Nagios Plugin check_ups local buffer overflow proof of concept exploit.
480e395245d4f2a787ed42a9a1c6f63c6b984d7222841a698055b21a9e6522f2Free Image Hosting suffers from a shell upload vulnerability.
c0449e71cd5d9af01a83b31144a5dd2d0cc975fb16272cae7ebcb8bd28898af5OpenEMR 4 suffers from cross site scripting and remote SQL injection vulnerabilities.
c5472d4657683443d0f1450f9011027988e59ef78f177e8fcb2f435fbdcb01c4MyBB version 1.6.5 suffers from a cross site scripting vulnerability.
afe4036091106e101329b12a40fc799514261911b1ababc195437fb016cb7a66Lighttpd versions before 1.4.30 and 1.5 before SVN revision 2806 out-of-bounds read segmentation fault denial of service exploit.
a78ebddef1ff446f752bc857193d5fc6a7bb8cdaa8a66f37a2fd64a80504bfe7Microsoft Windows Media Player version 11.0.5721.5262 remote denial of service exploit.
8f956aea0456c97de55561f1b85fde6e2d17e46339271b02a273569d29f09677Putty version 0.60 null pointer denial of service exploit.
c0e5d6fed8a39f92e5fe93389c056c8233af29be9277250b0220f8dccc1f7f2eMySQL version 5.5.8 remote denial of service proof of concept exploit.
e47dc3eb176f47a4d695cb60327c8ceca93506e42b7b61b174b504ddbbd485fdFreeSSHD remote denial of service proof of concept exploit.
64ef29a432819a28b41d8f37b7d65cc811d1a982933c6caf1642e4ced0608e7aPre Studio Business Card Designer suffers from a remote SQL injection vulnerability.
c794f54bab399b0c0633492d18f99b818df6ffbe8246ade34257f886b2c02046D-Zayn Web Design Access suffers from a remote SQL injection vulnerability.
a1ae391f129cbd6c64b9a123df61a7dcf6e5f853e2420e8d50108ee26be570cbGraphicClone suffers from a cross site scripting vulnerability.
7e386b1f62fdf95ab4f2156dbfe331cae9df9200886e6339cdf26aab4295c59fThis Metasploit module exploits a buffer overflow in OpenTFTP Server SP 1.4. The vulnerable condition triggers when the TFTP opcode is configured as an error packet, the TFTP service will then format the message using a sprintf() function, which causes an overflow, therefore allowing remote code execution under the context of SYSTEM. The offset (to EIP) is specific to how the TFTP was started (as a 'Stand Alone', or 'Service'). By default the target is set to 'Service' because that's the default configuration during OpenTFTP Server SP 1.4's installation.
10056b046a41d7587ed57448581e4849d5d597aefca473ec48c1a6dfbccc8913This Metasploit module exploits the Oracle Job Scheduler to execute arbitrary commands. The Job Scheduler is implemented via the component extjob.exe which listens on a named pipe called "orcljsex<SID>" and execute arbitrary commands received throw this channel via CreateProcess(). In order to connect to the Named Pipe remotely SMB access is required. This Metasploit module has been tested on Oracle 10g Release 1 where the Oracle Job Scheduler runs as SYSTEM on Windows but it's disabled by default.
a5520991853dfba840715d948313a5ca0eee49a3177ec837c2761cf043b2c418Open Conference Systems versions 2.3.4 and below, Open Journal Systems version 2.3.6 and below and Open Harvester Systems versions 2.3.1 and below remote code execution exploit.
c8514bceee7ade59cbec79ac89af4009e9637eb3d5dcbf7b21c50429755f0ec6This Metasploit module exploits a SIP username enumeration vulnerability in Asterisk. Performs a REGISTER scan for numeric peer usernames having a nat setting different to global sip nat setting. Works even when alwaysauthreject=yes. For this exploit to work, the source port cannot be 5060.
54da0d99e312b44be212dc5220e9ea0fef3a31a1f8a4b91a6f8f48f53c53ca09This Metasploit module exploits an arbitrary command execution vulnerability in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php.
2a414aa71e3429752f31a3f9f0ad17a08f3c3d290b612cfb08bbb15b1b14dea3This Metasploit module abuses a command execution vulnerability within the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists within the 'mappy' search command which allows to run python code. To exploit this vulnerability a valid Splunk user with the admin role is required. Unfortunately, Splunk uses a default credential of 'admin:changeme' for admin access, which is used to leverage our attack. The Splunk Web interface runs as SYSTEM on Windows and as root on Linux by default.
4cec15e9c8252677e5cd1bb453f1bd43e0c2eb409d8162a5ce458bb290116509Tiki Wiki CMS Groupware versions 8.2 and below suffer from a remote PHP code injection vulnerability in snarf_ajax.php.
b7307f459df54b9ed0978af284f064b18dafbeb2458c69e4c3625d1e42e39172phpMyAdmin version 3.4.8 suffers from a cross site scripting vulnerability.
a8c40f3aee84c74d540c2097d20b0799688cc7300895c4ba59bc51a7b094009fDrupal version 6.22 with SuperCron version 6.x-1.3 suffers from a cross site scripting vulnerability.
8a89f2d6aafb86f8a2a868799cba22ec0847d46793c38a7e65f20270b976c80eWhois Cart Billing suffers from cross site scripting and credential disclosure vulnerabilities.
14544ef73256873b243f248ee7ddffc710806649b369ac24542d5fedfed61670Iran Sports Network suffers from a remote SQL injection vulnerability.
313de7f72a01e2adc00846d8d25134e08fcad8a8004e4e385dd96b4a476b5ffbInfoproject Biznis Heroj versions Plus, Pro and Extra all suffer from a remote SQL injection vulnerability that allows for authentication bypass.
961df363124e6674f343f13b06667b0bf250c19cf3e3b56c172a9d02e465728bInfoproject Biznis Heroj versions Plus, Pro and Extra all suffer from cross site scripting and remote SQL injection vulnerabilities.
8ecabcbaea16aca5a5916cc00663bf1cb2f9fa325f8b98c1af8c3175c22a5eef
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed