exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 257 RSS Feed

Files

Digital Age SQL Injection
Posted Sep 16, 2012
Authored by TUNISIAN CYBER

Digital Age based sites suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 65865b41035f0e109ed0ff69fb318c3c7b2d7a540a87c9053f391c980ad7e987
LinkedIn Clickjacking / Open Redirection
Posted Sep 15, 2012
Authored by Ajay Singh Negi

LinkedIn suffers from clickjacking and open URL redirection vulnerabilities.

tags | exploit, vulnerability
SHA-256 | b6579358ab8ea2745cc3360e9133088f1110d9aebb005e3b3138404134f48e5f
Confluence Wiki 4.1.4 Cross Site Scripting
Posted Sep 15, 2012
Authored by INTREST SEC

Confluence Wiki versions 3.5.9, 4.0.3, and 4.1.4 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9bcf399a2e8ea5531b3605b2128bf6b02fa2c55f7a7dea89f867a811b06a28d7
CNN.com Cross Site Scripting
Posted Sep 15, 2012
Authored by TayfunBasoglu

Multiple CNN sites suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 096af4011880d288a5647811b198a78701418586dcb30a2927def6dfc9268a09
IFOBS Cross Site Scripting / Brute Force
Posted Sep 15, 2012
Authored by MustLive

IFOBS suffers from cross site scripting and brute forcing vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 065d53ba03513e5662ef8b879522b39ede97e028bf86ca1db8b8b6aa9679f634
Vetor Design SQL Injection
Posted Sep 15, 2012
Authored by TUNISIAN CYBER

Vetor Design based sites suffer from multiple remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | fd917f043929b483d7b010f851cf056f010cf2f878bc643ccff5d44b63a5148e
Trainor SQL Injection
Posted Sep 15, 2012
Authored by Net.W0lf, Hack Center Security Team

Trainor suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 8299bb963d997ff2b0c5b98826cea0e0e7ba4cb6b3b7b717e49f86db73db7f42
University Of Wisconsin - Madison Cross Site Scripting
Posted Sep 15, 2012
Authored by s4r4d0

The University of Wisconsin suffers from a cross site scripting vulnerability on commarts.wisc.edu.

tags | exploit, xss
SHA-256 | 3c9dbcba637bf78582ce1f17faef4824ab22c796a14ea0dec8e3fac15a409641
Oracle BTM FlashTunnelService Remote Code Execution
Posted Sep 15, 2012
Authored by rgod, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits abuses the FlashTunnelService SOAP web service on Oracle Business Transaction Management 12.1.0.7 to upload arbitrary files, without authentication, using the WriteToFile method. The same method contains a directory traversal vulnerability, which allows to upload the files to arbitrary locations. In order to execute remote code two techniques are provided. If the Oracle app has been deployed in the same WebLogic Samples Domain a JSP can be uploaded to the web root. If a new Domain has been used to deploy the Oracle application, the Windows Management Instrumentation service can be used to execute arbitrary code. Both techniques has been successfully tested on default installs of Oracle BTM 12.1.0.7, Weblogic 12.1.1 and Windows 2003 SP2. Default path traversal depths are provided, but the user can configure the traversal depth using the DEPTH option.

tags | exploit, remote, web, arbitrary, root
systems | windows
advisories | OSVDB-85087
SHA-256 | 7ce41ed8870542efde605f50001955d8595ff56317328c0892477dec49dbddec
Trend Micro InterScan Messaging Security Suite XSS / CSRF
Posted Sep 15, 2012
Authored by modpr0be

Trend Micro InterScan Messaging Security Suite suffers from stored cross site scripting and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2012-2995, CVE-2012-2996
SHA-256 | d86efa1d88ecdbb7560b3e29adb1a12d5b6a2953d61809ccae4d56fd757440dc
Web Biz India SQL Injection
Posted Sep 14, 2012
Authored by Net.W0lf, Hack Center Security Team

Web Biz India suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, web, sql injection
SHA-256 | 4c8b887299c6bb74d5f1c320fa89562c99f21650029fb5407ef1a7bfbf936e82
Internet Download Manager SEH Based Buffer Overflow
Posted Sep 14, 2012
Authored by Dark-Puzzle

Internet Download Manager SEH based buffer overflow exploit that spawns cmd.exe.

tags | exploit, overflow
SHA-256 | 6b1d1f0931da27bc6e7a701bad516d556bcb7d07ac95b7850477f687fe80adc6
Apis Design SQL Injection
Posted Sep 14, 2012
Authored by Net.W0lf, Hack Center Security Team

Apis Design suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 32481e797bcb310151a7e6e4bb4076e9e111381107140f68fa1c19723c254489
Mambo / Joomla FCKEditor Local File Inclusion
Posted Sep 14, 2012
Authored by BHG Security Center, Siavash

The FCKEditor as used with Mambo and Joomla appears to suffer from a local file inclusion vulnerability. Note that this finding houses site-specific data.

tags | exploit, local, file inclusion
SHA-256 | f219a4b356a444e51fa698fdc29ad6feefbbc50579e18c529aa2e589001587d8
AsaanCart 0.9 Cross Site Scripting
Posted Sep 14, 2012
Authored by HTTPCS

AsaanCart version 0.9 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | d012c781e38c2ca86b6dde2c8b0f0f267153528455524c83c5b4b438d1f74cfe
Linux udev Netlink Local Privilege Escalation
Posted Sep 14, 2012
Authored by Kingcope, Jon Oberheide, egypt | Site metasploit.com

Versions of udev < 1.4.1 do not verify that netlink messages are coming from the kernel. This allows local users to gain privileges by sending netlink messages from userland.

tags | exploit, kernel, local
advisories | CVE-2009-1185
SHA-256 | a339530d415e4d147ac5e6556a603790385a27c54518e11e95069181161f0615
qdPM 7 Arbitrary PHP File Upload
Posted Sep 14, 2012
Authored by loneferret, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in qdPM - a web-based project management software. The user profile's photo upload feature can be abused to upload any arbitrary file onto the victim server machine, which allows remote code execution. Please note in order to use this module, you must have a valid credential to sign in.

tags | exploit, remote, web, arbitrary, code execution
advisories | OSVDB-82978
SHA-256 | f5f6ba93d6feeeed1d320115b76b89c669688a7089990888c0aafa5f2993314c
NeoBill CMS 0.8 Alpha Cross Site Scripting
Posted Sep 13, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

NeoBill CMS version 0.8 Alpha suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 822afd129543fb06bff19bee3fad9eae0858443e77bff5c180bcdd818f30d07a
ASTPP VoIP Billing (4cf207a) Cross Site Scripting
Posted Sep 13, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

ASTPP VoIP Billing (4cf207a) suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 9170586ac48be9d705b106c2a789416c8d055cc9e85a296383a20326390d1773
eking CMS Shell Upload
Posted Sep 13, 2012
Authored by Mh0122

eking CMS suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | d336902cadf6e4bff5d858679266f94e11af365d316fc0c2e0066cd79e4705e5
MediaLab SQL Injection
Posted Sep 13, 2012
Authored by Samim.s

MediaLab suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | f432a3493a7dfa182008b659655ce7486daeb8263fbd6ba9bb2c2434e64f293b
Internet Download Manager Buffer Overflow
Posted Sep 13, 2012
Authored by Dark-Puzzle

Internet Download Manager suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | ac2a7cf7ff7d28aa6957250c17b97b117ba47f182bbbd26140d2b8a239610de7
Fortigate UTM WAF Appliance Cross Site Scripting
Posted Sep 13, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

The Fortigate UTM WAF Appliance suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 973037cd16c3619fefcd01e291bd7d062370066524132c4aedaad8cd3c188506
Webify Photo Gallery Arbitrary File Deletion
Posted Sep 13, 2012
Authored by jiko

Webify Photo Gallery suffers from a remote arbitrary file deletion vulnerability.

tags | exploit, remote, arbitrary
SHA-256 | 5a20c707c752685a34c581c231d15603b59918c1f6f5b8c939b59d137876e2e0
Knowledge Base EE 4.62.0 SQL Injection
Posted Sep 13, 2012
Authored by Karim H.B., Vulnerability Laboratory | Site vulnerability-lab.com

Knowledge Base EE version 4.62.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9465812d6d39ca2ea7ee5e988a03f2a66cbeedbbe8e2f6de8750fa79100f936e
Page 5 of 11
Back34567Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Apple Suddenly Drops NSO Group Spyware Lawsuit
Posted Sep 18, 2024

tags | headline, privacy, phone, flaw, israel, spyware, apple
11 Dead, Thousands Injured In Explosive Supply Chain Attack On Hezbollah Pagers
Posted Sep 18, 2024

tags | headline, wireless, cyberwar, israel, terror, backdoor
Cops Across The World Arrest 51 In Orchestrated Takedown Of Ghost Crime Platform
Posted Sep 18, 2024

tags | headline, hacker, government, australia, cybercrime, fraud
Wait... Did Pagers Get Hacked To Blow People Up?
Posted Sep 17, 2024

tags | headline, cyberwar, israel, terror
Predator Spyware Kingpins Added To US Sanctions List
Posted Sep 17, 2024

tags | headline, hacker, government, privacy, spyware
D-Link Patches Critical Router Vulnerabilities
Posted Sep 17, 2024

tags | headline, flaw, patch
France Uses Tough, Untested Cybercrime Law To Target Durov
Posted Sep 17, 2024

tags | headline, government, cybercrime, france, social
Malware Attack Targets US-Taiwan Defense Conference
Posted Sep 17, 2024

tags | headline, government, malware, usa, china, cyberwar, taiwan, military
TikTok Is Getting Its Day In Court
Posted Sep 16, 2024

tags | headline, government, privacy, usa, phone, china, cyberwar, spyware
Ransomware Group Leaks Data Stolen From Kawasaki Motors
Posted Sep 16, 2024

tags | headline, hacker, privacy, cybercrime, data loss, cryptography
View More News →
packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close