exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 176 RSS Feed

Files

WordPress GeoPlaces 4.x Shell Upload
Posted Oct 25, 2013
Authored by DevilScreaM

WordPress GeoPlaces theme version 4.x suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 4bb5ca362685571ea46f9b60300a56f3aa737abbf2c8551c66c53798de33803e
easyXDM 2.4.16 Cross Site Scripting
Posted Oct 24, 2013
Authored by Krzysztof Kotowicz

easyXDM library versions 2.4.16 and below suffer from cross site scripting and parameter injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-5212
SHA-256 | 19287ecdc95f0de8cf7a407c73fe7767c29a4796809ff7e42f9f42c9b254d703
Contexis CMS 1.0 Cross Site Scripting
Posted Oct 24, 2013
Authored by Juan Francisco

Contexis CMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-6239
SHA-256 | ab5e2108f93cfcf2603751d8a48b52da0ef3be80421319c493809fa7004539fb
Avira Internet Security Filter Bypass / Privilege Escalation
Posted Oct 24, 2013
Authored by Ahmad Moghimi

Avira Internet Security filter bypass and privilege escalation zero day exploit that leverages avipbb.sys.

tags | exploit
SHA-256 | 702acd4605649bdfd7902b0361aaa3f3d45c394a3a485490013d98e89acbc84f
GuppY 4.6.26 Cross Site Scripting
Posted Oct 23, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

GuppY version 4.6.26 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-5983
SHA-256 | 8b7dc8f59410bf9a18129eab1a1488495b75587d4c45e6e7a60c33368e3de149
PHPCMS Guestbook Cross Site Scripting
Posted Oct 23, 2013
Authored by Robert At Cnmoker

The PHPCMS Guestbook module from phpcms.cn suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-5939
SHA-256 | d8b958adc08aeb8a08fa43ea42d741c7372da3163a7d5e5db9b776653e6de0fe
LiveCart 1.4 Shell Upload
Posted Oct 23, 2013
Authored by DevilScreaM

LiveCart version 1.4 suffers from a remote PHP shell upload vulnerability.

tags | exploit, remote, shell, php
SHA-256 | e2a41ce6de3c4aa60db5b72a6cd923cfb719186f387af0bad1c8e9c450c3fe2c
WordPress DailyDeal Theme Shell Upload
Posted Oct 23, 2013
Authored by DevilScreaM

The WordPress DailyDeal theme suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 25e1be2c8c9b97be0f84118170063bb8eed0a22e212c8a9be4176e00df086f59
Packet Storm Exploit 2013-1022-1 - Microsoft Silverlight Invalid Typecast / Memory Disclosure
Posted Oct 23, 2013
Authored by Vitaliy Toropov | Site packetstormsecurity.com

This exploit leverages both invalid typecast and memory disclosure vulnerabilities in Microsoft Silverlight 5 in order to achieve code execution. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program. Google flags this as malware so only use this if you know what you are doing. The password to unarchive this zip is the word "infected".

tags | exploit, remote, vulnerability, code execution, bug bounty, packet storm
systems | windows
advisories | CVE-2013-0074, CVE-2013-3896
SHA-256 | 52cb4ddd1cdf46517f03dc3f821a50041e929ed003d1d7575ad883ef43571280
EMC Replication Manager Command Execution
Posted Oct 23, 2013
Authored by temp66, Davy Douhine | Site metasploit.com

This Metasploit module exploits a remote command-injection vulnerability in EMC Replication Manager client (irccd.exe). By sending a specially crafted message invoking RunProgram function an attacker may be able to execute arbitrary code commands with SYSTEM privileges. Affected products are EMC Replication Manager < 5.3. This Metasploit module has been successfully tested against EMC Replication Manager 5.2.1 on XP/W2003. EMC Networker Module for Microsoft Applications 2.1 and 2.2 may be vulnerable too although this module have not been tested against these products.

tags | exploit, remote, arbitrary
advisories | CVE-2011-0647, OSVDB-70853
SHA-256 | 4b4123ce75297cbbade2648fde1e40f016471bf55fff0881e46f5d19e8df6632
Windows Management Instrumentation (WMI) Remote Command Execution
Posted Oct 23, 2013
Authored by Ben Campbell | Site metasploit.com

This Metasploit module executes powershell on the remote host using the current user credentials or those supplied. Instead of using PSEXEC over TCP port 445 we use the WMIC command to start a Remote Procedure Call on TCP port 135 and an ephemeral port. Set ReverseListenerComm to tunnel traffic through that session. The result is similar to psexec but with the added benefit of using the session's current authentication token instead of having to know a password or hash. We do not get feedback from the WMIC command so there are no indicators of success or failure. The remote host must be configured to allow remote Windows Management Instrumentation.

tags | exploit, remote, tcp
systems | windows
advisories | CVE-1999-0504, OSVDB-3106
SHA-256 | 62ddec099dce84f039f9c1e73d6d0a966bff9197effb670f8a09f3099afdb20a
MODx 2.2.10 Cross Site Scripting
Posted Oct 23, 2013
Authored by Sojobo Dev Team

MODx version 2.2.10 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 7c57fe4cd97450b18471d0a901f38ba5ae88a8ad2b1ace28ba3b004660316352
Apache Shindig 2.5.0 XXE Injection
Posted Oct 22, 2013
Authored by Kousuke Ebihara

Apache Shindig PHP version 2.5.0 suffers from an XXE injection vulnerability.

tags | exploit, php, xxe
advisories | CVE-2013-4295
SHA-256 | 779177ad830a97195b2451720ea3c03e6dc8551bf514a289092bcaf78efa0131
Joomla Maian15 Shell Upload
Posted Oct 22, 2013
Authored by SultanHaikal

The Joomla Maian15 component suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 3168f3488a6baf2ed1904d0050d120b760732da3113c601c9bb74e3fcfc7685b
D-Link DIR-605L Captcha Handling Buffer Overflow
Posted Oct 22, 2013
Authored by Craig Heffner, juan vazquez | Site metasploit.com

This Metasploit module exploits an anonymous remote code execution on D-Link DIR-605L routers. The vulnerability exists while handling user supplied captcha information, and is due to the insecure usage of sprintf on the getAuthCode() function. This Metasploit module has been tested successfully on DLink DIR-605L Firmware 1.13 under a QEMU environment.

tags | exploit, remote, code execution
advisories | OSVDB-86824
SHA-256 | 0a2625495d220d8e34aeaeab3b030e38d5c3d8c061e96a0d097c1527e36f1458
Interactive Graphical SCADA System Remote Command Injection
Posted Oct 22, 2013
Authored by Luigi Auriemma, MC | Site metasploit.com

This Metasploit module abuses a directory traversal flaw in Interactive Graphical SCADA System v9.00. In conjunction with the traversal flaw, if opcode 0x17 is sent to the dc.exe process, an attacker may be able to execute arbitrary system commands.

tags | exploit, arbitrary
advisories | CVE-2011-1566, OSVDB-72349
SHA-256 | a7114479b9ce7f63393a233814fca94f23890b35fff1a4000dbd132da087dd09
HP Intelligent Management Center BIMS UploadServlet Directory Traversal
Posted Oct 22, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability on the version 5.2 of the BIMS component from the HP Intelligent Management Center. The vulnerability exists in the UploadServlet, allowing the user to download and upload arbitrary files. This Metasploit module has been tested successfully on HP Intelligent Management Center with BIMS 5.2 E0401 on Windows 2003 SP2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2013-4822, OSVDB-98247
SHA-256 | 259ed051cf78d79d3dc1060b81ae4b7df6b46139d8805a2a7c01408edc69946d
Watchguard Server Center 11.7.4 Cross Site Scripting
Posted Oct 21, 2013
Authored by Julien Ahrens | Site rcesecurity.com

Watchguard Server Center version 11.7.4 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-5702
SHA-256 | 21a7488291867114eeb368131b1bd0f179b36af50dd69fe04235cd15e9d10e81
FiberHome Modem Router HG-110 Authentication Bypass
Posted Oct 21, 2013
Authored by Javier Perez

FiberHome Modem Router HG-110 suffers from an authentication bypass vulnerability that allows the remote changing of DNS servers.

tags | exploit, remote, bypass
SHA-256 | 972d616c28086f2b3f10a8ca5c80a965c307fe54834e9cd0d9ecabca6979c7e9
Dell Quest One Password Manager CAPTCHA Bypass
Posted Oct 21, 2013
Authored by Johnny Bravo

The Quest One Password Manager simply fails to check the CAPTCHA submitted if the values do not accompany the payload.

tags | exploit
SHA-256 | 313d269064ddfbfb5e73fe5e9e030996a25bafd0370abddea445ea7aa3963b9a
WordPress WPLocalPlaces Shell Upload
Posted Oct 20, 2013
Authored by ovanIsmycode

The WPLocalPlaces theme for WordPress suffers from a remote shell upload vulnerability. Note that this advisory has site-specific information.

tags | exploit, remote, shell
SHA-256 | 89ac33e8669b79c978d2e7b89cd2619ce7cd11e477c404e88ae35e9004dda957
WordPress dhtmlxspreadsheet Cross Site Scripting
Posted Oct 20, 2013
Authored by Ashiyane Digital Security Team

WordPress dhtmlxspreadsheet plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | 9c022914100845000fa4e2d8dad503895b745e6e90efe3d949f88a3e69849a8c
SikaBoom Remote Buffer Overflow
Posted Oct 19, 2013
Authored by Asesino04 | Site metasploit.com

SikiBoom suffers from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
SHA-256 | 7d137b335a106f926f09e13670c1c97b654f59ccc57381b42ace1f7629513164
MNET Solution XSS / SQL Injection / File Upload
Posted Oct 19, 2013
Authored by DevilScreaM

Sites designed by MNET Solution suffer from cross site scripting, html injection, remote shell upload, and remote SQL injection vulnerabilities. Note that this advisory has site-specific information.

tags | exploit, remote, shell, vulnerability, xss, sql injection
SHA-256 | b8a92e2dbe7f7eb98856ebc26a7aa2fb0838c901e135f2a0969a831c7662780c
WordPress Videowall Cross Site Scripting
Posted Oct 19, 2013
Authored by IeDb

WordPress Videowall plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | 31d2bc3dc30452d2df2a81ccf172a43cb23393529b568be2b980f9b52387404b
Page 3 of 7
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close