what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 147 RSS Feed

Files

Packet Storm New Exploits For January, 2014
Posted Feb 1, 2014
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 146 exploits added to Packet Storm in January, 2014.

tags | exploit
systems | linux
SHA-256 | abd91531ce551e9aefb4494643037cb7c7ffe5ce4f916248468aa82c725f3618
Joomla JomSocial 2.6 Code Execution
Posted Jan 31, 2014
Authored by Matias Fontanini, Carlos Gaston Traberg

Joomla JomSocial component version 2.6 remote PHP code execution exploit.

tags | exploit, remote, php, code execution
SHA-256 | ea1422d55f32ea2f21fe3bfa98a8a970fd3b75fcef135c089e38f1464c28a72b
TopicsViewer 3.0 Beta 1 SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

TopicsViewer version 3.0 Beta 1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 48dee20e05e6227d7032a46cb6020f6d577fcadffa33738daaabfd47613727f5
Linux 3.4+ recvmmsg Proof Of Concept
Posted Jan 31, 2014
Authored by Kees Cook

Linux 3.4+ recvmmsg x32 compat proof of concept exploit.

tags | exploit, proof of concept
systems | linux
SHA-256 | 5662db3459ebcd5e6569adefd8e89c500d6c4b915e1d0af5b4ab442214e7b017
Jobsite Logo Cross Site Scripting / SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

Jobsite Logo suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | f5b281fa23163ff33cd4204b0ebdddfa490fec4c9fcb6e65a4b8ada7918abb2c
Booking Calendar PHP CSRF / XSS / SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

Booking Calendar PHP suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, xss, sql injection, csrf
SHA-256 | 960acaa17357d30d3a772a036e2375e6767ea24edc21a4bd4950e8b6f6323648
Eventy Online Scheduler 1.8 CSRF / XSS / SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

Eventy Online Scheduler version 1.8 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | adc6db576bd5a7faa15c3609f25e879996a7872f76654e872bb6c611a44d8a5b
Newtontree IT Services SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

Newtontree IT Services suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | d1207b580f63cb7e7eabc1d92f90e1a63599ba5e12d2adb4191941c87e6ceac5
Ektron CMS Account Hijacking
Posted Jan 30, 2014
Authored by Mark Litchfield | Site securatary.com

This whitepaper discusses how to perform a take over of the Ektron CMS. It demonstrates how to hijack the builtin and admin accounts.

tags | exploit
SHA-256 | 4051126d4a1554f5aa1a371e3823fe1746489da90272c4a0bd3f21fffb9a0ce0
WordPress Amerisale-Re Remote Shell Upload
Posted Jan 30, 2014
Authored by T3rm!nat0r5

This Metasploit module exploits an arbitrary PHP file upload in the WordPress Amerisale-Re third party plugin.

tags | exploit, arbitrary, php, file upload
SHA-256 | 1977a861af86c1bb609eab4c6885099d74ee40712c458de75397e40bdcfb1bea
LinPHA 1.3.4 Cross Site Request Forgery / Cross Site Scripting
Posted Jan 30, 2014
Authored by killall-9

LinPHA version 1.3.4 suffers from cross site request forgery and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | dd1112c814225c6d2b24116f1d99bcf78fed4941a42afe5ea7e7f980af1746d0
Amin'z Tech CMS Shell Upload / SQL Injection
Posted Jan 30, 2014
Authored by ACC3SS

Amin'z Tech CMS suffers from remote shell upload and a remote SQL injection vulnerability that allows for login bypass.

tags | exploit, remote, shell, sql injection
SHA-256 | c992e7712a27df499ae4bc3d17ca86548e65261cdd7eaa0f75a9c314525437d6
NCH Software Inventoria 3.45 Cross Site Scripting
Posted Jan 30, 2014
Authored by LiquidWorm | Site zeroscience.mk

NCH Software Inventoria version 3.45 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 013ce0474eb3119edf8938629f3cf1485ee96a3afaa5234d50e9c770f8c001ad
SimplyShare 1.4 Code Execution / Local File Inclusion / XSS
Posted Jan 29, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SimplyShare version 1.4 suffers from code execution, local file inclusion, cross site scripting, and command injection vulnerabilities.

tags | exploit, local, vulnerability, code execution, xss, file inclusion
SHA-256 | 06435c185640907d6002f6d7fd2570bf5f5e4cdb4ee43a71600c2ccbb4d362f2
PCMAN FTP 2.07 ABOR Buffer Overflow
Posted Jan 29, 2014
Authored by Mahmod Mahajna

PCMAN FTP version 2.07 ABOR command buffer overflow exploit.

tags | exploit, overflow
advisories | OSVDB-94624
SHA-256 | 207aacc82b71408ec13209815ed8aa5c33dcdd9974eff7bed97d008df270fc01
haneWIN DNS Server 1.5.3 Buffer Overflow
Posted Jan 29, 2014
Authored by Dario Estrada

haneWIN DNS server version 1.5.3 structured exception handler (SEH) buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 5ff4049dea782c7dcd51a3676c2edd85d01ac652a47a47c3bf62de5c0bf51ed3
PCMAN FTP 2.07 CWD Buffer Overflow
Posted Jan 29, 2014
Authored by Mahmod Mahajna

PCMAN FTP version 2.07 CWD command buffer overflow exploit.

tags | exploit, overflow
advisories | OSVDB-94624
SHA-256 | 686e1bb139fa8ceb51129b6bcc62b9df3c56b058ab7375350cf467d34d7e74da
Pandora FMS 5.0RC1 Code Execution
Posted Jan 29, 2014
Authored by xistence

Pandora FMS versions 5.0RC1 and below suffer from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | 2ba4bc2c2183c5acbae565b860f5f9eabe987ba0a399d204e52fc3e2151facf0
WordPress Photocrati Cross Site Scripting
Posted Jan 29, 2014
Authored by ACC3SS

WordPress Photocrati Theme suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2c0a0d09eabe3d8c389700133ca742ee4514f4b658e287ca801e58421be8784e
Sitecore XML Cross Site Scripting
Posted Jan 29, 2014
Authored by Mark Litchfield

Sitecore's special way of display XML controls allows for a cross site scripting attack.

tags | exploit, xss
SHA-256 | 332c44062becbe780354571679bbca0e59d1468bef6e56ac13e0ebfa8d53931a
A10 Networks Loadbalancer Directory Traversal
Posted Jan 28, 2014
Authored by xistence

A10 Networks Loadbalancer versions (Soft)AX 2.6.1-GR1-P5 and below and 2.7.0 build 217 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | cd1d7881579b65ddec9b55be9bc64a68cfb6ab226deae42efa4a82f9439a111f
Oracle Reports Shell Uploader
Posted Jan 28, 2014
Authored by Dana Taylor

Oracle Reports pwnacle exploit that uploads a jsp shell to the target system using the URLPARAMETER vulnerability that allows for planting files.

tags | exploit, shell
advisories | CVE-2012-3153, CVE-2012-3152
SHA-256 | 3581d647b9a2e8009d1d33ce3190ed76df5b93ae7c3bb78683ead1f423d79945
Eventum 2.3.4 Incorrect Permissions / Code Injection
Posted Jan 28, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Eventum version 2.3.4 suffers from incorrect default permission and code injection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2014-1631, CVE-2014-1632
SHA-256 | 7e14b6132c32b76074863b2d2bee5da28e1064c2155acfee7dc34c7d4969418f
Oracle Forms And Reports Database Disclosure
Posted Jan 28, 2014
Authored by Dana Taylor

An undocumented PARSEQUERY function in Oracle Forms and Reports allows dumping database username and passwords unauthenticated. The patch / workaround just appears to obfuscate the issue but not actually address it. Affected systems include versions 9iAS, 9iDS, 10G (DS and AS), and 10G AS Reports/Forms Standalone Installation, 11g if patch or workaround not applied. In 12g a code rewrite has mitigated this vulnerability.

tags | exploit, info disclosure
advisories | CVE-2012-3153
SHA-256 | 2212ed674699348aa6036bb33d09aa0705d27be6a5efb384721f1dfc9cc92015
ManageEngine Support Center Plus 7916 Directory Traversal
Posted Jan 28, 2014
Authored by xistence

ManageEngine Support Center Plus versions 7916 and below suffer from a directory traversal vulnerability.

tags | exploit
SHA-256 | 7f3d4cf2f0f2823e532afe04ee4652f5b01e45dec6270e68523714952b7cd42b
Page 1 of 6
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close