exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 220 RSS Feed

Files

FreePBX config.php Remote Code Execution
Posted Mar 25, 2014
Authored by i-Hmx, 0x00string | Site metasploit.com

This Metasploit module exploits a vulnerability found in FreePBX version 2.9, 2.10, and 2.11. It's possible to inject arbitrary PHP functions and commands in the "/admin/config.php" parameters "function" and "args".

tags | exploit, arbitrary, php
advisories | CVE-2014-1903
SHA-256 | 1c02024d4a3f7042c08772f0fe212d3e817f272a686805a55db99a37717d3b29
qEngine CMS 6.0.0 Remote Code Execution
Posted Mar 25, 2014
Authored by LiquidWorm | Site zeroscience.mk

qEngine CMS version 6.0.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 3536bc3d3347ae2420fc82be365206a80c0fb4b85a80355bd91dc1bee782d639
qEngine CMS 6.0.0 (task.php) Local File Inclusion
Posted Mar 25, 2014
Authored by LiquidWorm | Site zeroscience.mk

qEngine CMS version 6.0.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 9a4ca90342e80435948a3c42e20b9d22c7c5b898de1d6c741e985b5ece077e69
qEngine CMS 6.0.0 Database Backup Disclosure
Posted Mar 25, 2014
Authored by LiquidWorm | Site zeroscience.mk

qEngine CMS version 6.0.0 suffers from a database backup disclosure vulnerability.

tags | exploit
SHA-256 | c9a818f093860746a364a8d9c4151bdd7d23aa5c8a8ef6e520aefd1971896914
php-font-lib 0.3 Cross Site Scripting
Posted Mar 24, 2014
Authored by Daniel Marques

php-font-lib version 0.3 suffers from a reflective cross site scripting vulnerability.

tags | exploit, php, xss
advisories | CVE-2014-2570
SHA-256 | 1a474dde8ce092bdffb789154f90356da33e4828fac208b7fd109580e7cc335d
PHP Login Script 2.0 Cross Site Scripting
Posted Mar 24, 2014
Authored by Felipe Andrian Peixoto

PHP Login Script version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | 6a12219997b095202cbd5aaa5f2d6ac30483abe8709a9d07c4bd74eca78aa35c
KCFinder 2.53 Shell Upload
Posted Mar 24, 2014
Authored by Black.Hack3r

KCFinder versions 2.51 through 2.53 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | ca0d1095ee9a88abe10850735a99afc8f80ac67e0259e5a9cce07bb9ba0e8baf
BigDump 0.35b Shell Upload
Posted Mar 24, 2014
Authored by Felipe Andrian Peixoto

BigDump version 0.35b suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | f9f701ce6b05bbb8f7d2b195365909e13439c58f11865e01dded6e4c81696c59
Windows Media Player 11.0.5721.5230 Memory Corruption
Posted Mar 24, 2014
Authored by TUNISIAN CYBER

Windows Media Player version 11.0.5721.5230 memory corruption proof of concept exploit.

tags | exploit, proof of concept
systems | windows
SHA-256 | 5dc8e0ebd404657746cdcfc7d783e3ef7ba754bf8126c1f3fae1c69ac25052c2
jetVideo 8.1.1 Basic Local Crash Proof Of Concept
Posted Mar 24, 2014
Authored by TUNISIAN CYBER

jetVideo version 8.1.1 Basic local crash proof of concept denial of service exploit.

tags | exploit, denial of service, local, proof of concept
SHA-256 | a248304c0afdce390b860cd251654d000c396faa7166423af81b7b7bc21e485c
Light Audio Player 1.0.14 Memory Corruption
Posted Mar 24, 2014
Authored by TUNISIAN CYBER

Light Audio Player version 1.0.14 memory corrupt proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | 0d21a7cb66715b9c8732cdd3b1fd335aee82aba26fa64acdc26d8e53f1eb513d
VFU 4.10-1.1 Stack Buffer Overflow
Posted Mar 23, 2014
Authored by Provensec

VFU version 4.10-1.1 suffers from a stack-based buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | f5275a5f08300fa7a280900b506085cc811afecfaf141e62f7b0baa7556f835d
WordPress Felici / Custom Background Shell Upload
Posted Mar 22, 2014
Authored by CaFc Versace

The Felici and Custom Background WordPress themes suffer from a shell upload vulnerability in uploadify.php.

tags | exploit, shell, php
SHA-256 | 688496a75d9f2324cc211b4c36e214b1352155e8ba072682e609cfdb63e88609
GOM Video Converter 1.1.0.60 Memory Corruption
Posted Mar 22, 2014
Authored by TUNISIAN CYBER

GOM Video Converter version 1.1.0.60 memory corruption proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | bc6f532c3cb15e49f330df6686ae71a269ceee906c40b8c726404e2d6c242ba1
GOMMP 2.2.56.5183 Memory Corruption
Posted Mar 22, 2014
Authored by TUNISIAN CYBER

GOMMP version 2.2.56.5183 memory corruption proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | b3a0b6e615cc60915f426f4bf691f0e06e1ac91bb8c252409cfb366dc6f857d7
WordPress Vithy / Appius / Dagda / Vector / Shotzz Shell Upload
Posted Mar 22, 2014
Authored by CaFc Versace

The Vithy, Appius, Dagda, Vector, and Shotzz WordPress themes suffer from a shell upload vulnerability in uploadify.php.

tags | exploit, shell, php
SHA-256 | c85029288baa3e23dc157c377164f3a876fdf6b5996606933e83c2bba6eb1bdb
STAR57 6.20.090330 Remote Command Execution
Posted Mar 21, 2014
Authored by Felipe Andrian Peixoto

STAR57 version 6.20.090330 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 433eba217ae3e6257289bddd815eaf98f552a7c8d6d092e667f2d8aa0c9d3f23
innoEDIT 6.2 Remote Command Execution
Posted Mar 21, 2014
Authored by Felipe Andrian Peixoto

innoEDIT version 6.2 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | a84ae0a9198c45f8c61093d04e2ace4490cd15507d7a8f10f9f4446e77bcd88e
MS14-012 Internet Explorer TextRange Use-After-Free
Posted Mar 20, 2014
Authored by Jason Kratzer, sinn3r | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability found in Internet Explorer. The flaw was most likely introduced back in 2013, therefore only certain builds of MSHTML are affected. In our testing with IE9, these vulnerable builds appear to be between 9.0.8112.16496 and 9.0.8112.16533, which implies August 2013 until early March 2014 (before the patch).

tags | exploit
advisories | CVE-2014-0307
SHA-256 | 85541f060fdc844f7022ba1f1028c17d0836c505b9c83aa7c8c91868e0d21f22
Horde Framework Unserialize PHP Code Execution
Posted Mar 20, 2014
Authored by EgiX, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in Horde versions 5.1.1 and below which could be abused to allow unauthenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize() exists in the 'lib/Horde/Variables.php' file. The exploit abuses the __destruct() method from the Horde_Kolab_Server_Decorator_Clean class to reach a dangerous call_user_func() call in the Horde_Prefs class.

tags | exploit, web, arbitrary, php
advisories | CVE-2014-1691
SHA-256 | 29c01edc4c0a6e6872a0827d3816b1b853df5b79ddb58262cb3d16dea0cc69e5
Wireless Drive 1.1.0 LFI / Command Injection
Posted Mar 20, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Wireless Drive version 1.1.0 suffers from local file inclusion and command injection vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | 38941e263c811f9b54fe8df01538bf6cc8cd17eddb8519ac0483cf9e0634df15
EaseUS Todo Backup 5.8.0.0 Hardcoded Password
Posted Mar 20, 2014
Authored by Akastep

EaseUS Todo Backup version 5.8.0.0 comes with a hardcoded administrative password that is a potential backdoor.

tags | exploit
SHA-256 | 0cc6d6d41811254e9e104cbf690cb20d99997fc1e10e662ae84fce53fa90ec43
FastCGI.com searcharchive.cgi Remote Command Execution
Posted Mar 20, 2014
Authored by Felipe Andrian Peixoto

searcharchive.cgi from www.FastCGI.com suffers from a remote command execution vulnerability.

tags | exploit, remote, cgi
SHA-256 | 26e2765a41fb08ab3a22d7d3ecb52da9d29cf805f8e3194b9eb5874c4c4d8e3f
D-Link DIR-600L Cross Site Request Forgery
Posted Mar 20, 2014
Authored by Dhruv Shah

D-Link DIR-600L hardware version AX and firmware version 1.00 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | b631009354d41628f2c1a41d39df88b0765f8bdcbeae0b5ff610a03d682399e6
OXID eShop XSS / CRLF Injection
Posted Mar 20, 2014
Authored by storm

OXID eSHOP versions prior to 4.7.11/5.0.11 and 4.8.4/5.1.4 suffer from cross site scripting and CRLF injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-2016, CVE-2014-2017
SHA-256 | fc197b8994d3f956db7d23e14039dc8ada100372edc278a4674596d82b02cf15
Page 3 of 9
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close