exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 196 RSS Feed

Files

meetOne Insecure Transport / Information Disclosure
Posted Jul 28, 2012
Authored by anonymous

meetOne, a populate iTunes application, suffers from information disclosure and transport of credentials in the clear.

tags | exploit, info disclosure
SHA-256 | f1b6167b0f9adb1d2ae657c5d3a9d3aa57bc983cdcb2a5b4eab69f77c76dd946
rdtax.myeg.com.my Cross Site Scripting
Posted Jul 27, 2012
Authored by Ryuzaki Lawlet

rdtax.myeg.com.my suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c2fc1cd70037cca8df2b3733c820778cf56f07e5af2d9f51862f9ebb904b6e77
Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection
Posted Jul 27, 2012
Authored by muts, sinn3r | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service. While handling the filename parameter, the Spywall API does not do any filtering before passing it to an exec() call in proxy_file(), thus results in remote code execution under the context of the web server. Please note authentication is NOT needed to gain access.

tags | exploit, remote, web, code execution
advisories | CVE-2012-2953
SHA-256 | 0cd8a8da3d231693715d4e8b287a75415523666ac53647e469041b791662ac0b
Cisco Linksys PlayerPT ActiveX Control Buffer Overflow
Posted Jul 27, 2012
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.

tags | exploit, web, overflow, code execution
systems | cisco
advisories | OSVDB-80297
SHA-256 | 2dfadd85c9c6ae2a3b6dbc4fd0a0377aac24947c5d90300dbf9bd50e9aa7ebe9
CuteFlow 2.11.2 Arbitrary File Upload
Posted Jul 27, 2012
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in CuteFlow version 2.11.2 or prior. This application has an upload feature that allows an unauthenticated user to upload arbitrary files to the 'upload/___1/' directory and then execute it.

tags | exploit, arbitrary
SHA-256 | 7e52dec1e5036e52df909f5beaef31339c50c613b21624d2406a52176b941892
Social Engine 4 Cross Site Scripting
Posted Jul 27, 2012
Authored by X-Cisadane

Social Engine version 4 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 9cb66f52c5d1f11ad81ff910c9c102602740a914f20a0ffd26f00dea52754f32
Thelia 1.5.1 Cross Site Scripting
Posted Jul 27, 2012
Authored by HTTPCS

Thelia version 1.5.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 71f0cfbffd7fcba6a76de33cac3d72bc47893ce798f1cb2064c4f1c6369ae33a
europ INNET Web Studio Administration Program 2.0 XSS / CSRF / LFI
Posted Jul 26, 2012
Authored by Akastep

europ INNET Web Studio Administration Program version 2.0 suffers from cross site request forgery, cross site scripting, local file inclusion, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, web, local, vulnerability, xss, sql injection, file inclusion, csrf
SHA-256 | 8b945b66041046c68f9608814b1da5af72c0a32cca28ec9997b10974d6f42623
Mini-Stream RM-MP3 Converter 3.1.2.1.2010.03.30 Buffer Overflow
Posted Jul 26, 2012
Authored by Gianni Gnesa

Mini-Stream RM-MP3 Converter version 3.1.2.1.2010.03.30 buffer overflow exploit with ASLR and DEP bypass.

tags | exploit, overflow
advisories | CVE-2009-1328
SHA-256 | edfd394763830724256e7884bbcdffd800bc4481aa275a07d6e9009bb6093555
PHP UnZIP 0.1 File Disclosure
Posted Jul 26, 2012
Authored by Taurus Omar

PHP UnZIP version 0.1 suffers from a remote disclosure vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, php, info disclosure
SHA-256 | 23a6b6805759f0b8d0a1867fb3e155e4357ccfc59fdb6f110096ef1b359dadac
Photodex ProShow Producer 5.0.3256 Buffer Overflow
Posted Jul 26, 2012
Authored by mr.pr0n, Julien Ahrens, juan | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Photodex ProShow Producer version 5.0.3256 in the handling of the plugins load list file. An attacker must send the crafted "load" file to victim, who must store it in the installation directory. The vulnerability will be triggered the next time ProShow is opened. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow
systems | windows
advisories | OSVDB-83745
SHA-256 | bf2514d474a7b08d3b8119c8f11509c92a1414014f2de791e9a5e94b2b9e0c03
120host.net Cross Site Scripting
Posted Jul 25, 2012
Authored by ApoCaLypSee

Sites powered by code from 120host.net appear to suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | d20c64908a88aaaf4b2c62d545a432348c90464c70dda946a4bcd87c144f5ca8
Redaxo 4.4 Cross Site Scripting
Posted Jul 25, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

Redaxo version 4.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-3869
SHA-256 | 44fcafd5bf41a508f40719e15f1cb1569a6d62987e638d5f77a211a346b98692
BarCodeWiz Barcode 4.0.0.0 Buffer Overflow
Posted Jul 25, 2012
Authored by coolkaveh

BarCodeWiz Barcode version 4.0.0.0 suffers from an active-x buffer overflow vulnerability.

tags | exploit, overflow, activex
SHA-256 | b100107c50c5435e8468ce713c08d01fee63a0729c92fd3d29da921ea87d64b1
Joomla Odudeprofile 2.x SQL Injection
Posted Jul 25, 2012
Authored by Daniel Barragan

Joomla Odudeprofile component version 2.x suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8b5536a92abeb5455576bdcda4e58fb09ea7f7b74b19c495050cdfec88ce5f79
Morovia Barcode File Overwrite
Posted Jul 24, 2012
Authored by coolkaveh

Morovia Barcode Professional version 3.8.0 suffers from an active-x file overwrite vulnerability.

tags | exploit, activex
SHA-256 | 1e1a448e430489bae7191a00ab4a67b6395df19750905d33595b962ce815c5a4
WordPress Front End Upload 0.5.4.4 Shell Upload
Posted Jul 24, 2012
Authored by Chris Kellum

WordPress Front End Upload version 0.5.4.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 0193840a20a9f7c0819d8f9eb929cc2b92ed7962ad986566a8ae3ff98a761b03
Symantec Web Gateway 5.0.3.18 LFI / Command Execution
Posted Jul 24, 2012
Authored by muts

Symantec Web Gateway version 5.0.3.18 local file inclusion remote root command execution exploit.

tags | exploit, remote, web, local, root, file inclusion
advisories | CVE-2012-2957
SHA-256 | 88327d0f7cbaac39c6aad31a8ef7f4b43b8d525c4c4b964adfb91854c7a37766
phpProfiles 4.5.4 Beta XSS / RFI / SQL Injection
Posted Jul 24, 2012
Authored by L0n3ly-H34rT

phpProfiles version 4.5.4 Beta suffers from cross site scripting, remote file inclusion, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection, file inclusion
SHA-256 | 92e4557c8dfd2512631cffd63a7f3429b58378e9c7e4e1db2aed8b3c92c252ab
Symantec Web Gateway 5.0.2 Blind SQL Injection
Posted Jul 23, 2012
Authored by muts

Symantec Web Gateway version 5.0.2 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, web, sql injection
advisories | CVE-2012-2574
SHA-256 | 6aec98e00f8daa7f3e784b9b085136fd783f41fed252a1521762a3217af9e407
Simple Web Server Connection Header Buffer Overflow
Posted Jul 23, 2012
Authored by mr.pr0n, juan | Site metasploit.com

This Metasploit module exploits a vulnerability in Simple Web Server 2.2 rc2. A remote user can send a long string data in the Connection Header to cause an overflow on the stack when function vsprintf() is used, and gain arbitrary code execution. The module has been tested successfully on Windows 7 SP1 and Windows XP SP3.

tags | exploit, remote, web, overflow, arbitrary, code execution
systems | windows
SHA-256 | ef2c81d5811597767d04bfb232a9ea85a237262aae453dc634269ab733bcb34c
EGallery PHP File Upload Vulnerability
Posted Jul 23, 2012
Authored by Sammy FORGIT, juan | Site metasploit.com

This Metasploit module exploits a vulnerability found in EGallery 1.2 By abusing the uploadify.php file, a malicious user can upload a file to the egallery/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 10.04.

tags | exploit, arbitrary, php, code execution
systems | linux, ubuntu
advisories | OSVDB-83891
SHA-256 | 526da632857518ba04c937502d05234c1849101abc35c576432b65f2a4fbe5d5
MySQL Squid Access Report 2.1.4 HTML Injection
Posted Jul 23, 2012
Authored by Daniel Godoy

MySQL Squid Access Report version 2.1.4 suffers from an html injection vulnerability.

tags | exploit
SHA-256 | 9ef08e7e97feb92f78a981eb4bf8bf5381847ef326753e6e48890bc57bb3df6e
Nessus On Android 1.0.1 Credential Disclosure
Posted Jul 23, 2012

Nessus version 1.0.1 for Android stores the username and password in cleartext.

tags | exploit
SHA-256 | 431b63271cbeb833e8b77bb7acf8523e8c996d9baec5986af6a90caeab756c6a
Atmail WebAdmin / Webmail Control Panel SQL Root Password Disclosure
Posted Jul 23, 2012
Authored by Ciph3r

Atmail WebAdmin and Webmail Control Panel suffers from a SQL root password disclosure vulnerability.

tags | exploit, root, info disclosure
SHA-256 | 02f37f360dac212fc971b316fb483fdb2f286cf0500b33dcd6659f153fdbcbc9
Page 2 of 8
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close