Twenty Year Anniversary
Showing 1 - 25 of 147 RSS Feed

Files

Packet Storm New Exploits For May, 2014
Posted Jun 1, 2014
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 146 exploits added to Packet Storm in May, 2014.

tags | exploit
systems | linux
MD5 | 2379e48f96cd6c7a811eacb4009836a0
Google Compute Engine Lateral Compromise
Posted May 30, 2014
Authored by Scott T. Cameron

A user who creates a GCE VM with compute-rw privileges, who subsequently has that single VM compromised, can lead to a global compromise of all VMs inside of the account.

tags | exploit
MD5 | f32f108c6ebc06959686ee94ee49b69b
Darklena fprintd/pam_fprintd Local Root
Posted May 30, 2014
Authored by Sebastian Krahmer

pam_fprintd local root proof of concept exploit that spawns a shell. pam_fprintd uses net.reactivated.Fprint service to trigger finger swiping and registers DBUS signal inside the PAM authentication function. Then, when the DBUS signal arrives, the signal argument is basically just checked to be the "verify-match" string; which however is expected to come from the legit net.reactivated.Fprint service. Since there is no message filter registered in either pam_fprintd, nor inside dbus-glib which it is using, such signals can be spoofed by anyone.

tags | exploit, shell, local, root, spoof, proof of concept
advisories | CVE-2013-0292
MD5 | 1786d9b3cee692d8370585417bc01109
Videos Tube 1.0 SQL Injection
Posted May 30, 2014
Authored by Mustafa ALTINKAYNAK

Videos Tube version 1.0 suffers from remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | ccb3a178d4e858d1ca8070b269c9f9e4
Pixie CMS 1.04 Cross Site Scripting
Posted May 30, 2014
Authored by Simone Memoli, Filippos Mastrogiannis

Pixie CMS version 1.04 suffers from multiple POST cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-3786
MD5 | 9b78558a09ae81ed7d384962b97ffafa
ElasticSearch Dynamic Script Arbitrary Java Execution
Posted May 30, 2014
Authored by juan vazquez, Alex Brasetvik, Bouke van der Bijl | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.2.0. The bug is found in the REST API, which requires no authentication or authorization, where the search function allows dynamic scripts execution, and can be used for remote attackers to execute arbitrary Java code. This Metasploit module has been tested successfully on ElasticSearch 1.1.1 on Ubuntu Server 12.04 and Windows XP SP3.

tags | exploit, java, remote, arbitrary
systems | linux, windows, xp, ubuntu
advisories | CVE-2014-3120
MD5 | 935d0eaea1b955a877d9b174038a6a06
webEdition CMS 6.3.8.0 svn6985 SQL Injection
Posted May 30, 2014
Site redteam-pentesting.de

RedTeam Pentesting discovered an SQL injection vulnerability in the file browser component of webEdition CMS during a penetration test. Unauthenticated attackers can get read-only access on the SQL database used by webEdition and read for example password hashes used by administrative accounts. webEdition versions 6.3.8.0 svn6985 down to 6.3.3.0 is affected.

tags | exploit, sql injection
advisories | CVE-2014-2303
MD5 | f869ef0dc2d236d1e4a5feaa1d142941
webEdition CMS 2.8.0.0 Remote Command Execution
Posted May 30, 2014
Site redteam-pentesting.de

RedTeam Pentesting discovered a remote command execution vulnerability in the installer script of the webEdition CMS during a penetration test. If the installer script is not manually removed after installation, attackers cannot only reinstall webEdition, but also gain remote command execution. webEdition CMS version 2.8.0.0 is affected.

tags | exploit, remote
advisories | CVE-2014-2302
MD5 | d0a8861e7ba29a4e2197e879c76789ad
Sharetronix 3.3 Cross Site Request Forgery / SQL Injection
Posted May 30, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Sharetronix version 3.3 suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
advisories | CVE-2014-3414, CVE-2014-3415
MD5 | 39662671a2172e1d6cb0875e06d10f9a
NICE Recording eXpress 6.x Root Backdoor / XSS / Bypass
Posted May 30, 2014
Authored by Johannes Greil | Site sec-consult.com

NICE Recording eXpress versions 6.0.x, 6.1.x, 6.2.x, 6.3.x, and 6.5.x suffer from cross site scripting, root backdoor, unauthenticated access, fail authorization, insecure cookie handling, and remote SQL injection vulnerabilities.

tags | exploit, remote, root, vulnerability, xss, sql injection, insecure cookie handling
MD5 | 84c627abbbedce37f8fcc1d6c972b8f4
Fiyo CMS 1.5.7 Cross Site Scripting
Posted May 30, 2014
Authored by Mustafa ALTINKAYNAK

Fiyo CMS version 1.5.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | cef86b73cd9a6056bc247e24da162ccc
TORQUE Resource Manager 2.5.13 Buffer Overflow
Posted May 30, 2014
Authored by bwall

TORQUE Resource Manager versions 2.5.x through 2.5.13 suffer from a stack buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2014-0749
MD5 | 470b1d1a56ee44f68d79e62d8c5debbf
Castor Library XXE Disclosure
Posted May 30, 2014
Authored by Ron Gutierrez

Castor Library version 1.3.3-RC1 suffers from a file disclosure vulnerability via XXE injection.

tags | exploit, info disclosure, xxe
advisories | CVE-2014-3004
MD5 | ba85851f4d1f764fd0e6058721c2d966
Wireshark CAPWAP Dissector Denial Of Service
Posted May 30, 2014
Authored by Laurent Butti, j0sm1 | Site metasploit.com

This Metasploit module injects a malicious udp packet to crash Wireshark 1.8.0 to 1.8.7 and 1.6.0 to 1.6.15. The vulnerability exists in the capwap dissector which fails to handle an incomplete packet.

tags | exploit, denial of service, udp
advisories | CVE-2013-4074, OSVDB-94091
MD5 | 95b5a8eb1d95df0bcc04737288bcd492
InterScan Messaging Security Virtual Appliance 8.5.1.1516 Cross Site Scripting
Posted May 30, 2014
Authored by William Costa

InterScan Messaging Security Virtual Appliance version 8.5.1.1516 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4278ef2985d9212d5f17304df293d1a2
WordPress DZS Video Gallery Cross Site Scripting / Content Spoofing
Posted May 30, 2014
Authored by MustLive

WordPress DZS Video Gallery plugin suffers from cross site scripting and content spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
MD5 | d9670acbbfc340e93f7cc89cb99b6f0b
Easy File Sharing FTP Server 3.5 Buffer Overflow
Posted May 30, 2014
Authored by superkojiman

Easy File Sharing FTP Server version 3.5 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2006-3952, OSVDB-27646
MD5 | 28daba762d05b952e079a7f838afd7f8
ProtonMail.ch Header Injection / CSRF
Posted May 30, 2014
Authored by Juan Carlos Garcia, Francisco Moraga

ProtonMail.ch suffers from cross site request forgery, header injection, and out of date software vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, vulnerability, csrf
MD5 | 3a3771bd65c50a7abe9a35a69d808576
NeginGroup Cross Site Scripting / SQL Injection
Posted May 30, 2014
Authored by Hekt0r

Sites created by NeginGroup suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 8f1ecb03072c7cd59f7604342c8904a1
AuraCMS 3.0 Cross Site Scripting / Local File Inclusion
Posted May 29, 2014
Authored by Mustafa ALTINKAYNAK

AuraCMS version 3.0 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
MD5 | 555b6dc66fc9b5b7c679b90999ccedec
Check_MK Arbitrary File Disclosure
Posted May 29, 2014
Authored by Markus Vervier, Sascha Kettler | Site lsexperts.de

Check_MK suffers from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary
advisories | CVE-2014-0243
MD5 | e15f15a0ae3651e777086ddbeb456725
HandsomeWeb SOS Webpages 1.1.11 Backup / Hash Disclosure
Posted May 29, 2014
Authored by Freakyclown | Site portcullis-security.com

HandsomeWeb SOS Webpages versions 1.1.11 and below suffer from backup and password hash disclosure vulnerabilities.

tags | exploit, vulnerability, bypass, info disclosure
advisories | CVE-2014-3445
MD5 | fd8cd8f15a81a745ed992423fe484425
info.vmware.com Cross Site Scripting
Posted May 28, 2014
Authored by Robert Garcia

info.vmware.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2fbab1e442f01211073dfcd2a6d13f1c
WebBoard CMS Cross Site Scripting
Posted May 28, 2014
Authored by IeDb

WebBoard CMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9f680979cab6d2ad9ead86490bab7665
Zyxel P-660HW-T1 Cross Site Request Forgery
Posted May 27, 2014
Authored by Mustafa ALTINKAYNAK

Zyxel P-660HW-T1 version 3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | e11084a0c61bdd0f7b32abca92cf0844
Page 1 of 6
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
Script Kiddie Gets 20 Months After DDoSing 911
Posted Jun 20, 2018

tags | headline, hacker, government, denial of service
Hackers Rob Bithumb Of $32m
Posted Jun 20, 2018

tags | headline, hacker, cybercrime, data loss, fraud, cryptography
China-Based Hackers Burrow Inside Satellite, Defense, And Telecom Firms
Posted Jun 20, 2018

tags | headline, hacker, government, china, cyberwar
Tesla Sues Former Worker For Hacking
Posted Jun 20, 2018

tags | headline, hacker, data loss
Hackers Who Sabotaged The Olympic Games Return For More Mischief
Posted Jun 19, 2018

tags | headline, hacker, cyberwar
Alleged Leaker Of Vault7 Cache Busted By Poor OpSec
Posted Jun 19, 2018

tags | headline, government, usa, data loss, cyberwar, password, fbi, cia
7 Time Jeopardy! Winner Pleads Guilty To Hacking
Posted Jun 19, 2018

tags | headline, hacker, privacy, email
FBI Recovers WhatsApp, Signal Data Stored On Michael Cohen's BlackBerry
Posted Jun 18, 2018

tags | headline, government, usa, phone, russia, fraud, fbi
US Exposes North Korea Government's Typeframe Malware
Posted Jun 18, 2018

tags | headline, government, malware, usa, cyberwar, korea
PageUp Confirms Some Data Compromised In Breach
Posted Jun 18, 2018

tags | headline, hacker, data loss
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close