Exploit the possiblities
Showing 1 - 25 of 254 RSS Feed

Files

Packet Storm New Exploits For May, 2011
Posted Jun 1, 2011
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 253 exploits added to Packet Storm in May, 2011.

tags | exploit
systems | linux
MD5 | e7bc798f4cc81eb1e408b098635f727c
Guru JustAnswer Professional 1.25 SQL Injection
Posted May 31, 2011
Authored by v3n0m

Guru JustAnswer Professional version 1.25 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | d7771e297caa5d610e3a0e1998993869
iPhone4 FTP Server 1.0 Remote Crash
Posted May 31, 2011
Authored by offsetIntruder

iPhone4 FTP Server 1.0 empty CWD-RETR remote crash denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 79657b665e9fa419c1fae8360ff6512f
Joomla 1.6.x Administrator PHP Code Execution
Posted May 31, 2011
Authored by James Bercegay | Site gulftech.org

This Metasploit module can be used to gain a remote shell to a Joomla! 1.6.x install when administrator credentials are known. This is achieved by uploading a malicious component which is used to execute the selected payload.

tags | exploit, remote, shell
MD5 | 770f64482cd13284a81000f0afe6bddb
Joomla 1.6.0 SQL Injection
Posted May 31, 2011
Authored by James Bercegay | Site gulftech.org

A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage the SQL Injection to extract admin credentials, and then store those credentials within the notes_db. The vulnerability is due to a validation issue in /components/com_content/models/category.php that erroneously uses the "string" type whenever filtering the user supplied input. This issue was fixed by performing a whitelist check of the user supplied order data against the allowed order types, and also escaping the input.

tags | exploit, php, sql injection
advisories | CVE-2011-1151
MD5 | b819205651e4caec804b0148a1d22d71
Kentico CMS 5.5R2.23 Cross Site Scripting
Posted May 31, 2011
Authored by LiquidWorm | Site zeroscience.mk

Kentico CMS versions 5.5R22.23 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c22edd73b708209a777319388b6c9d45
FestOS <= 2.3c TinyBrowser File Upload Code Execution
Posted May 31, 2011
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits a vulnerability in the TinyMCE/tinybrowser plugin. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.

tags | exploit
MD5 | a474da5b9be867cdebee725b28be40fb
GloDerWorks SQL Injection
Posted May 31, 2011
Authored by Kalashinkov3

GloDerWorks suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d48b24a2e088c09d886171467bc9b073
Belkin G Wireless Router 5.00.12 Password Hash Disclosure
Posted May 31, 2011
Authored by Aodrulez

Belkin G Wireless Router with firmware version 5.00.12 suffers from a password hash disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 0b0b24201b67df4507c45b4baae53759
7-Technologies IGSS 9 Data Server/Collector Packet Handling
Posted May 31, 2011
Authored by Luigi Auriemma, sinn3r | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities found on IGSS 9's Data Server and Data Collector services. The initial approach is first by transferring our binary with Write packets (opcode 0x0D) via port 12401 (igssdataserver.exe), and then sending an EXE packet (opcode 0x0A) to port 12397 (dc.exe), which will cause dc.exe to run that payload with a CreateProcessA() function as a new thread.

tags | exploit, vulnerability
MD5 | 2b8a3b2a358404af9856bc15f95108a4
Websolutions SQL Injection
Posted May 31, 2011
Authored by Kalashinkov3

Websolutions suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 76d87afb1a59cc88f7a5868a6bd9369a
Brother HL-5370DW Series Authentication Bypass
Posted May 31, 2011
Authored by chrisB

Brother HL-5370DW series authentication bypass printer flooding exploit.

tags | exploit, bypass
MD5 | 3c6391339b0105425851f345e7a9b485
MSN Live Messenger 14.0 Plus! DLL Hijack
Posted May 31, 2011
Authored by Kalashinkov3

MSN Live Messenger version 14.0 Plus! suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 87d29737443f7dce2453bf1ae1338a8f
Callisto 821+ Cross Site Request Forgery / Cross Site Scripting
Posted May 30, 2011
Authored by MustLive

Callisto 821+ ADSL modems suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | a771779480eee0d21e9b77d892b978f3
Apache Archiva 1.3.4 Cross Site Request Forgery
Posted May 30, 2011
Authored by Riyaz Walikar | Site archiva.apache.org

Apache Archiva versions 1.3.0 through 1.3.4 suffer from multiple cross site request forgery vulnerabilities. Proof of concept findings included.

tags | exploit, vulnerability, proof of concept, csrf
advisories | CVE-2011-1026
MD5 | 46e0efc2873583daa101dbff8dd69e8e
Apache Archiva 1.3.4 Cross Site Scripting
Posted May 30, 2011
Authored by Riyaz Walikar | Site archiva.apache.org

Apache Archiva versions 1.3.0 through 1.3.4 suffer from multiple cross site scripting vulnerabilities. Proof of concept findings are included.

tags | exploit, vulnerability, xss, proof of concept
advisories | CVE-2011-1077
MD5 | 781440f7cd26f179cb2f4c9001c1fe12
w-Agora Forum 4.2.1 Shell Upload
Posted May 30, 2011
Authored by Treasure Priyamal

w-Agora Forum version 4.2.1 suffers from a shell upload vulnerability.

tags | exploit, shell
MD5 | 403d4f200430d420e4ecd7b504d0c0fa
Forticlient SSL VPN Symlink Overwrite
Posted May 30, 2011
Authored by magikh0e

Forticlient SSL VPN suffers from an insecure lock file creation vulnerability.

tags | exploit
MD5 | 6bd9ddf64d7fb42a9ad767e5302a72ae
TinyMCE AjaxFileManager Shell Upload
Posted May 30, 2011
Authored by Dr Trojan

TinyMCE AjaxFileManager suffers from a shell upload vulnerability.

tags | exploit, shell
MD5 | 5b4b705b66c67e3b039a9a5676534733
Joomla Joomnik SQL Injection
Posted May 30, 2011
Authored by SOLVER

The Joomla Joomnik component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 522a9ed1cc946710f7f29347dbde1ccb
HP Data Protector Client EXEC_SETUP Code Execution
Posted May 30, 2011
Authored by fdisk

HP Data Protector Client EXEC_SETUP remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2011-0922
MD5 | 5b408a4ad9db16208636f5c645165cc5
vBulletin 4.1.2 search.php SQL Injection
Posted May 30, 2011
Authored by James Bercegay | Site gulftech.org

vBulletin versions 4 through 4.1.2 are vulnerable to a preauth SQL Injection issue that may be used by an attacker to extract user credentials, and potentially gain administrative access, potentially leading to remote PHP code execution.

tags | exploit, remote, php, code execution, sql injection
MD5 | 23ef7ac73e51aaed5fc2776d5e7fcf9f
WysGui <= 2.3 (FCKeditor) File Upload Code Execution
Posted May 30, 2011
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits a vulnerability in the FCK/CKeditor plugin. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.

tags | exploit
MD5 | e0cfda04866c569459b89b151b76b785
Bitweaver 2.x (FCKeditor) File Upload Code Execution
Posted May 30, 2011
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits a vulnerability in the FCK/CKeditor plugin. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.

tags | exploit
MD5 | 16aaccb7754cf34c355d08373881a6f5
nvisionix Roaming System Remote metasys 0.2 Local File Inclusion
Posted May 30, 2011
Authored by Treasure Priyamal

nvisionix Roaming System Remote metasys version 0.2 suffers from a local file inclusion vulnerability.

tags | exploit, remote, local, file inclusion
MD5 | 1b3694b5fb0b741cb9fa850e0255bd6a
Page 1 of 11
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close