exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 214 RSS Feed

Files

ManageEngine Support Center Plus 7908 XSS / Shell Upload
Posted Oct 16, 2012
Authored by xistence

ManageEngine Support Center Plus versions 7908 and below suffer from multiple cross site scripting and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, xss
SHA-256 | ce1d93bee37427da393ef8b2a378940e15f95dfe2266842aa8f8b6171109489a
Videosmate Organizer 4.2 Authentication Bypass / Path Disclosure
Posted Oct 16, 2012
Authored by Akastep

Videosmate Organizer version 4.2 suffers from authentication bypass and path disclosure vulnerabilities.

tags | exploit, vulnerability, bypass, info disclosure
SHA-256 | 880befa250d4287f9d17efed7dffd5623e713602127613fb7304b05c5fb437f4
Sisfokol 4.0 Shell Upload
Posted Oct 16, 2012
Authored by cr4wl3r

Sisfokol version 4.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | a96997e054286875413e8ada93462f0f65be5c7e12988df9c6f7e6c6a47272e2
Joomla iCagenda SQL Injection / Path Disclosure
Posted Oct 16, 2012
Authored by Dark-Puzzle

The Joomla iCagenda component suffers from remote blind SQL injection and path disclosure vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
advisories | OSVDB-85148
SHA-256 | c186dd88d27cbd897492034bea5e2be409f2d91cd8ee702fa3a083a05391695b
MyBB Profile Albums 0.9 SQL Injection
Posted Oct 16, 2012
Authored by Th3FreakPony

MyBB Profile Albums plugin version 0.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 62d5c0744bcf097aeea0a55cc01c5e13dc19b2c4579f7c5c2089f594358480af
Visual Tools DVR Command Injection / Password Disclosure
Posted Oct 16, 2012
Authored by Andrea Fabrizi | Site andreafabrizi.it

Visual Tools DVR VS Series versions 3.0.6.16 and below and VX Series versions 4.2.19.2 and below suffer from administrative password disclosure, default administrative password, log file disclosure, command injection, and insecure permission vulnerabilities.

tags | exploit, vulnerability, info disclosure
SHA-256 | 57aec9566565a83d94933270426cb1b822eb107ada1e1ad8c594b19a032e394f
ContentDrome CMS 1.0 SQL Injection
Posted Oct 15, 2012
Authored by Busindre

ContentDrome CMS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 73c2726296fd2637a01b36529b8bfae0c76aab0e331d45b281cd7bab25811827
PBBoard 3.0.0 Cross Site Scripting / SQL Injection
Posted Oct 15, 2012
Authored by L0n3ly-H34rT

PBBoard version 3.0.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 6a8e16b78aad7c01d7d1e7ad57678ec6b2579e91772fb38f8d32343eeb830165
Ezhometech EzServer 7.0 Remote Heap Corruption
Posted Oct 15, 2012
Authored by Lorenzo Cantoni

Ezhometech EzServer version 7.0 is audio/video software that suffers from a remote heap corruption vulnerability. Version 6.x is not affected by this issue as does not implement RTMP support. Proof of concept code included.

tags | exploit, remote, denial of service, proof of concept
systems | linux
advisories | CVE-2012-4750
SHA-256 | 83dc01eefa9bd8b1d9dfa7caa0f8da4da634aaa850e094de92bccad0ba4308a1
Samsung Kies 2.3.2.12054_20 NULL Pointer Dereference / Access Control
Posted Oct 15, 2012
Authored by High-Tech Bridge SA, Frederic Bourla | Site htbridge.com

Samsung Kies version 2.3.2.12054_20 suffers from a null pointer dereference and multiple improper access control vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2012-3806, CVE-2012-3807, CVE-2012-3808, CVE-2012-3809, CVE-2012-3810
SHA-256 | 3be5d1fc00baef95418066a6e177e3648f8af24d33460c51813fe80c0adeb108
Desarrollo Web Peru Default Login
Posted Oct 15, 2012
Authored by Taurus Omar

Sites created by Desarrollo Web Peru appear to have a default administrative account left in with a password of 12345. Note that this finding houses site-specific data.

tags | exploit, web
SHA-256 | 3ed266f45efa6a00461e6f8ddd18c1a225feeb756b518fe1d9ac3d16a58d9a4c
Idel4 SQL Injection / Cross Site Scripting
Posted Oct 15, 2012
Authored by Taurus Omar

Idel4 suffers from remote SQL Injection and cross site scripting vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 2fc75908f2553d8aeae8b5218dfc17be77e7b57bc276cf8cacd937e43a7390fd
UvumiTools Crop 2.0.0 Shell Upload
Posted Oct 15, 2012
Authored by Taurus Omar

UvumiTools Crop version 2.0.0 suffers from a remote shell upload vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, shell
SHA-256 | f613e10dfef91573b2ae31ad870fb775124fbb9dd6c851e315bf574541c8d084
MyBB 1.6.8 Cross Site Scripting
Posted Oct 15, 2012
Authored by 3xpl0!t3r

MyBB version 1.6.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 387f3e3cf1de1268c3b4fdd95c8e11ada2eca8551092a1a0a5d18e7dd1c16934
Windows Escalate Service Permissions Local Privilege Escalation
Posted Oct 15, 2012
Authored by scriptjunkie | Site metasploit.com

This Metasploit module attempts to exploit existing administrative privileges to obtain a SYSTEM session. If directly creating a service fails, this module will inspect existing services to look for insecure file or configuration permissions that may be hijacked. It will then attempt to restart the replaced service to run the payload. This will result in a new session when this succeeds. If the module is able to modify the service but does not have permission to start and stop the affected service, the attacker must wait for the system to restart before a session will be created.

tags | exploit
SHA-256 | 2d7db2108c548773a92d81355b9be4cd20b7d9069749634dd3a320136b18a734
AjaXplorer checkInstall.php Remote Command Execution
Posted Oct 15, 2012
Authored by David Maciejak, Julien CAYSSOL, sinn3r | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the AjaXplorer 'checkInstall.php' script. All versions of AjaXplorer prior to 2.6 are vulnerable.

tags | exploit, arbitrary, php
advisories | OSVDB-63552
SHA-256 | 32002b0c8c4086baf8a3940e0cae06296538c059e5c62586ee1b23ee757f955b
SilverStripe 2.4.7 Cross Site Scripting
Posted Oct 15, 2012
Authored by Aung Khant | Site yehg.net

SilverStripe versions 2.4.7 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4c7550542451ea3abf2f5bb27ca540286eb9e545957e2347080191a57e3ab4d4
SilverStripe 2.4.7 Open URL Redirection
Posted Oct 15, 2012
Authored by Aung Khant | Site yehg.net

SilverStripe versions 2.4.7 and below are vulnerable to open URL redirection.

tags | exploit
SHA-256 | 7a5cf0049aa34d123e364f2a47df14670511b157d92104c2c329d28fd8fc4c25
P1 Networks Modem Backdoor
Posted Oct 15, 2012
Authored by Nursyafiq Mohamad

P1 Networks provided modems to users in Malaysia with httpd exposed to the Internet and admin/admin123 left in as a login. Whoops.

tags | exploit
SHA-256 | 14dc26fa090dfa6f32132e018c1753ad53ad2bae66fdce2c34653ddcf55975b0
Site2Host.com SQL Injection
Posted Oct 15, 2012
Authored by BHG Security Center, Siavash

Sites designed by Site2Host.com suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 58479a7fa739bc173a526959ce0afc9afdc4742dce3ae4539623b629bba599c1
QQPlayer 3.7.892 Heap Pointer Overwrite
Posted Oct 14, 2012
Authored by James Ritchey

QQPlayer version 3.7.892 m2p quartz.dll heap pointer overwrite proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | 76e62852428aaeecf57edfea3aac0ef1c27833899e37aee5d5bfb9b8a831fe55
Cartweaver 3 Local File Inclusion
Posted Oct 13, 2012
Authored by HaxOr

Cartweaver version 3 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 4f7476d37a729290441f1030c3abffc237b36f220de952af8a56512a6ffe04af
airVisionNVR 1.1.13 Disclosure / SQL Injection
Posted Oct 13, 2012
Authored by pennyGrit

airVisionNVR version 1.1.13 suffers from readfile() disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2008-1381, CVE-2008-3880
SHA-256 | 599f5e302ac959a2c1ce8e2f22edf4b212e10b32125c8251f9473dc9cca862c2
Metasploit pcap_log Local Privilege Escalation
Posted Oct 12, 2012
Authored by 0a29406d9794e4f9b30b3c5d6702c708 | Site metasploit.com

Metasploit versions prior to 4.4 contain a vulnerable 'pcap_log' plugin which, when used with the default settings, creates pcap files in /tmp with predictable file names. This exploit works by hard-linking these filenames to /etc/passwd, then sending a packet with a privileged user entry contained within. This, and all the other packets, are appended to /etc/passwd. Successful exploitation results in the creation of a new superuser account. This Metasploit module requires manual clean-up - remove /tmp/msf3-session*pcap files and truncate /etc/passwd.

tags | exploit
SHA-256 | 4653de66b5cfae88c0edc2f5c0a58393f2d39227d368a5cfa35582ea4cadf8b7
BigPond 3G21WB Hardcoded Credentials / Command Injection
Posted Oct 12, 2012
Authored by Roberto Paleari

BigPond version 3G21WB suffers from hard-coded credentials and command injection vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 528d35dafb7e12c69511a3b7e37d3507bbea5187e3044ad1f0c8cccc97d468f2
Page 5 of 9
Back34567Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close