exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 170 RSS Feed

Files

Classifieds Creator 2.0 SQL Injection
Posted Dec 14, 2013
Authored by R3d-D3v!L

Classifieds Creator version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 469802ef4e01943e3566c6fe54ad7a3e3e9a3e84b4851b5694bd10c727f2d6c7
C2C Forward Auction Center SQL Injection
Posted Dec 14, 2013
Authored by R3d-D3v!L

C2C Forward Auction Creator version 2.0 suffers a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ae31cd335ed87386bcafdb14fe024120d0f470311e5145ece776f00d8bebba93
iScripts MultiCart 2.4 Cross Site Request Forgery / Cross Site Scripting
Posted Dec 14, 2013
Authored by Saadat Ullah

iScripts MultiCart versions 2.4 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 8116f2279a10f7bdb72b6df08d209697707902f047a882d86a524e3a509ac792
Osclass 3.3 Cross Site Request Forgery / SQL Injection / Traversal
Posted Dec 14, 2013
Authored by R3d-D3v!L

Osclass version 3.3 suffers from cross site request forgery, remote SQL injection, and directory traversal vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file inclusion, csrf
SHA-256 | 4fa3514459f4aca30fccd02be0cf6585b6640c1c254bb345c870f8314607400b
Microsoft Online, Office And Cloud Persistent Encoding Issues
Posted Dec 14, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Microsoft Online, Office and Cloud suffer from persistent encoding issues that can allow for cross site scripting.

tags | exploit, xss
SHA-256 | 63cf5e2791308ca0d363962ff6c757b4793ef7bcfe09f63ed76b3d045e0a8e1f
KikChat Local File Inclusion / Remote Command Execution
Posted Dec 13, 2013
Authored by cr4wl3r

KikChat suffers from local file inclusion and remote command execution vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion
SHA-256 | 0fefc791df94702470f534eb7c319bdf9254a296e5a9505420e52df50b9d42a7
Ditto Forensic FieldStation 2013Oct15a XSS/ CSRF / Command Execution
Posted Dec 13, 2013
Authored by Martin Wundram

Ditto Forensic FieldStation versions 2013Oct15a and below suffer from remote command execution, cross site scripting, cross site request forgery, hard-coded credential, and various other vulnerabilities.

tags | exploit, remote, vulnerability, xss, csrf
SHA-256 | df3e62ea52b2c4c9f389b63ca271b8910f8d98956a4658742ef79cc7af486ddc
Phone Drive Eightythree 4.1.1 XSS / Command Injection / Shell Upload
Posted Dec 13, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Phone Drive Eightythree version 4.1.1 suffers from local file inclusion, command injection, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion
SHA-256 | d8fd9d38629a05f4f2d3503fdca9cb59932802bc0b930220465cce85922df7fa
Microsoft PhotoStory CS Cross Site Scripting
Posted Dec 13, 2013
Authored by Muhammad A.S., Vulnerability Laboratory | Site vulnerability-lab.com

Microsoft PhotoStory suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a28bfc6192eee283fc89e1171132bf7f47271fa8391894f76eec1341deb61b3d
Ruby Gem Webbynode 1.0.5.3 Command Injection
Posted Dec 13, 2013
Authored by Larry W. Cashdollar

Ruby Gem Webbynode version 1.0.5.3 suffers from a remote command injection vulnerability.

tags | exploit, remote, ruby
SHA-256 | bfaa7907aba801776aeefc69d46a1d02c5a36c3932a60c392cd07d6e4f7b0d43
Microsoft Yammer Cross Site Scripting
Posted Dec 13, 2013
Authored by Ateeq ur Rehman Khan, Vulnerability Laboratory | Site vulnerability-lab.com

Microsoft Yammer suffered from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | ffa493a522284668c4144c5b4d98ae3cb0b8e667db062ea350d352b646b98b01
Ring Jordan SQL Injection
Posted Dec 13, 2013
Authored by Juan Carlos Garcia

Ring Jordan suffers from a remote SQL injection vulnerability in their administrative functionality. The author has tried to contact the vendor and has received no response. The SQL injection issue allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | b0303595796d9f5fd9fd11582864f2c0b8d4f8b08600a13e9711b7fbd093fa52
Telmanik CMS 1.01 Shell Upload
Posted Dec 13, 2013
Authored by JoKeR_StEx

Telmanik CMS version 1.01 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | c56f47cbdbd567480466a838ad2a346f2ad6aba77864ba331f9655d07cbfa208
WordPress WP Realty Cross Site Scripting
Posted Dec 13, 2013
Authored by Ashiyane Digital Security Team

WordPress WP-Realty third party plugin suffers from a cross site scripting vulnerability. Note that these findings house site-specific data.

tags | exploit, xss
SHA-256 | 68e5167100d03041530d425635011c823f93e89895b31c229d47d02523f7c7ee
Divide Error In Windows Kernel
Posted Dec 12, 2013
Authored by Core Security Technologies, Nicolas A. Economou | Site coresecurity.com

Core Security Technologies Advisory - Windows kernel is prone to a security vulnerability when executing the (GDI support) function 'RFONTOBJ::bTextExtent' located in 'win32k.sys'. This vulnerability could be exploited by an attacker to crash the windows kernel by calling the user mode function 'NtGdiGetTextExtent' with specially crafted arguments. Microsoft admits that this vulnerability may allow Elevation of Privilege attacks but did not provide further technical details.

tags | exploit, kernel
systems | windows
advisories | CVE-2013-5058
SHA-256 | 4c383dc1dc20874f4383e72d2f073249cf93372d58371b51b38ef7fc56b925b6
Vtiger 5.4.0 Cross Site Scripting
Posted Dec 12, 2013
Authored by Sojobo Dev Team

Vtiger version 5.4.0 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 46e34297293eac83bae71ead7c25d12b59b59c45ffcc8e3a0a616f838ad25e3f
InstantCMS 1.10.3 SQL Injection
Posted Dec 12, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

InstantCMS version 1.10.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-6839
SHA-256 | 23828f2ece7ce5ee132cb50ec95a38c18e45a28fd502c207d11da99c50075f63
eFront 3.6.14 Cross Site Scripting
Posted Dec 12, 2013
Authored by sajith

eFront version 3.6.14 build 18012 suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 0ff0d1243fbef082f5564e536031f90a1a13ceb825468e90ffd5cce8cde11021
Photo Video Album Transfer 1.0 Local File Inclusion / Shell Upload
Posted Dec 12, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Photo Video Album version 1.0 suffers from local file inclusion and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion
SHA-256 | f3876755c36f7ac9243e6f8a55d654c919116bcd7078c7115015dc4c737dd532
Vatican Web Site Cross Site Scripting
Posted Dec 12, 2013
Authored by Juan Carlos Garcia

The official Vatican web site suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | d803f05012af0c7d4a8ad518230fd5aa68d9934addc4f1e0ac0b93fd249f5c2c
IcoFX 2.5.0.0 Buffer Overflow
Posted Dec 11, 2013
Authored by Core Security Technologies, Marcos Accossatto | Site coresecurity.com

Core Security Technologies Advisory - IcoFX is prone to a (client side) security vulnerability when processing .ICO files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing the user of IcoFX to open a specially crafted icon file. Version 2.5.0.0 for Windows is affected.

tags | exploit, remote, arbitrary
systems | windows
advisories | CVE-2013-4988
SHA-256 | e6dff7d349a0e93cb8dcc794915fdfde76e566041ccccf904fc0244c16a59b12
Veno File Manager Arbitrary File Download
Posted Dec 11, 2013
Authored by Daniel Godoy

Veno File Manager suffers from an arbitrary file download vulnerability. The vendor has contacted Packet Storm and has noted that this has been addressed starting in version 1.0.3.

tags | exploit, arbitrary
SHA-256 | 80512b799f75ba354914c5888ab9ecd01e3b541be21758a5632997f5fbc2d7a1
HP LoadRunner EmulationAdmin Web Service Directory Traversal
Posted Dec 11, 2013
Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability on the version 11.52 of HP LoadRunner. The vulnerability exists on the EmulationAdmin web service, specifically in the copyFileToServer method, allowing to upload arbitrary files. This Metasploit module has been tested successfully on HP LoadRunner 11.52 over Windows 2003 SP2.

tags | exploit, web, arbitrary
systems | windows
advisories | CVE-2013-4837, OSVDB-99231
SHA-256 | 3ecfa30b0524d6d84a7b8d523d5b32e43379309197e84b8213bd82d2450eebc7
Adobe ColdFusion 9 Administrative Login Bypass
Posted Dec 11, 2013
Authored by Scott Buckel | Site metasploit.com

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Its password can by default or by misconfiguration be set to an empty value. This allows you to create a session via the RDS login that can be carried over to the admin web interface even though the passwords might be different. Therefore bypassing authentication on the admin web interface which then could lead to arbitrary code execution. Tested on Windows and Linux with ColdFusion 9.

tags | exploit, remote, web, arbitrary, code execution
systems | linux, windows
SHA-256 | 09ebd63c7a46949c50bf462317ac70d7ecfe31f97bac6c746f870def7e83e007
EMC Data Protection Advisor Remote Code Execution
Posted Dec 10, 2013
Authored by rgod | Site retrogod.altervista.org

EMC Data Protection Advisor version 5.8 sp5 suffers from a DPA Illuminator EJBInvokerServlet remote code execution vulnerability. Proof of concept code included.

tags | exploit, remote, code execution, proof of concept
systems | linux
SHA-256 | bec0bb61454387d713dc7ce4ade6cefcbc27df7b553ab6873ee83cad51e2a1c6
Page 4 of 7
Back23456Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close