ignore security and it'll go away
Showing 1 - 25 of 257 RSS Feed

Files

Packet Storm New Exploits For September, 2012
Posted Oct 1, 2012
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 256 exploits added to Packet Storm in September, 2012.

tags | exploit
systems | linux
MD5 | 079f9e6ff54f8714bc540d6ce2da9e03
AlamFifa CMS 1.0 Beta SQL Injection
Posted Sep 30, 2012
Authored by L0n3ly-H34rT

AlamFifa CMS version 1.0 Beta suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 07c0c9aa1bd1294bc4d7dda459339d4f
WordPress Archin Theme Unauthenticated Configuration Access
Posted Sep 30, 2012
Authored by bwall

Archin WordPress theme version 3.2 suffers from an unauthenticated configuration access vulnerability.

tags | exploit
MD5 | dda7a46e8d46019bada27cf8be3eeb72
Reaver Pro Livedisc Code Execution
Posted Sep 30, 2012
Authored by infodox

Reaver Pro Livedisc has a named pipe called /tmp/exe that is world writable and any input to it is passed to the shell interpreter, where it is executed as root. This provides a good demonstration as to why using named pipes to execute commands in applications is a bad idea. This exploit spawns a bindshell on localhost:4444 then connects to it.

tags | exploit, shell, root
MD5 | c2025dfdbad46741d6e4313ad21809f2
LG NAS Used / Password Hash Disclosure
Posted Sep 30, 2012

LG NAS N2B1 Network Storage suffers from a remote username and password hash disclosure vulnerability. Firmware versions 2660 and below are affected.

tags | exploit, remote, info disclosure
MD5 | 73eb8e7645fd37d9017d1413b1932512
CMS Balitbang Depdiknas 3.4 HTML Injection
Posted Sep 30, 2012
Authored by xevil

CMS Balitbang Depdiknas version 3.4 suffers from a cross site scripting / html injection vulnerability.

tags | exploit, xss
MD5 | f16f72b7e9d2c7d270aaab447831fda7
Joomla FreiChat Shell Upload
Posted Sep 29, 2012
Authored by BHG Security Center, Siavash

Joomla FreiChat component suffers from a remote shell upload vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, shell
MD5 | 77bf4e3e7f5d0023dd6cdcee3be1af2d
Deadcow Design Local File Inclusion
Posted Sep 29, 2012
Authored by Net.W0lf, Hack Center Security Team

Sites by Deadcow Design suffer from a local file inclusion vulnerability. Note that this finding houses site-specific data.

tags | exploit, local, file inclusion
MD5 | 443f939df0e8d0b763f3a2604f032bb1
APlite Technologies Local File Inclusion
Posted Sep 29, 2012
Authored by Net.W0lf, Hack Center Security Team

Sites developed by APlite Technologies suffer from a local file inclusion vulnerability. Note that this finding houses site-specific data.

tags | exploit, local, file inclusion
MD5 | 16eda2ffd142562c8e55020c52cdb72c
FvS Groupmp3 CMS SQL Injection
Posted Sep 29, 2012
Authored by Crim3R

FvS Groupmp3 CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 562ceec0beb5237fbda14546dd29cf0a
Dream Ecommerce SQL Injection
Posted Sep 29, 2012
Authored by Crim3R

Sites by Dream Ecommerce suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | b904828ea01362b80246615ba653c3b3
Foxit Reader 5.4.3.0920 Division By Zero
Posted Sep 29, 2012
Authored by coolkaveh

Foxit Reader version 5.4.3.0920 suffers from a division by zero vulnerability. Proof of concept included.

tags | exploit, proof of concept
systems | linux
MD5 | ae80fff578c0d74a0e042698a0d23e53
MediaRocket Local File Inclusion
Posted Sep 29, 2012
Authored by Net.W0lf, Hack Center Security Team

Sites designed by MediaRocket suffer from a local file inclusion vulnerability. Note that this finding houses site-specific data.

tags | exploit, local, file inclusion
MD5 | 9ef50d84f54856781f6e665a650a4e16
Etoro.it Cross Site Scripting
Posted Sep 29, 2012
Authored by tig3rhack

Etoro.it suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9e718a7c6c07b3bcb44119f8be0d4714
Samba SetInformationPolicy AuditEventsInfo Heap Overflow
Posted Sep 28, 2012
Authored by unknown, Blasty, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module triggers a vulnerability in the LSA RPC service of the Samba daemon because of an error on the PIDL auto-generated code. Making a specially crafted call to SetInformationPolicy to set a PolicyAuditEventsInformation allows to trigger a heap overflow and finally execute arbitrary code with root privileges. The module uses brute force to guess the system() address and redirect flow there in order to bypass NX. The start and stop addresses for brute forcing have been calculated empirically. On the other hand the module provides the StartBrute and StopBrute which allow the user to configure his own addresses.

tags | exploit, overflow, arbitrary, root
advisories | CVE-2012-1182, OSVDB-81303
MD5 | 9fe748ff6a579ca40cd64088d23c1d29
OSSEC WUI 0.3 Cross Site Scripting
Posted Sep 28, 2012
Authored by Alejandro Ramos

OSSEC WUI version 0.3 suffers from a POST cross site scripting vulnerability.

tags | exploit, xss
MD5 | 34e0ae8f1866109b77ab13bba1caf90b
JAMF Casper Suite MDM Cross Site Request Forgery
Posted Sep 28, 2012
Authored by Jacob Holcomb

JAMF Casper Suite MDM suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2012-4051
MD5 | 0b9db3a35f8be62325481f6548b316e4
Trend Micro Control Manager 5.5 / 6.0 Blind SQL Injection
Posted Sep 27, 2012
Authored by modpr0be, otoy

Trend Micro Control Manager versions 5.5 and 6.0 suffer from an AdHocQuery remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2012-2998
MD5 | 56f0a5421206e687e52f760ad196651e
Smartfren Connex EC 1261-2 UI OUC Local Privilege Escalation
Posted Sep 27, 2012
Authored by X-Cisadane

Smartfren Connex EC 1261-2 UI OUC suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | be22d1ef4ad1c98bde040010f7fea2c3
Midori Browser 0.3.2 Denial Of Service
Posted Sep 27, 2012
Authored by Ryuzaki Lawlet

Midori Browser version 0.3.2 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | fe6713157afa85b1b05c403eafeff8a6
Cisco DPC2100 Denial Of Service
Posted Sep 26, 2012
Authored by Daniel Smith

Cisco DPC2100 suffers from a denial of service vulnerability.

tags | exploit, denial of service
systems | cisco
advisories | CVE-2011-1613
MD5 | 06de31ce712a4e89dd817b6b83b03b95
WordPress ABC-Test 0.1 Cross Site Scripting
Posted Sep 26, 2012
Authored by Scott Herbert

WordPress ABC-Test plugin version 0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 89afe0e31307529bfb3b51dad2019b3b
phpMyAdmin 3.5.2.2 server_sync.php Backdoor
Posted Sep 26, 2012
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits an arbitrary code execution backdoor placed into phpMyAdmin version 3.5.2.2 through a compromised SourceForge mirror.

tags | exploit, arbitrary, code execution
MD5 | 3eb0ebaa1adb15ab2abbef001b5c428d
ViArt Shop Enterprise 4.1 Arbitrary Command Executio
Posted Sep 26, 2012
Authored by LiquidWorm | Site zeroscience.mk

ViArt Shop Enterprise version 4.1 suffers from an arbitrary command execution vulnerability.

tags | exploit, arbitrary
MD5 | 7eb42e20ae5ab7916441ede29a6a3374
ViArt Shop Enterprise 4.1 Cross Site Scripting
Posted Sep 26, 2012
Authored by LiquidWorm | Site zeroscience.mk

ViArt Shop Enterprise version 4.1 suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | e7cc4c507c035fd7f934eadcf26d288a
Page 1 of 11
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
UK TV Drama About North Korea Hit By Hackers
Posted Oct 17, 2017

tags | headline, hacker, government, britain, cyberwar, korea
Russia Tweaks Telegram With Tiny Fine For Decryption Denial
Posted Oct 17, 2017

tags | headline, government, privacy, russia, cryptography
Never Mind The WPA2 Drama... Details Emerge Of TPM Key Fail
Posted Oct 17, 2017

tags | headline, wireless, flaw, cryptography
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
Pizza Hut Latest To Be Hit In Card Data Breach
Posted Oct 16, 2017

tags | headline, hacker, privacy, bank, cybercrime, data loss, fraud
Artificial Intelligence - Hype, Hope, And Fear
Posted Oct 16, 2017

tags | headline, botnet, cyberwar
KRACK Attacks: Breaking WPA2 By Forcing Nonce Reuse
Posted Oct 16, 2017

tags | headline, privacy, phone, wireless, flaw, cryptography
Even Pokemon Go Was Used By Russia To Meddle In The Election
Posted Oct 13, 2017

tags | headline, government, usa, russia, cyberwar
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close