what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 147 RSS Feed

Files

PerfectWare CMS SQL Injection
Posted May 11, 2014
Authored by Hugo Santiago dos Santos

PerfectWare CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | afc520a7ed4795f43b84316ac3c45eaf4047d3b31843ca491b7153cd9e8823a6
Yokogawa CS3000 BKESimmgr.exe Buffer Overflow
Posted May 9, 2014
Authored by juan vazquez | Site metasploit.com

This Metasploit module exploits an stack based buffer overflow on Yokogawa CS3000. The vulnerability exists in the BKESimmgr.exe service when handling specially crafted packets, due to an insecure usage of memcpy, using attacker controlled data as the size count. This Metasploit module has been tested successfully in Yokogawa CS3000 R3.08.50 over Windows XP SP3 and Windows 2003 SP2.

tags | exploit, overflow
systems | windows
advisories | CVE-2014-0782
SHA-256 | 7408ef475efc86bd8fe8b92c5ff8db48dbdc910b25fd6be4ef64b1c3255fc826
Drupal Flag 7.x-3.5 Command Execution
Posted May 9, 2014
Authored by Ubani Anthony Balogun

Drupal Flag version 7.x-3.5 suffers from a remote command injection vulnerability.

tags | exploit, remote
SHA-256 | 77d2733663b72ddf1a970877c43463caf16d6a0a9fb55bede84b804ac0cefc7e
Jasper Server 5.5 Session Fixation
Posted May 9, 2014
Authored by Felipe Andrian Peixoto

Jasper Server versions 5.5 and below suffer from a session fixation vulnerability.

tags | exploit
SHA-256 | 5a8cd75ea1fc559c5e606aa75dc868afa95e2e08f85eb9edc66906672210da21
Jet Audio 8.1.1 Memory Corruption
Posted May 9, 2014
Authored by Aryan Bayaninejad

Jet Audio version 8.1.1 suffers from a memory corruption vulnerability.

tags | exploit
advisories | CVE-2014-3443
SHA-256 | c52be51e49cdfa83e81d6f3b90d8fcbdff938b336d4d464fa62001436fec946a
VLC Player 2.1.3 Memory Corruption
Posted May 9, 2014
Authored by Aryan Bayaninejad

VLC Player version 2.1.3 suffers from a memory corruption vulnerability.

tags | exploit
advisories | CVE-2014-3441
SHA-256 | 6792834d831a80e4ebb4ad64787a7b8546a2c954b030f0c8f1392124d68c13a5
Adobe Flash Player Shader Buffer Overflow
Posted May 9, 2014
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability in Adobe Flash Player. The vulnerability occurs in the flash.Display.Shader class, when setting specially crafted data as its bytecode, as exploited in the wild in April 2014. This Metasploit module has been tested successfully on IE 6 to IE 10 with Flash 11 and Flash 12 over Windows XP SP3, Windows 7 SP1 and Windows 8.

tags | exploit, overflow
systems | windows
advisories | CVE-2014-0515
SHA-256 | 6a8fa454ee9283f46ce5d01131f9d761fbf953a93ad1c6ec6a6883225ddafa72
Foscam Dynamic DNS Predictable Credentials
Posted May 9, 2014
Authored by shekyan, Artem Harutyunyan

Foscam IP cameras suffer from a dynamic DNS predictable credential vulnerability. Proof of concept code included.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2014-1849
SHA-256 | 5baac5bc37afd3fd3aab2f95d719db3bbdda8721c33fcfdd634fce91a8ca44d0
AVG Remote Administration Bypass / Code Execution / Static Keys
Posted May 8, 2014
Authored by S. Viehbock | Site sec-consult.com

AVG Remote Administration version 13.0.0.2892 suffers from authentication bypass, remote code execution, missing entity authentication, and use of static encryption key vulnerabilities.

tags | exploit, remote, vulnerability, code execution
SHA-256 | ceb5d04708b6157050ac25449b0b9e11964628e323bd6dc10d4cab4e2224dd97
OrbiTeam BSCW 5.0.7 Metadata Information Disclosure
Posted May 8, 2014
Site redteam-pentesting.de

RedTeam Pentesting discovered an information disclosure vulnerability in OrbiTeam's BSCW collaboration software. An unauthenticated attacker can disclose metadata about internal objects which are stored in BSCW. Versions 5.0.7 and below are affected.

tags | exploit, info disclosure
advisories | CVE-2014-2301
SHA-256 | e0f660572f84c74eb890b10b761c3a1cf4c4bc6d50e313b9c433d650c7357df1
VM Turbo Operations Manager 4.5.x Directory Traversal
Posted May 8, 2014
Authored by Jamal Pecou

VM Turbo Operations Manager version 4.5.x suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 6867fe8f56ce9106aae72c2e15cb5ae941497b017368ba4f683eb31f8d8d2f21
Openfiler 2.99.1 Cross Site Scripting
Posted May 8, 2014
Authored by Dolev Farhi

Openfiler version 2.99.1 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c690ccedae1c74a42f999bf09b3b8e0b27e3f56ff4ca39f4cc4ee3d3b9e2d937
Openfiler 2.99.1 Arbitrary Code Execution
Posted May 8, 2014
Authored by Dolev Farhi

Openfiler version 2.99.1 suffers from a remote arbitrary code execution vulnerability.

tags | exploit, remote, arbitrary, code execution
SHA-256 | f39eaef0643faa98d3ea0b5cbd3b47b64d2654876e82be326b67d25a90209d9f
Collabtive 1.12 SQL Injection
Posted May 8, 2014
Authored by Deepak Rathore

Collabtive version 1.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-3246
SHA-256 | 23b430229e0bd82a0650c317d93f8650db871e9c49ef9fbd09dfe4dc15d19e99
GOM Player 2.2.57.5189 Memory Corruption
Posted May 8, 2014
Authored by Aryan Bayaninejad

GOM Player version 2.2.57.5189 suffers from a memory corruption vulnerability.

tags | exploit
advisories | CVE-2014-3216
SHA-256 | dfa5ffc08ce3ba5b6107594f21b73725d321cebcef7699a6b77983be79668e48
Cobbler Local File Inclusion
Posted May 8, 2014
Authored by Dolev Farhi

Cobbler versions 2.4.x through 2.6.x suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 2e95e8c1d7b784a8a867b18e9c0497e669454dba4841fb5be6e965abdc4b7b32
CMS Touch 2.01 Cross Site Scripting / SQL Injection
Posted May 8, 2014
Authored by indoushka

CMS Touch version 2.01 suffers from remote SQL injection and cross site scripting vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | c655b6f45eb784269e8b7fa2be84b760ebc6980d5e6c56eeba90e163b5294d09
Enquete yS 1.0 SQL Injection
Posted May 8, 2014
Authored by Hugo Santiago dos Santos

Enquete yS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c8d2e2d5d89b0d778cdf2b3e7843e7fbcf459acd5e151d5c728af63f22dce0a6
F5 iControl Remote Command Execution
Posted May 7, 2014
Authored by Brandon Perry

F5 iControl systems suffer from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2014-2928
SHA-256 | 3bb67baccdc0e397583692f37c40518c602a130776335c7f7b2de6042944cd0d
Offiria 2.1.0 Cross Site Scripting
Posted May 7, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Offiria version 2.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-2689
SHA-256 | 025b9cc75f03eaf22ce2c6ff43f58faed7d6d01e2abb67350a626700ff82d560
WordPress Photo-Gallery Cross Site Request Forgery
Posted May 7, 2014
Authored by Felipe Andrian Peixoto

WordPress Photo-Gallery plugin suffers from a cross site request forgery vulnerability. Note that this finding houses site-specific data.

tags | exploit, csrf
SHA-256 | c782dc85e948b6e33fa0638384eb3d60963677fc0c110663b3ea8899d7e182d7
Global Domains International Cross Site Scripting / Traversal
Posted May 7, 2014
Authored by indoushka

Sites by Global Domains International, Inc suffer from cross site scripting and directory traversal vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, vulnerability, xss, file inclusion
SHA-256 | 0f6600539c8143a8fa9d056116a8e385d2f7f10edcf47301dbf33bf88f5ab309
InvisionPower CMS Links To Titles 3.0 Cross Site Scripting
Posted May 7, 2014
Authored by UmPire

InvisionPower CMS Links to Titles utility version 3.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d003bac19ce9abb550ac27edf8a886c7e70a1c1cf25d4cb98871573a9b3f7aca
Cyberduck 4.4.3 (14140 Windows) X.509 Validation Failure
Posted May 6, 2014
Authored by Micha Borrmann | Site syss.de

Cyberduck version 4.4.3 (14140) for Windows fails to properly validate X.509 certificates.

tags | exploit
systems | windows
advisories | CVE-2014-2845
SHA-256 | 541b5bb49a5ff4999d477790815626466bd8ac777fd0984dec1f956c46e55a27
Night Lion Security PHP Stress
Posted May 6, 2014
Authored by Vinny Troia | Site nightlionsecurity.com

Night Lion Security proof of concept denial of service / stress tester for PHP websites running with Apache and NGINX systems (PHP-FPM and PHP-CGI). Using a standard cable/DSL connection, this attack can flood a Linux web server's CPU and RAM using standard HTTP requests. This attack effects Apache or NGINX web servers that handle dynamic PHP content using either PHP-CGI or PHP-FPM (which includes WordPress websites). In addition, the requests made by the attack (or default) web server configurations will continue to keep the server's resources in use far past the end of the attack. To execute the attack, set your target URL and time delay parameters and the script will do the rest.

tags | exploit, tool, web, denial of service, cgi, php, proof of concept
systems | linux
SHA-256 | 66e4705c388028be2e16a9b4d12a2811c4c3a961557abb18afaabbf367a8d1ad
Page 5 of 6
Back23456Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close