what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 190 RSS Feed

Files

Packet Storm New Exploits For February, 2014
Posted Mar 2, 2014
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 194 exploits added to Packet Storm in February, 2014.

tags | exploit
systems | linux
SHA-256 | a8fd62e9bf38ed32f4e068b84772b5b803b9c1c52828d122b550562b241a3495
couponPHP CMS 1.0 Cross Site Scripting / SQL Injection
Posted Feb 28, 2014
Authored by LiquidWorm | Site zeroscience.mk

couponPHP CMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 3424adcf3750526c3ad5db516a473a6917df3b4be803f24e12ea579a6c567178
Plex Media Server 0.9.9.2.374-aa23a69 Bypass / File Disclosure
Posted Feb 28, 2014
Authored by S. Viehbock | Site sec-consult.com

Plex Media Server versions 0.9.9.2.374-aa23a69 and below suffer from authentication bypass and local file disclosure vulnerabilities.

tags | exploit, local, vulnerability
SHA-256 | 5056a9a5be5beee1b56ca5f4a45fd08b7e9f849a4edabf46ffd88ef7a0b91dcc
VCDGEAR 3.50 Stack Buffer Overflow
Posted Feb 28, 2014
Authored by Juan Sacco

VCDGEAR version 3.50 suffers from a stack-based buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | cb961af2bca01d29fd25f5557c887ef11ef4b84f120be86f6e88cd1dacfae565
Microsoft Office 365 Outlook Filter Bypass
Posted Feb 28, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Microsoft Office 365 Outlook suffers from filter bypass and script insertion vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 62b66dd6d9ff9e97f54097141a7c5a0963019f71b236a0ddbf8a9f91660e8884
OrangeHRM 3.1.1 Cross Site Scripting
Posted Feb 28, 2014
Authored by HauntIT

OrangeHRM version 3.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3b65169d1d14ac1150889cf5e9994426d9e97b2dd4c7b3c770c4c4ba5cb3fced
SpagoBI 4.0 Privilege Escalation
Posted Feb 28, 2014
Authored by Christian Catalano

SpagoBI version 4.0 suffers from an administrative privilege escalation vulnerability.

tags | exploit
advisories | CVE-2013-6231
SHA-256 | 08879394f05ec3888c94bd4b06561081d45aa1549a6e63d70b7be33bbcfe4f7f
webERP 4.11.3 SQL Injection
Posted Feb 28, 2014
Authored by HauntIT

webERP version 4.11.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 091426128f12768577b963c2f22904bdfc2ad9fae57c064028ed00bf91950df8
doorGets 6.0 Cross Site Scripting
Posted Feb 28, 2014
Authored by HauntIT

doorGets version 6.0 suffers from cross site scripting and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | 7ea8c4da27977ad4397ff6d51fe3f33b00a1b62766c3b49f7a2c6aaa2c4ddb2f
MICROSENS PLMISWM 10.3.1 Privilege Escalation
Posted Feb 28, 2014
Authored by Christian Kudera, Stefan Riegler | Site sec-consult.com

MICROSENS Profi Line Modular Industrial Switch Web Manager version 10.3.1 suffers from a privilege escalation vulnerability.

tags | exploit, web
SHA-256 | a0ae9096d79c1c275cffec3bdc2deea7b44431121dc864efe994e588286bebca
GE Proficy CIMPLICITY gefebt.exe Remote Code Execution
Posted Feb 28, 2014
Authored by juan vazquez, Z0mb1E, amisto0x07 | Site metasploit.com

This Metasploit module abuses the gefebt.exe component in GE Proficy CIMPLICITY, reachable through the CIMPLICIY CimWebServer. The vulnerable component allows to execute remote BCL files in shared resources. An attacker can abuse this behaviour to execute a malicious BCL and drop an arbitrary EXE. The last one can be executed remotely through the WebView server. This Metasploit module has been tested successfully in GE Proficy CIMPLICITY 7.5 with the embedded CimWebServer. This Metasploit module starts a WebDAV server to provide the malicious BCL files. When the target hasn't the WebClient service enabled, an external SMB service is necessary.

tags | exploit, remote, arbitrary
advisories | CVE-2014-0750
SHA-256 | b26303cb1fa471041439c64a8b439bb47d11b4fd3e3adb2f2cd74c8afe861e4f
Total Video Player 1.3.1 Buffer Overflow
Posted Feb 28, 2014
Authored by Mike Czumak | Site metasploit.com

This Metasploit module exploits a buffer overflow in Total Video Player 1.3.1. The vulnerability occurs opening malformed Settings.ini file e.g."C:\Program Files\Total Video Player\". This Metasploit module has been tested successfully over Windows WinXp-Sp3-EN, Windows 7, Windows 8.

tags | exploit, overflow
systems | windows
SHA-256 | 1f04d25c90604cfb3feef7e42ed26fa00fa4daa52f342fd876bac3be2f18a6be
EPESI CRM 1.5.5 Cross Site Scripting
Posted Feb 28, 2014
Authored by HauntIT

EPESI CRM version 1.5.5-20140113 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 026a893c034a92535a4cf7780fda14637b3835abe0f7893b8871eef16238e6eb
GDL 4.2 XSS / SQL Injection / Traversal
Posted Feb 28, 2014
Authored by ByEge

GDL version 4.2 suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, file inclusion
SHA-256 | a2af5485e545cabecf2e75ea83fde5bf5e181a48d18e8692ad4bd7969b5431ed
Music AlarmClock 2.1.0 Crash
Posted Feb 28, 2014
Authored by Gabor Seljan

Music AlarmClock version 2.1.0 crash denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | f1ba8364030a6a5c7158b1bafb05e5786475fd559dc419712d636c2531746a45
VideoWhisper Live Streaming Integration 4.27.3 XSS / Shell Upload / Traversal
Posted Feb 27, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

VideoWhisper Live Streaming Integration version 4.27.3 suffers from cross site scripting, remote shell upload, information exposure, and path traversal vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, file inclusion
advisories | CVE-2014-1905, CVE-2014-1906, CVE-2014-1907, CVE-2014-1908
SHA-256 | 8589343b28cf5465cb971032b90d3806ffa103808d0ea8ff3382c08d32bb6003
GoldMP4Player 3.3 Buffer Overflow
Posted Feb 27, 2014
Authored by metacom

GoldMP4Player version 3.3 local buffer overflow exploit.

tags | exploit, overflow, local
SHA-256 | e5381967f3870c2e06479eae5f6fe202bb149136fc53d671df52b80010800799
German Telekom Local File Inclusion
Posted Feb 27, 2014
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

The German Telekom website suffered from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | b7fa37b22bc4bbcb19ac1e882d221051ad4c3c393229e09724ecba5cb14413d5
Bluetooth Photo Share Pro 2.0 Local File Inclusion / File Upload
Posted Feb 27, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Bluetooth Photo Share Pro version 2.0 suffers from local file inclusion and remote arbitrary file upload vulnerabilities.

tags | exploit, remote, arbitrary, local, vulnerability, file inclusion, file upload
SHA-256 | 373723247bb674fdb182129aadcb6edbb943fb7ba1f53545391908392eb3d231
GroupOffice 5.0.44 Cross Site Scripting
Posted Feb 27, 2014
Authored by HauntIT

GroupOffice version 5.0.44 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 5e9ecb41f455fc5ce8462aa3f2c84f75038ea0fb008529aa2033cd378c59c892
PHP-CMDB 0.7.3 Cross Site Scripting / SQL Injection
Posted Feb 27, 2014
Authored by HauntIT

PHP-CMDB version 0.7.3 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, xss, sql injection
SHA-256 | a67d8b34f99f51d05ba0d86b8dd9d16c2587342e99d7267c8f8f0d015c02ef63
X2Engine 3.7.3 Cross Site Scripting / Shell Upload / SQL Injection
Posted Feb 27, 2014
Authored by HauntIT

X2Engine version 3.7.3 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection
SHA-256 | d3c14e2d6ce07bb3835b1588b086b2b1c63408940f717a399617a80e062e48bc
PHP Calendar 2.0.1 XSS / Information Disclosure
Posted Feb 27, 2014
Authored by HauntIT

PHP Calendar version 2.0.1 suffers from multiple cross site scripting and information disclosure vulnerabilities.

tags | exploit, php, vulnerability, xss, info disclosure
SHA-256 | d2a72263079a61bd29ed5e7830991d421fa3083c72d80bbfeee5123fb35db2d3
Moodle 2.6.1 Cross Site Scripting
Posted Feb 27, 2014
Authored by HauntIT

Moodle version 2.6.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | f982e66358058f04f37c7d3427ec64943263e1f5f996338826132ed3cb5e0ea1
Open-School Community Edition 2.2 Cross Site Scripting
Posted Feb 27, 2014
Authored by HauntIT

Open-School Community Edition version 2.2 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 8cfad8b0dbd6d1dc9edaaf32671ea326da8545af162c775f2ba22e84502b655e
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close