts Directory suffers from a remote SQL injection vulnerability in country_escorts.php.

tags | exploit, remote, php, sql injection
SHA-256 | 2c3fbe5c2e0d04e2045703f6e389a6a339e1bcc094e3494fd1a5109e61b6fc84
PicMe 2.1.0 Shell Upload
Posted Dec 30, 2009
Authored by indoushka

PicMe version 2.1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | c5c948d81fbe80799301fc4d2abf4002ccb5e256ea5c1339b603cd51ab659dfe
UBB.Threads 6 Remote File Inclusion
Posted Dec 30, 2009
Authored by indoushka

UBB.Threads version 6 suffers from remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | 44fa364fc2aff7931dcb4e2dc7009193c46ace8dd9300b83984741e109f67ae7
Joomla StaticXT Cross Site Scripting
Posted Dec 30, 2009
Authored by Fl0riX

The Joomla StaticXT component suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8415966f3132f701db2aab0e8fbb499743b7d9d685c4cae3427754a874ede4be
Scribd.com Cross Site Scripting
Posted Dec 30, 2009
Authored by Nishant Soni | Site secworm.net

Scribd.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | bd5d2cfc9f4b19ce0fc010fbf196df43f94ffc03cfd5fd3d164b9136fc5c0fc3
Netragard Security Advisory 2009-12-19
Posted Dec 30, 2009
Authored by Adriel T. Desautels, Netragard | Site netragard.com

Netragard, L.L.C Advisory - Mac OS X Java Runtime suffers from buffer overflows that allow for remote code execution.

tags | exploit, java, remote, overflow, code execution
systems | apple, osx
advisories | CVE-2009-3869, CVE-2009-3871, CVE-2009-3875, CVE-2009-3874, CVE-2009-3728, CVE-2009-3872, CVE-2009-3868, CVE-2009-3867, CVE-2009-3884, CVE-2009-3873, CVE-2009-3877, CVE-2009-3865, CVE-2009-3866
SHA-256 | b4e62b2f700ce3815f78c1991849fbb9ad953a16a199be95b8d4740f1b5ad9a7
B2B eCommerce SQL Injection
Posted Dec 30, 2009
Authored by nojacipka4

B2B eCommerce suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 331e052b32904169d70331b34a3ee666ee89661f4b2ba4fd74afa8b9ec7a76aa
Joomla KKContent Blind SQL Injection
Posted Dec 30, 2009
Authored by Pyske

The Joomla KKContent component suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 90883c02ab52665255793f86e347d8a1ac97fbd13f02e886fd3632c6b601f753
Despe FreeCell Cross Site Scripting
Posted Dec 30, 2009
Authored by indoushka

Despe FreeCell suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4381d2c342bc4d4b0fc54c236f8d27d60b02fa9826a86c9a662b3163b2783955
Page 5 of 24
Back34567Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Why Does The US Want To ban TikTok, And When Could It Happen?
Posted Mar 15, 2024

tags | headline, government, usa, china, cyberwar, spyware, social
Discontinued Security Plugins Expose Many WordPress Sites To Takeover
Posted Mar 15, 2024

tags | headline, hacker, flaw, wordpress
Member Of LockBit Ransomware Group Sentenced To 4 Years In Prison
Posted Mar 15, 2024

tags | headline, malware, canada, russia, cybercrime, fraud, cryptography
Banish OEM Self-Signed Certs And Roll Your Own LetsEncrypt
Posted Mar 15, 2024

tags | headline, privacy, cryptography
Cop Shop Rapped For Completely Avoidable Web Form Blunder
Posted Mar 15, 2024

tags | headline, government, privacy, britain, data loss
Cisco Patches High Severity IOS RX Vulnerabilities
Posted Mar 14, 2024

tags | headline, flaw, patch, cisco
RedLine Malware Top Credential Stealer Of Last 6 Months
Posted Mar 14, 2024

tags | headline, hacker, malware, cybercrime, data loss, password, identity theft
Meta Sues Brazenly Disloyal Former Exec Over Stolen Confidential Docs
Posted Mar 14, 2024

tags | headline, data loss, fraud, facebook
Poking Holes In Google Tech Bagged Bug Hunters $10M
Posted Mar 14, 2024

tags | headline, hacker, flaw, google
US Congress Goes Bang, Bang, On Tik-Tok Sale Or Ban Plan
Posted Mar 14, 2024

tags | headline, government, privacy, usa, china, cyberwar, spyware, social
View More News →
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close