what you don't know can hurt you
Showing 1 - 25 of 147 RSS Feed

Files

Packet Storm New Exploits For January, 2014
Posted Feb 1, 2014
Authored by Todd J. | Site packetstormsecurity.org

This archive contains all of the 146 exploits added to Packet Storm in January, 2014.

tags | exploit
systems | linux
MD5 | e4d4dff0ea525bbb623a6bb23ef93f3a
Joomla JomSocial 2.6 Code Execution
Posted Jan 31, 2014
Authored by Matias Fontanini, Carlos Gaston Traberg

Joomla JomSocial component version 2.6 remote PHP code execution exploit.

tags | exploit, remote, php, code execution
MD5 | 2de6823a840b1df40cb6d64d7d514fbc
TopicsViewer 3.0 Beta 1 SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

TopicsViewer version 3.0 Beta 1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 1277ce9378caf362c3950cb952de5b88
Linux 3.4+ recvmmsg Proof Of Concept
Posted Jan 31, 2014
Authored by Kees Cook

Linux 3.4+ recvmmsg x32 compat proof of concept exploit.

tags | exploit, proof of concept
systems | linux
MD5 | 5d369525e99b7cd930dfb482e5bfa6a6
Jobsite Logo Cross Site Scripting / SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

Jobsite Logo suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | e1229bebc7fffabc0240d51b2e0df21e
Booking Calendar PHP CSRF / XSS / SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

Booking Calendar PHP suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, xss, sql injection, csrf
MD5 | 66942b22f11a954aa9bbd7cfc7e89b3b
Eventy Online Scheduler 1.8 CSRF / XSS / SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

Eventy Online Scheduler version 1.8 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | d91b51a5bce33cba8609d7c19517fe50
Newtontree IT Services SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

Newtontree IT Services suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
MD5 | eabbeea98f8dc5691f8b7a9572a1b438
Ektron CMS Account Hijacking
Posted Jan 30, 2014
Authored by Mark Litchfield | Site securatary.com

This whitepaper discusses how to perform a take over of the Ektron CMS. It demonstrates how to hijack the builtin and admin accounts.

tags | exploit
MD5 | 0856fe75f96c637a28b5646229e477c2
WordPress Amerisale-Re Remote Shell Upload
Posted Jan 30, 2014
Authored by T3rm!nat0r5

This Metasploit module exploits an arbitrary PHP file upload in the WordPress Amerisale-Re third party plugin.

tags | exploit, arbitrary, php, file upload
MD5 | 58b23d05e941bd84e2dca0da9684160c
LinPHA 1.3.4 Cross Site Request Forgery / Cross Site Scripting
Posted Jan 30, 2014
Authored by killall-9

LinPHA version 1.3.4 suffers from cross site request forgery and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | d7250df0c7a028eb12ed42401cd6dd7e
Amin'z Tech CMS Shell Upload / SQL Injection
Posted Jan 30, 2014
Authored by ACC3SS

Amin'z Tech CMS suffers from remote shell upload and a remote SQL injection vulnerability that allows for login bypass.

tags | exploit, remote, shell, sql injection
MD5 | a7a933047f40e3fe4b94432b3b5e5ddf
NCH Software Inventoria 3.45 Cross Site Scripting
Posted Jan 30, 2014
Authored by LiquidWorm | Site zeroscience.mk

NCH Software Inventoria version 3.45 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1db8f0ed8b98fbd134a7d152a5c4982c
SimplyShare 1.4 Code Execution / Local File Inclusion / XSS
Posted Jan 29, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

SimplyShare version 1.4 suffers from code execution, local file inclusion, cross site scripting, and command injection vulnerabilities.

tags | exploit, local, vulnerability, code execution, xss, file inclusion
MD5 | c205f550b937b2a8b54e06eec6d71dea
PCMAN FTP 2.07 ABOR Buffer Overflow
Posted Jan 29, 2014
Authored by Mahmod Mahajna

PCMAN FTP version 2.07 ABOR command buffer overflow exploit.

tags | exploit, overflow
advisories | OSVDB-94624
MD5 | c04a7296bb27322d23b20397111b2faf
haneWIN DNS Server 1.5.3 Buffer Overflow
Posted Jan 29, 2014
Authored by Dario Estrada

haneWIN DNS server version 1.5.3 structured exception handler (SEH) buffer overflow exploit.

tags | exploit, overflow
MD5 | 6e0767750867989538403ce8a6f4b98b
PCMAN FTP 2.07 CWD Buffer Overflow
Posted Jan 29, 2014
Authored by Mahmod Mahajna

PCMAN FTP version 2.07 CWD command buffer overflow exploit.

tags | exploit, overflow
advisories | OSVDB-94624
MD5 | add8c6251dba3b072636642876467f1a
Pandora FMS 5.0RC1 Code Execution
Posted Jan 29, 2014
Authored by xistence

Pandora FMS versions 5.0RC1 and below suffer from a code execution vulnerability.

tags | exploit, code execution
MD5 | d9057714df010cfac019fecec177b539
WordPress Photocrati Cross Site Scripting
Posted Jan 29, 2014
Authored by ACC3SS

WordPress Photocrati Theme suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | bdad286d7c28cece9563536ded1c2d74
Sitecore XML Cross Site Scripting
Posted Jan 29, 2014
Authored by Mark Litchfield

Sitecore's special way of display XML controls allows for a cross site scripting attack.

tags | exploit, xss
MD5 | 8a1d6020303110b15116e663f27f4bd7
A10 Networks Loadbalancer Directory Traversal
Posted Jan 28, 2014
Authored by xistence

A10 Networks Loadbalancer versions (Soft)AX 2.6.1-GR1-P5 and below and 2.7.0 build 217 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | c2d35e3676966352b7593606a6413280
Oracle Reports Shell Uploader
Posted Jan 28, 2014
Authored by Dana Taylor

Oracle Reports pwnacle exploit that uploads a jsp shell to the target system using the URLPARAMETER vulnerability that allows for planting files.

tags | exploit, shell
advisories | CVE-2012-3153, CVE-2012-3152
MD5 | fcdc1ad241a1e254b58749531003d3f5
Eventum 2.3.4 Incorrect Permissions / Code Injection
Posted Jan 28, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Eventum version 2.3.4 suffers from incorrect default permission and code injection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2014-1631, CVE-2014-1632
MD5 | 0c697f86dbc734e152644f601abd5d6e
Oracle Forms And Reports Database Disclosure
Posted Jan 28, 2014
Authored by Dana Taylor

An undocumented PARSEQUERY function in Oracle Forms and Reports allows dumping database username and passwords unauthenticated. The patch / workaround just appears to obfuscate the issue but not actually address it. Affected systems include versions 9iAS, 9iDS, 10G (DS and AS), and 10G AS Reports/Forms Standalone Installation, 11g if patch or workaround not applied. In 12g a code rewrite has mitigated this vulnerability.

tags | exploit, info disclosure
advisories | CVE-2012-3153
MD5 | e8eef7273ba6fa4b7f1f78d4c0256129
ManageEngine Support Center Plus 7916 Directory Traversal
Posted Jan 28, 2014
Authored by xistence

ManageEngine Support Center Plus versions 7916 and below suffer from a directory traversal vulnerability.

tags | exploit
MD5 | e0428e48a6efb94dfc9652f9aa0ebed2
Page 1 of 6
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
Child Safety Smartwatches Easy To Hack, Watchdog Says
Posted Oct 18, 2017

tags | headline, privacy, flaw
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Microsoft Never Disclosed 2013 Hack Of Secret Vulnerability Database
Posted Oct 18, 2017

tags | headline, hacker, microsoft, data loss, flaw
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
UK TV Drama About North Korea Hit By Hackers
Posted Oct 17, 2017

tags | headline, hacker, government, britain, cyberwar, korea
Russia Tweaks Telegram With Tiny Fine For Decryption Denial
Posted Oct 17, 2017

tags | headline, government, privacy, russia, cryptography
Never Mind The WPA2 Drama... Details Emerge Of TPM Key Fail
Posted Oct 17, 2017

tags | headline, wireless, flaw, cryptography
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close