Exploit the possiblities
Showing 1 - 25 of 128 RSS Feed

Files

Packet Storm New Exploits For June, 2014
Posted Jul 1, 2014
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 127 exploits added to Packet Storm in June, 2014.

tags | exploit
systems | linux
MD5 | 869f07375f60d0827ec31e0a08387e7e
Baidu Spark Browser 26.5.9999.3511 Stack Overflow
Posted Jun 30, 2014
Authored by LiquidWorm | Site zeroscience.mk

Spark Browser version 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) resulting in stack overflow via nested calls to the window.print javascript function.

tags | exploit, remote, denial of service, overflow, javascript
MD5 | 00d4cae32afc7dd800c0f99fa2089885
IBM Algorithmics RICOS Disclosure / XSS / CSRF
Posted Jun 30, 2014
Authored by F. Lukavsky, A. Kolmann, V. Habsburg-Lothringen | Site sec-consult.com

IBM Algorithmics RICOS versions 4.5.0 through 4.7.0 suffer from cross site scripting, cross site request forgery, information disclosure, data manipulation, broken encryption, and various other vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
advisories | CVE-2014-0864, CVE-2014-0865, CVE-2014-0866, CVE-2014-0867, CVE-2014-0868, CVE-2014-0869, CVE-2014-0870, CVE-2014-0871, CVE-2014-0894
MD5 | b8df7e37d1837ce179ae7e94c785a9ab
Gitlist 0.4.0 Remote Code Execution
Posted Jun 30, 2014
Authored by drone

Gitlist versions 0.4.0 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2014-4511
MD5 | ee46caf85f37abd2c3b0838eea3b25ad
WordPress Theme My Login 6.3.9 Local File Inclusion
Posted Jun 30, 2014
Authored by Tom Adams

WordPress Theme My Login plugin version 6.3.9 provides access to arbitrary files and could facilitate arbitrary code execution.

tags | exploit, arbitrary, code execution, file inclusion
MD5 | 5bd79c15b884dd6075f5cee6d905f57c
Horde Framework Unserialize PHP Code Execution
Posted Jun 29, 2014
Authored by Akra Macha

Horde Framework unserialize PHP code execution exploit ported from Metasploit.

tags | exploit, php, code execution
advisories | CVE-2014-1691
MD5 | 6b032103e049eba1ea6aec18274ffbc7
Nagios check_dhcp 2.0.2 Race Condition
Posted Jun 29, 2014
Authored by Dawid Golunski

Nagios Plugins versions 2.0.2 suffer from a race condition in check_dhcp.

tags | exploit
MD5 | 3b5818b671388052eff5b48ed6b71593
Flussonic Media Server 4.3.3 File Read / Directory Listing
Posted Jun 29, 2014
Authored by Bilgi Guvenligi Akademisi

Flussonic Media Server version 4.3.3 suffers from arbitrary file read and directory listing disclosure vulnerabilities.

tags | exploit, arbitrary, vulnerability, info disclosure
MD5 | 2edae3b5533cfced5f9e0b078f955768
Sun/Oracle GlassFish Authenticated Code Execution
Posted Jun 29, 2014
Authored by Akra Macha

This module logs in to an Oracle GlassFish Server version 3.1 (Open Source or Commercial) instance using a default credential, uploads, and executes commands via deploying a malicious WAR.

tags | exploit
MD5 | 41172327582590a8cb4c5058826175e6
WordPress Blogstand Smart Banner 1.0 Cross Site Scripting
Posted Jun 29, 2014
Authored by ACC3SS

WordPress Blogstand Smart Banner plugin version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 82548ab53da11f90d235965573f399eb
WordPress Easy Banners 1.4 Cross Site Scripting
Posted Jun 29, 2014
Authored by ACC3SS

WordPress Easy Banners plugin version 1.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 35e9966f0ce320e4e488f7f9e59f0eb5
WordPress Random Banner 1.1.2.1 Cross Site Scripting
Posted Jun 29, 2014
Authored by ACC3SS

WordPress Random Banner plugin version 1.1.2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b9c4d84bf4606c831690cfda346c48af
WordPress Custom Banners 1.2.2.2 Cross Site Scripting
Posted Jun 29, 2014
Authored by ACC3SS

WordPress Custom Banners plugin version 1.2.2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 803256fef9d4cc2418a3f94519bd8db5
WordPress Bannerman 0.2.4 Cross Site Scripting
Posted Jun 29, 2014
Authored by ACC3SS

Wordpress Bannerman plugin version 0.2.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3e94feef4e1f102c61944c6cb73e2b7d
openSIS 5.3 Cross Site Request Forgery
Posted Jun 28, 2014
Authored by Ubani Anthony Balogun

openSIS versions 4.5 through 5.3 suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 4895ab275f752242c4fc8c4d13e1e3cd
openSIS 5.3 SQL Injection
Posted Jun 28, 2014
Authored by Ubani Anthony Balogun

openSIS versions 4.5 through 5.3 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | fc66767f4c606ec531d6498fccdce6d1
Reportico Admin Credential Leak
Posted Jun 28, 2014
Authored by ms

All versions of Reportico prior to version 4.0 leak administrative credentials.

tags | exploit
advisories | CVE-2014-3777
MD5 | b0bb0da4a54fc04d4bf58c026aa7bd82
WordPress ml-slider 2.5 Cross Site Scripting
Posted Jun 28, 2014
Authored by ACC3SS

Wordpress ml-slider plugin version 2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3c6d21bdb961fdccfb5d74401ee27796
WordPress Construction Mode 1.8 Cross Site Scripting
Posted Jun 28, 2014
Authored by ACC3SS

Wordpress wp-construction-mode plugin version 1.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 19ebcc4c6aefea83c62db837dab226d5
ZeroCMS 1.0 Cross Site Scripting
Posted Jun 27, 2014
Authored by Filippos Mastrogiannis

ZeroCMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-4195
MD5 | 20edd6a4a24ec2e08c0b9d0544d306d7
LinkedIn Cross Site Request Forgery
Posted Jun 27, 2014
Authored by Kishor Sonawane

LinkedIn suffered from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 22f5c4cf80ff5ae2a049522d2411c39e
HP AutoPass License Server File Upload
Posted Jun 27, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in HP AutoPass License Server. It abuses two weaknesses in order to get its objective. First, the AutoPass application doesn't enforce authentication in the CommunicationServlet component. On the other hand, it's possible to abuse a directory traversal when uploading files thorough the same component, allowing to upload an arbitrary payload embedded in a JSP. The module has been tested successfully on HP AutoPass License Server 8.01 as installed with HP Service Virtualization 3.50.

tags | exploit, arbitrary, code execution
advisories | CVE-2013-6221
MD5 | 3209b299f33911d071ed8ed5db8462cc
MS14-009 .NET Deployment Service IE Sandbox Escape
Posted Jun 27, 2014
Authored by juan vazquez, James Forshaw | Site metasploit.com

This Metasploit module abuses a process creation policy in the Internet Explorer Sandbox which allows to escape the Enhanced Protected Mode and execute code with Medium Integrity. The problem exists in the .NET Deployment Service (dfsvc.exe), which can be run as Medium Integrity Level. Further interaction with the component allows to escape the Enhanced Protected Mode and execute arbitrary code with Medium Integrity.

tags | exploit, arbitrary
advisories | CVE-2014-0257
MD5 | 6fa97cd4c465e9e94afcce09121b97e6
MS13-097 Registry Symlink IE Sandbox Escape
Posted Jun 27, 2014
Authored by juan vazquez, James Forshaw | Site metasploit.com

This Metasploit module exploits a vulnerability in Internet Explorer Sandbox which allows to escape the Enhanced Protected Mode and execute code with Medium Integrity. The vulnerability exists in the IESetProtectedModeRegKeyOnly function from the ieframe.dll component, which can be abused to force medium integrity IE to user influenced keys. By using registry symlinks it's possible force IE to add a policy entry in the registry and finally bypass Enhanced Protected Mode.

tags | exploit, registry
advisories | CVE-2013-5045
MD5 | ef7740b999fc84dc0a624768d0f11944
Python CGIHTTPServer File Disclosure / Code Execution
Posted Jun 27, 2014
Site redteam-pentesting.de

The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root.

tags | exploit, arbitrary, cgi, root, python
advisories | CVE-2014-4650
MD5 | 366ebd78e93b049c2077b7f457cd3446
Page 1 of 6
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
NYPD Cops Need A Warrant To Snoop On Your Phone
Posted Nov 17, 2017

tags | headline, government, privacy, usa, phone
Oracle Scrambles To Fix Security Flaws In Tuxedo
Posted Nov 17, 2017

tags | headline, database, flaw, oracle
Github To Devs: Now You'll Get Security Alerts On Flaws In Popular Software Libraries
Posted Nov 17, 2017

tags | headline, flaw
Keystone Pipeline Leaked 210,000 Gallons Of Oil In South Dakota
Posted Nov 17, 2017

tags | headline, flaw
Cash Converters Reveals Data Breach
Posted Nov 16, 2017

tags | headline, hacker, cybercrime, data loss, fraud, identity theft
Kaspersky Defends Its Role In NSA Breach
Posted Nov 16, 2017

tags | headline, government, malware, usa, russia, data loss, spyware, nsa
McAfee Anti-Hacking Service Exposed Users To Banking Malware
Posted Nov 16, 2017

tags | headline, malware, bank, cybercrime, fraud, flaw, identity theft, mcafee
DJI Bug Bounty NDA Is 'Not Signable', Say Irate Infosec Researchers
Posted Nov 16, 2017

tags | headline, hacker, flaw
Government Just Figures Out You Can Hack Planes Remotely Due To Poor Design
Posted Nov 15, 2017

tags | headline, government, usa, flaw, terror
UK Security Chief Blames Russia For Hacks
Posted Nov 15, 2017

tags | headline, hacker, government, britain, russia, cyberwar
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close