exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 165 RSS Feed

Files

Voice Logger SQL Injection / File Download
Posted Jul 17, 2013
Authored by Michal Blaszczak

Voice Logger suffers from a remote SQL injection vulnerability that allows for authentication bypass as well as an arbitrary file download vulnerability.

tags | exploit, remote, arbitrary, sql injection
SHA-256 | 6dd5934f028b093d5d8bd5693b5f0b0569da00f3dbba65651175bba34bfcf673
Kate's Video Toolkit 7.0 Crash
Posted Jul 17, 2013
Authored by ariarat

Kate's Video Toolkit version 7.0 crash proof of concept denial of service exploit that creates a malicious WAV file.

tags | exploit, denial of service, proof of concept
SHA-256 | 67c470f887d0a666ab1d02341218d7300a3a1cc134aa2a732d995763227cb5d4
Light Audio Mixer 1.0.12 Crash
Posted Jul 17, 2013
Authored by ariarat

Light Audio Mixer version 1.0.12 crash proof of concept denial of service exploit that creates a malicious WAV file.

tags | exploit, denial of service, proof of concept
SHA-256 | c877efbdaffb2739770c88b26e45cb0a2f408187958b6199cd15d8ca84cea187
rpcbind CALLIT UDP Crash
Posted Jul 17, 2013
Authored by Sean Verity

rpcbind CALLIT procedure UDP denial of service proof of concept exploit.

tags | exploit, denial of service, udp, proof of concept
advisories | CVE-2013-1950
SHA-256 | b1f8e8ac62cc8aa90feb364db73662e95355e499461aacc4babe70c99e31dd2d
Joomla Googlemaps XSS / XML Injection / Path Disclosure / DoS
Posted Jul 17, 2013
Authored by MustLive

The Joomla Googlemaps plugin suffers from cross site scripting, path disclosure, denial of service, and XML injection vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, xxe
SHA-256 | 165dc70f4d8846397f4d21ce1f9794a33e98cb8d13ea08baf7996288d00ca669
Dell Kace 1000 SMA 5.4.70402 Cross Site Scripting
Posted Jul 16, 2013
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

Dell Kace 1000 SMA version 5.4.70402 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | f31d9466c071de7d9384679b764eb2b12bfadfa571627c915b0ffc7b94cf09ee
Olive File Manager 1.0.1 Arbitrary File Upload / XSS
Posted Jul 16, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Olive File Manager version 1.0.1 for iOS suffers from arbitrary file upload and cross site scripting vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
systems | ios
SHA-256 | 4923d8db6286e1cf6917d43aa359d9d1dbc6d093111aca760cfae1f6c1112cbc
FTP Sprite 1.2.1 Script Insertion
Posted Jul 16, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

FTP Sprite version 1.2.1 for iOS suffers from a persistent script insertion vulnerability.

tags | exploit
systems | ios
SHA-256 | b17f9f86c93c7d304115e7a035b5f7635cf9f925526f289c29667e10571460d8
Squid 3.3.5 Denial Of Service
Posted Jul 16, 2013
Authored by Kingcope

Squid version 3.3.5 remote denial of service crash exploit.

tags | exploit, remote, denial of service
SHA-256 | 247867b58f499ec2f8cbd7f45618c22bc77cf0fc844f2741c42df41f4033fd68
Eglibc PTR MANGLE Bug
Posted Jul 16, 2013
Authored by Hector Marco, Ismael Ripoll

Eglibc suffers from a PTR MANGLE bug. All statically linked applications compiled with glibc and eglibc are affected, independent of the operating system distribution. Note that this problem is not solved by only patching the eglibc, but it is also necessary to recompile all static executables. Proof of concept exploit included.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2013-4788
SHA-256 | 886e08b8e90e2d9b861f8e4dba2d25b994c4200f1929e01cc6bc74363c57f184
Nikon CoolPix L Series Fw 1.0 Information Disclosure
Posted Jul 16, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Nikon CoolPix L Series Fw version 1.0 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 00c5dc25f1958967070a5163d5ecb6dda8b5bb295f0fb9e5d15b3cce7642bdc8
Barracuda CudaTel 2.6.02.040 Cross Site Scripting
Posted Jul 16, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Barracuda CudaTel version 2.6.02.040 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7c11db64cfe677974655ad7002705d5f2f7e6ebaafd849999276966c27b4d925
Saurus CMS 4.7.1 4.7.1 LFI / RFI / XSS / SQL Injection / Traversal / CSRF
Posted Jul 15, 2013
Authored by Janek Vind aka waraxe | Site waraxe.us

Saurus CMS version 4.7.1 suffers from cross site scripting, remote file inclusion, local file inclusion, information disclosure, remote SQL injection, HTTP response splitting, cross site request forgery, and directory traversal vulnerabilities.

tags | exploit, remote, web, local, vulnerability, xss, sql injection, file inclusion, info disclosure, csrf
SHA-256 | b52a1c3cfedd7ec254223b0a31cf381969950ec828d4cd8eca7bea868182a7f5
Huawei E587 3G Mobile Hotspot Command Injection
Posted Jul 15, 2013
Authored by Frederic Basse

Huawei E587 3G Mobile Hotspot version 11.203.27 is prone to a command injection vulnerability in the Web UI. Successful exploitation allows unauthenticated attackers to execute arbitrary commands with root privileges.

tags | exploit, web, arbitrary, root
advisories | CVE-2013-2612
SHA-256 | a1277a086994c77c5b27fe6d4cf723c3ea4f7b25c8d585ca62eb686634443540
Zoho Information Disclosure / Mixed Content
Posted Jul 15, 2013
Authored by Juan Carlos Garcia

Zoho suffers from information disclosure due to a lack of a content-type being specified and also appears to use mixed content.

tags | exploit, info disclosure
SHA-256 | d57f3ea5e158c04a53db6f3c8f8158fa024c8439b78c89b7ef0eedc2e2627082
Dell.com Open Redirection
Posted Jul 15, 2013
Authored by GoMeR-12

Dell.com suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | baf412e7889b650aa9f5b020cf6998f1fa9728459107af98d8386dc1f2c2e57c
TinyMCE Image Manager 1.1 Cross Site Scripting
Posted Jul 15, 2013
Authored by MustLive

TinyMCE Image Manager versions 1.1 and below suffer from a cross site scripting and content spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
SHA-256 | e55aa3aa8b2c3f02ed3a4e8d382c5d7f6b8a8782e1f5c69b053233d74a800737
OpenEMR 4.1.1 patch-12 Cross Site Scripting / SQL Injection
Posted Jul 14, 2013
Authored by Nate Drier | Site trustwave.com

OpenEMR versions 4.1.1 patch-12 and below suffer from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2013-4619, CVE-2013-4620
SHA-256 | 34d2a68eac35ef40f833eadd836730cb6db7a18c16f6872866a69898d3908187
WordPress Spicy Blogroll Local File Inclusion
Posted Jul 14, 2013
Authored by Ahlspiess

WordPress Spicy Blogroll plugin suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 3814a0f4ff4e69f4aa928e46072b86b3dd76a24c29f6ade039a04e52b49abd4f
Tri-PLC Nano-10 r81 Denial Of Service
Posted Jul 14, 2013
Authored by Sapling

Tri-PLC Nano-10 r81 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2013-2784
SHA-256 | 3dec489a87603f353793b3b457817422652a12aa0f5738db26be2d0b80e352d5
Microsoft Windows Authenticated Powershell Command Execution
Posted Jul 13, 2013
Authored by RageLtMan, Royce Davis | Site metasploit.com

This Metasploit module uses a valid administrator username and password to execute a powershell payload using a similar technique to the "psexec" utility provided by SysInternals. The payload is encoded in base64 and executed from the commandline using the -encodedcommand flag. Using this method, the payload is never written to disk, and given that each payload is unique, is less prone to signature based detection. Since executing shellcode in .NET requires the use of system resources from unmanaged memory space, the .NET (PSH) architecture must match that of the payload. Lastly, a persist option is provided to execute the payload in a while loop in order to maintain a form of persistence. In the event of a sandbox observing PSH execution, a delay and other obfuscation may be added to avoid detection. In order to avoid interactive process notifications for the current user, the psh payload has been reduced in size and wrapped in a powershell invocation which hides the process entirely.

tags | exploit, shellcode
advisories | CVE-1999-0504, OSVDB-3106
SHA-256 | b0c0d56f17bcccf9a854df5ee2b60da13d6ac2e471086b300b676e73683ee4ec
Corda Cross Site Scripting / Path Disclosure
Posted Jul 13, 2013
Authored by Adam Willard

Corda suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | bffa23638e52400483ca2946ce826605a44afcbd0bab0762a1df07612c2664cc
WordPress I Love It XSS / Content Spoofing / Path Disclosure
Posted Jul 13, 2013
Authored by MustLive

The WordPress I Love It theme suffers from cross site scripting, content spoofing, and path disclosure vulnerabilities.

tags | exploit, spoof, vulnerability, xss, info disclosure
SHA-256 | 781da1e7aeb3a72439cf3b06e380d6b86f400e90a518a7210062bb2d8bee4e9b
MediaCoder .M3U Buffer Overflow
Posted Jul 12, 2013
Authored by metacom | Site metasploit.com

This Metasploit module exploits a buffer overflow in MediaCoder 0.8.22. The vulnerability occurs when adding an .m3u, allowing arbitrary code execution under the context of the user. DEP bypass via ROP is supported on Windows 7, since the MediaCoder runs with DEP. This Metasploit module has been tested successfully on MediaCoder 0.8.21.5539 to 0.8.22.5530 over Windows XP SP3 and Windows 7 SP0.

tags | exploit, overflow, arbitrary, code execution
systems | windows
advisories | OSVDB-94522
SHA-256 | 7d841ff629512953fde2ad0b9d42720ffd2fc843859e5ee5bfe58e990084b709
Corel PDF Fusion Stack Buffer Overflow
Posted Jul 12, 2013
Authored by juan vazquez, Kaveh Ghaemmaghami | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in version 1.11 of Corel PDF Fusion. The vulnerability exists while handling a XPS file with long entry names. In order for the payload to be executed, an attacker must convince the target user to open a specially crafted XPS file with Corel PDF Fusion. By doing so, the attacker can execute arbitrary code as the target user.

tags | exploit, overflow, arbitrary
advisories | CVE-2013-3248, OSVDB-94933
SHA-256 | 916643fb975e5382aef5b8e8b08179bdf4cfd923b7b247577966efc132ea1fa0
Page 4 of 7
Back23456Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Apple Suddenly Drops NSO Group Spyware Lawsuit
Posted Sep 18, 2024

tags | headline, privacy, phone, flaw, israel, spyware, apple
11 Dead, Thousands Injured In Explosive Supply Chain Attack On Hezbollah Pagers
Posted Sep 18, 2024

tags | headline, wireless, cyberwar, israel, terror, backdoor
Cops Across The World Arrest 51 In Orchestrated Takedown Of Ghost Crime Platform
Posted Sep 18, 2024

tags | headline, hacker, government, australia, cybercrime, fraud
Wait... Did Pagers Get Hacked To Blow People Up?
Posted Sep 17, 2024

tags | headline, cyberwar, israel, terror
Predator Spyware Kingpins Added To US Sanctions List
Posted Sep 17, 2024

tags | headline, hacker, government, privacy, spyware
D-Link Patches Critical Router Vulnerabilities
Posted Sep 17, 2024

tags | headline, flaw, patch
France Uses Tough, Untested Cybercrime Law To Target Durov
Posted Sep 17, 2024

tags | headline, government, cybercrime, france, social
Malware Attack Targets US-Taiwan Defense Conference
Posted Sep 17, 2024

tags | headline, government, malware, usa, china, cyberwar, taiwan, military
TikTok Is Getting Its Day In Court
Posted Sep 16, 2024

tags | headline, government, privacy, usa, phone, china, cyberwar, spyware
Ransomware Group Leaks Data Stolen From Kawasaki Motors
Posted Sep 16, 2024

tags | headline, hacker, privacy, cybercrime, data loss, cryptography
View More News →
packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close