exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 191 RSS Feed

Files

Packet Storm New Exploits For 2012
Posted Jan 2, 2013
Authored by Todd J. | Site packetstormsecurity.com

Complete comprehensive archive of all 3,418 exploits added to Packet Storm in 2012.

tags | exploit
systems | linux
SHA-256 | fff9bb87076aec51b411ee266d2877f3b5e72a7aae421e84e40d00b53e62f4c7
Packet Storm New Exploits For December, 2012
Posted Jan 2, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 190 exploits added to Packet Storm in December, 2012.

tags | exploit
systems | linux
SHA-256 | f6b6e6c0bb0390c643fc832f2abb167da1ff357502914ef37159e4ff829ebafd
Grep Integer Overflow
Posted Dec 31, 2012
Authored by Joshua Rogers

Grep versions prior to 2.11 suffer from an integer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2012-5667
SHA-256 | 67807e221404026810de6462ba04065c63a7aa98acbbef641e79defa6bf2a804
Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free
Posted Dec 31, 2012
Authored by Eric Romang, sinn3r, juan vazquez, mahmud ab rahman | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.

tags | exploit, arbitrary, code execution
advisories | CVE-2012-4792
SHA-256 | e321b503a83791aeb063c8940adcdb875c9201669df143b59807fe08c4b13986
IBM Lotus QuickR qp2 ActiveX Buffer Overflow
Posted Dec 31, 2012
Authored by Gaurav Baruah, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the qp2.dll installed with the IBM Lotus Quickr product. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the qp2.dll 8.1.0.1800. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with the qp2 ActiveX.

tags | exploit, overflow, activex
systems | windows
advisories | CVE-2012-2176, OSVDB-82166
SHA-256 | 2570396e9a994f0f9128106991e69dcb968d0dde0fbe6d004afd9587713e5cbb
IBM Lotus iNotes dwa85W ActiveX Buffer Overflow
Posted Dec 31, 2012
Authored by Gaurav Baruah, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX installer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the dwa85W.dll 85.3.3.0 as installed with Lotus Domino 8.5.3. In order to bypass ASLR the no aslr compatible module dwabho.dll is used. This one is installed with the iNotes ActiveX.

tags | exploit, overflow, activex
systems | windows
advisories | CVE-2012-2175, OSVDB-82755
SHA-256 | a5379e9a43da683cd4806d1f1e1d548d9998b0760444a32f658bcd9210c0c210
BlazeDVD 6.1 PLF Exploit DEP/ASLR Bypass
Posted Dec 30, 2012
Authored by LiquidWorm, Craig Freyman | Site metasploit.com

This Metasploit module updates an existing MSF module originally written for BlazeDVD 5.1. The new module will bypass DEP and ASLR on version 6. The original vulnerability is due to the handling of specially crafted PLF files. Exploiting this allows us to execute arbitrary code running under the context of the user.

tags | exploit, arbitrary, bypass
advisories | CVE-2006-6199, OSVDB-30770
SHA-256 | ff5bd458d53d97905de67393897725bc2fc0ec2f6c59ecc21e7e6504016b8953
WordPress RocketTheme Content Spoofing / Cross Site Scripting
Posted Dec 30, 2012
Authored by MustLive

33 new themes for WordPress that are made by RocketTheme suffer from cross site scripting, path disclosure, and content spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
SHA-256 | b113d5f193f4f8045548d75e1c1eb2e88da81e01e5f5af92b4d2a24021042799
WordPress SB Uploader 3.9 Shell Upload
Posted Dec 30, 2012
Authored by Evil aXe

WordPress SB Uploader version 3.9 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | d2989ab52362a8caed7d70e1750dd7f87e067566d774597523e6315bb3bd4327
WordPress Photo Plus / Photo Search XSS / CSRF
Posted Dec 30, 2012
Authored by Keith Makan

WordPress Photo Plus / Photo Search version 4.8.11 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | c080064f2acdd8acdd3c6a4b7b8bac6aac032236c9a290e1c00e9984fa0994db
Enterprise Resource Planning SQL Injection
Posted Dec 30, 2012
Authored by Shahram Darvishvand

The ERP (Enterprise Resource Planning) system from Sida University System suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6b509c2af3ab4aec42eafe4b2b75733cb59bac0f5a2011aae36c26758ae9fc10
Ubiquiti AirOS 5.5.2 Command Execution
Posted Dec 29, 2012
Authored by xistence

Ubiquiti AirOS versions 5.5.2 and below suffer from a remote post-authentication root-level command execution vulnerability.

tags | exploit, remote, root
SHA-256 | 31177e50c29169efd962af59bdd1dcd6fd98c00f6e95f81c9e27921a3d144b6a
CubeCart 5.0.7 Insecure Backup Handling
Posted Dec 28, 2012
Authored by Aung Khant | Site yehg.net

CubeCart versions 5.0.7 and below suffer from an insecure backup file handling vulnerability.

tags | exploit
SHA-256 | 4ad0bade6b43f93bb55527eb3f44f901936684bc818abacd7c7a8ba1a7d090bb
RealPlayer RealMedia File Handling Buffer Overflow
Posted Dec 28, 2012
Authored by suto | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow on RealPlayer versions 15.0.6.14 and below. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This Metasploit module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods. It has been tested successfully on Windows XP SP3 with RealPlayer 15.0.5.109.

tags | exploit, overflow
systems | windows
advisories | CVE-2012-5691, OSVDB-88486
SHA-256 | f1c623bc1dcad36e79d57718a63066d97b024a30199457832d62e68170935185
WordPress Asset-Manager PHP File Upload
Posted Dec 28, 2012
Authored by Sammy FORGIT | Site metasploit.com

This Metasploit module exploits a vulnerability found in WordPress plugin Asset-Manager versions 2.0 and below. By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.

tags | exploit, arbitrary, php, code execution
advisories | OSVDB-82653
SHA-256 | 81b75da9229bb9ea397205ad2f8f36a7be52ab7edb32882060a059e87e819740
SonicWall Email Security 7.4.1.x Cross Site Scripting
Posted Dec 28, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SonicWall Email Security version 7.4.1.x suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7b65bbace4bdb5f0e1d2c16ffbaaeb17804008aad4232e2101248a191518d805
Log Analyzer 3.6.0 Cross Site Scripting
Posted Dec 28, 2012
Authored by Mohd Izhar Ali, Vulnerability Laboratory | Site vulnerability-lab.com

Log Analyzer version 3.6.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f987ab8bbed2ee70d4fd2071548210b7b53ce96342dea67455f31fb3d9addeb1
Guru Auction 2.0 SQL Injection
Posted Dec 27, 2012
Authored by v3n0m

Guru Auction version 2.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 432bf701264880c31dea851f61f3256e26b800ff0bcebbd2e38fa86eccaabb96
NVidia Display Driver Buffer Overflow
Posted Dec 27, 2012
Authored by Peter Winter-Smith

This is an exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability.

tags | exploit, remote, overflow
systems | windows
SHA-256 | a93753892580d6dad44444623d6355d154269fccaba04b2dcab06daf83d116a5
WHM editfilter.html Stored Cross Site Scripting
Posted Dec 27, 2012
Authored by Rafay Baloch

WHM suffers from a persistent cross site scripting vulnerability in editfilter.html.

tags | exploit, xss
SHA-256 | 498c8c6dadd5adfb705f89ba68b3ada04597df8845b2cbf34b67a9eec9df6b9d
C-Panel / WHM 11.34.0 Cross Site Scripting
Posted Dec 27, 2012
Authored by Christy Philip Mathew

C-Panel / WHM version 11.34.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 544ff7b57cc0e48262a249f65d5ed321cd4933b2b85a45d977c84943acee56fd
C-Panel dir.html Cross Site Scripting
Posted Dec 26, 2012
Authored by Rafay Baloch

C-Panel suffers from a reflective cross site scripting vulnerability in dir.html.

tags | exploit, xss
SHA-256 | ebfda62ea7ba421bad621e4c285d4c38e464d5d1a5faa994c8009e413af2f391
Open-Realty CMS 3.x Cross Site Scripting
Posted Dec 26, 2012
Authored by Aung Khant | Site yehg.net

Open-Realty CMS version 3.x suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0514cf4f6d261ac7edcee5b0a733785b1d5efa19d9b2c8555c0ff1e62d4cdc2c
Open-Realty CMS 3.x Cross Site Request Forgery
Posted Dec 26, 2012
Authored by Aung Khant | Site yehg.net

Open-Realty CMS version 3.x suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 2b916cbe37121f14334fce0ef4849bd7375ef4448a54c1de76c553816074d9da
Joomla Aclassif Cross Site Scripting
Posted Dec 26, 2012
Authored by TUNISIAN CYBER

Joomla Aclassif component suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | 65a9f345fa956ae08a3fb1a20e2db25b401fc7ad9e6e7128abc75ff3b708c0f9
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close