Exploit the possiblities
Showing 1 - 25 of 191 RSS Feed

Files

Packet Storm New Exploits For 2012
Posted Jan 2, 2013
Authored by Todd J. | Site packetstormsecurity.com

Complete comprehensive archive of all 3,418 exploits added to Packet Storm in 2012.

tags | exploit
systems | linux
MD5 | 21fc472cc7b750f1d874792783928e6a
Packet Storm New Exploits For December, 2012
Posted Jan 2, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 190 exploits added to Packet Storm in December, 2012.

tags | exploit
systems | linux
MD5 | 78d033d6a42c47e0ff37e6d9c6ba9334
Grep Integer Overflow
Posted Dec 31, 2012
Authored by Joshua Rogers

Grep versions prior to 2.11 suffer from an integer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2012-5667
MD5 | b86315c15d999af76964bb15de9a95d6
Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free
Posted Dec 31, 2012
Authored by Eric Romang, sinn3r, juan vazquez, mahmud ab rahman | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.

tags | exploit, arbitrary, code execution
advisories | CVE-2012-4792
MD5 | ded95fac262cac303634ac39e4211d5a
IBM Lotus QuickR qp2 ActiveX Buffer Overflow
Posted Dec 31, 2012
Authored by Gaurav Baruah, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the qp2.dll installed with the IBM Lotus Quickr product. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the qp2.dll 8.1.0.1800. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with the qp2 ActiveX.

tags | exploit, overflow, activex
systems | windows, xp
advisories | CVE-2012-2176, OSVDB-82166
MD5 | 48ad485ac51cf88650714ac9be1194f5
IBM Lotus iNotes dwa85W ActiveX Buffer Overflow
Posted Dec 31, 2012
Authored by Gaurav Baruah, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX installer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the dwa85W.dll 85.3.3.0 as installed with Lotus Domino 8.5.3. In order to bypass ASLR the no aslr compatible module dwabho.dll is used. This one is installed with the iNotes ActiveX.

tags | exploit, overflow, activex
systems | windows, xp
advisories | CVE-2012-2175, OSVDB-82755
MD5 | 3e8b25b82a2e00d9ad3fe55474bd9e24
BlazeDVD 6.1 PLF Exploit DEP/ASLR Bypass
Posted Dec 30, 2012
Authored by LiquidWorm, Craig Freyman | Site metasploit.com

This Metasploit module updates an existing MSF module originally written for BlazeDVD 5.1. The new module will bypass DEP and ASLR on version 6. The original vulnerability is due to the handling of specially crafted PLF files. Exploiting this allows us to execute arbitrary code running under the context of the user.

tags | exploit, arbitrary, bypass
advisories | CVE-2006-6199, OSVDB-30770
MD5 | f0b95f422498c5d76cc375b1bf3de16b
WordPress RocketTheme Content Spoofing / Cross Site Scripting
Posted Dec 30, 2012
Authored by MustLive

33 new themes for WordPress that are made by RocketTheme suffer from cross site scripting, path disclosure, and content spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
MD5 | df6a69f11eea2909deb52c051c23a786
WordPress SB Uploader 3.9 Shell Upload
Posted Dec 30, 2012
Authored by Evil aXe

WordPress SB Uploader version 3.9 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | d5e260363b0f191032ddbda1d9f6839e
WordPress Photo Plus / Photo Search XSS / CSRF
Posted Dec 30, 2012
Authored by Keith Makan

WordPress Photo Plus / Photo Search version 4.8.11 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | d85fb98889a90b8d0f4f7545914c3b24
Enterprise Resource Planning SQL Injection
Posted Dec 30, 2012
Authored by Shahram Darvishvand

The ERP (Enterprise Resource Planning) system from Sida University System suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 53204a71eef39306f783c2574c1961e2
Ubiquiti AirOS 5.5.2 Command Execution
Posted Dec 29, 2012
Authored by xistence

Ubiquiti AirOS versions 5.5.2 and below suffer from a remote post-authentication root-level command execution vulnerability.

tags | exploit, remote, root
MD5 | eb14d79e3b11169bae191e2cc055a870
CubeCart 5.0.7 Insecure Backup Handling
Posted Dec 28, 2012
Authored by Aung Khant | Site yehg.net

CubeCart versions 5.0.7 and below suffer from an insecure backup file handling vulnerability.

tags | exploit
MD5 | ed3ff16fd70eb73c9a9d319f78ac0f4c
RealPlayer RealMedia File Handling Buffer Overflow
Posted Dec 28, 2012
Authored by suto | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow on RealPlayer versions 15.0.6.14 and below. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This Metasploit module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods. It has been tested successfully on Windows XP SP3 with RealPlayer 15.0.5.109.

tags | exploit, overflow
systems | windows, xp
advisories | CVE-2012-5691, OSVDB-88486
MD5 | c7923d72a4dd90d23e0b05ddfd3b698b
WordPress Asset-Manager PHP File Upload
Posted Dec 28, 2012
Authored by Sammy FORGIT | Site metasploit.com

This Metasploit module exploits a vulnerability found in WordPress plugin Asset-Manager versions 2.0 and below. By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.

tags | exploit, arbitrary, php, code execution
advisories | OSVDB-82653
MD5 | c748e130ebc6a192d7a66d7a977f9243
SonicWall Email Security 7.4.1.x Cross Site Scripting
Posted Dec 28, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

SonicWall Email Security version 7.4.1.x suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8688e74197665cf5dcf1e95266660c86
Log Analyzer 3.6.0 Cross Site Scripting
Posted Dec 28, 2012
Authored by Mohd Izhar Ali | Site vulnerability-lab.com

Log Analyzer version 3.6.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 81d3066f41209d5fb364b4c4ffc16925
Guru Auction 2.0 SQL Injection
Posted Dec 27, 2012
Authored by v3n0m

Guru Auction version 2.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 7b8c2fbabcbb00cd9b2f2dcac71c2eda
NVidia Display Driver Buffer Overflow
Posted Dec 27, 2012
Authored by Peter Winter-Smith

This is an exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability.

tags | exploit, remote, overflow
systems | windows
MD5 | 1be277706130b299d5676cf85ee08c9e
WHM editfilter.html Stored Cross Site Scripting
Posted Dec 27, 2012
Authored by Rafay Baloch

WHM suffers from a persistent cross site scripting vulnerability in editfilter.html.

tags | exploit, xss
MD5 | 5e50dccfebdd2ee7b64396e44376f068
C-Panel / WHM 11.34.0 Cross Site Scripting
Posted Dec 27, 2012
Authored by Christy Philip Mathew

C-Panel / WHM version 11.34.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7d64d8d786929ee504554e6dc6a622ed
C-Panel dir.html Cross Site Scripting
Posted Dec 26, 2012
Authored by Rafay Baloch

C-Panel suffers from a reflective cross site scripting vulnerability in dir.html.

tags | exploit, xss
MD5 | 6e0a5f32ee2013114630a1c6a3c261c8
Open-Realty CMS 3.x Cross Site Scripting
Posted Dec 26, 2012
Authored by Aung Khant | Site yehg.net

Open-Realty CMS version 3.x suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | d740284ee50f049bf52df30230231396
Open-Realty CMS 3.x Cross Site Request Forgery
Posted Dec 26, 2012
Authored by Aung Khant | Site yehg.net

Open-Realty CMS version 3.x suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | e90c1c864651350168b77d7f6315bd2b
Joomla Aclassif Cross Site Scripting
Posted Dec 26, 2012
Authored by TUNISIAN CYBER

Joomla Aclassif component suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | ab528e9fe5794800376224f3b8b83b86
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
PlexCoin Scam Founder Sentenced To Jail And Fined $10k
Posted Dec 10, 2017

tags | headline, cybercrime, fraud, scam, cryptography
Google Lifts Lid On FBI Data Requests: Now You Can Read Actual Letters Online
Posted Dec 9, 2017

tags | headline, government, privacy, usa, google, fbi
Android Flaw Lets Attack Code Slip Into Signed Apps
Posted Dec 9, 2017

tags | headline, malware, phone, flaw, google
Millions Stolen In NiceHash Bitcoin Heist
Posted Dec 9, 2017

tags | headline, hacker, cybercrime, fraud, cryptography
Apple HomeKit Flaw Left Smart Gadgets Vulnerable
Posted Dec 9, 2017

tags | headline, flaw, apple
Intel Management Engine Pwned By Buffer Overflow
Posted Dec 7, 2017

tags | headline, hacker, flaw, conference, intel
Google Steps Up Browser Rivalry With Site Isolation Security
Posted Dec 7, 2017

tags | headline, google, chrome
Ajit Pai Falsely Claims Killing Net Neutrality Helps The Sick
Posted Dec 7, 2017

tags | headline, government, usa, fraud
Bitcoin Breaks Through The $15,000 Mark
Posted Dec 7, 2017

tags | headline, cryptography
CryptoKitties Craze Slows Down Transactions On Ethereum
Posted Dec 6, 2017

tags | headline, denial of service, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close