Exploit the possiblities
Showing 1 - 25 of 145 RSS Feed

Files

Packet Storm New Exploits For July, 2014
Posted Aug 1, 2014
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 144 exploits added to Packet Storm in July, 2014.

tags | exploit
systems | linux
MD5 | f57a35b6b3b16f70182677b01be1dae0
Free Reprintables ArticleFR 11.06.2014 Improper Access Control
Posted Jul 31, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

High-Tech Bridge Security Research Lab discovered vulnerability in ArticleFR, which can be exploited to execute arbitrary UPDATE SQL statements, alter information stored in the database, and gain complete control over the web site.

tags | exploit, web, arbitrary
advisories | CVE-2014-4170
MD5 | 218c023d6ce8baed5447925d747bd730
TigerCom iFolder+ 1.2 LFI / File Upload
Posted Jul 31, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

TigerCom iFolder+ version 1.2 suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
MD5 | 04f7df753619bc98222a320c6d7b77c1
Chrome EXIF Viewer 2.4.2 Cross Site Scripting
Posted Jul 31, 2014
Authored by Fady Mohamed Osman

Chrome EXIF Viewer plugin version 2.4.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
systems | linux
MD5 | b5545c3a3df8546a9015c23b8147a301
SkaDate Lite 2.0 Remote Code Execution
Posted Jul 30, 2014
Authored by LiquidWorm | Site zeroscience.mk

SkaDate Lite version 2.0 suffers from an authenticated arbitrary PHP code execution vulnerability. This is caused due to the improper verification of uploaded files in '/admin/settings/user' script thru the 'avatar' and 'bigAvatar' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with '.php5' extension (to bypass the '.htaccess' block rule) that will be stored in '/ow_userfiles/plugins/base/avatars/' directory.

tags | exploit, arbitrary, php, code execution
MD5 | 1baa02c457ab98b7a957246da3838b05
SkaDate Lite 2.0 CSRF / Cross Site Scripting
Posted Jul 30, 2014
Authored by LiquidWorm | Site zeroscience.mk

SkaDate Lite version 2.0 suffers from multiple cross site request forgery and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 6c8a25ba7ff26e22fb1156d3223f33d2
Elastic Search 1.1.1 Arbitrary File Read
Posted Jul 30, 2014
Authored by Larry W. Cashdollar, Bouke van der Bijl

Remote exploit for Elastic Search version 1.1.1 that attempts to read /etc/hosts and /etc/passwd.

tags | exploit, remote
advisories | CVE-2014-3120
MD5 | 46bbc696d7e77f5de563ed93d3f5e166
Facebook For Android Information Disclosure / Open Proxy
Posted Jul 30, 2014
Authored by Joaquin Manuel Rinaudo

Both Facebook for Android and Facebook Messenger for Android suffered from issues such as being an open proxy, disclosure of private video content, disclosure of audio recordings in chat messages, and use of various vulnerable packages.

tags | exploit
MD5 | 1ea945ab78d07176e5358b35f001d9e8
D-Link DWR-113 Cross Site Request Forgery
Posted Jul 30, 2014
Authored by Blessen Thomas

D-Link DWR-113 revision Ax suffers from cross site request forgery vulnerability that can cause a denial of service.

tags | exploit, denial of service, csrf
advisories | CVE-2014-3136
MD5 | be2af923172566152dd25f149f1b58ca
D-Link AP 3200 Missing Authentication / Cleartext Secret Storage
Posted Jul 30, 2014
Authored by pws

D-Link AP 3200 fails to authenticate requests to wireless settings, stores credentials in plaintext, and uses a weak cookie value.

tags | exploit, bypass, info disclosure
MD5 | 7d9047200b9cca205e9095fa5df013ca
Joomla Kunena Forum 3.0.5 Cross Site Scripting
Posted Jul 30, 2014
Authored by Dionach

Joomla Kunena Forum extension version 3.0.5 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 9e0c7dbb10bbd35dcff9281c87ebad14
Joomla Kunena Forum 3.0.5 SQL Injection
Posted Jul 30, 2014
Authored by Dionach

Joomla Kunena Forum extension version 3.0.5 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 9474027a2232f868aee327b307f2da0b
Barracuda WAF 6.1.5 / LoadBalancer 4.2.2 Filter Bypass / XSS
Posted Jul 29, 2014
Authored by Benjamin Kunz Mejri, Ebrahim Hegazy | Site vulnerability-lab.com

Barracuda Networks Web Application Firewall version 6.1.5 and LoadBalancer version 4.2.2 suffer from filter bypass and cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | 674d34f52c6c157302b8d4df7574a644
WiFi HD 7.3.0 LFI / Traversal / Command Injection / CSRF
Posted Jul 29, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

WiFi HD version 7.3.0 suffers from local file inclusion, directory traversal, command injection, and cross site request forgery vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, csrf
MD5 | 9e4780dc833a39f51d28dcbf857df7b6
Lyris ListManagerWeb 8.95a Cross Site Scripting
Posted Jul 29, 2014
Authored by 1N3

Lyris ListManagerWeb version 8.95a suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f75d88b929c037f0415bd16d30c424c6
LinkedIn User Account Handling
Posted Jul 29, 2014
Authored by Kishor Sonawane

LinkedIn suffered from a user account handling vulnerability.

tags | exploit, csrf
MD5 | 0f506810937697f765f95d3f52c94d14
WordPress WhyDoWork AdSense 1.2 XSS / CSRF
Posted Jul 29, 2014
Authored by Dylan Irzi

WordPress WhyDoWork AdSense plugin version 1.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | e9fe6f3e636f300a1f6d349e686f482b
J&W Communications SQL Injection
Posted Jul 29, 2014
Authored by Hekt0r

Sites created by J&W Communications appear to suffer from remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, sql injection
MD5 | 7f71d91d36927653ffeceb61b8db6a05
Oxwall 1.7.0 Remote Code Execution
Posted Jul 28, 2014
Authored by LiquidWorm | Site zeroscience.mk

Oxwall suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/settings/user' script thru the 'avatar' and 'bigAvatar' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with '.php5' extension (to bypass the '.htaccess' block rule) that will be stored in '/ow_userfiles/plugins/base/avatars/' directory. Version 1.7.0 (builds 7907 and 7906) are affected.

tags | exploit, arbitrary, php, code execution
MD5 | b408d435b0b22c345d9eadd73012f297
Oxwall 1.7.0 Cross Site Request Forgery / Cross Site Scripting
Posted Jul 28, 2014
Authored by LiquidWorm | Site zeroscience.mk

Oxwall version 1.7.0 (builds 7907 and 7906) suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | bbc2588fc53ab1125d4cda053c5e73ed
ZeroCMS 1.0 Cross Site Scripting
Posted Jul 28, 2014
Authored by Mayuresh Dani

ZeroCMS version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-4710
MD5 | f3bed96d0a0c071157b4868586e02e50
DirPHP 1.0 Local File Inclusion
Posted Jul 28, 2014
Authored by -Chosen-

DirPHP version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 2e5f45c3daeacb2b10aa31e12798e676
Barracuda Networks Spam / Virus Firewall 5.1.3 XSS
Posted Jul 28, 2014
Authored by Ateeq ur Rehman Khan | Site vulnerability-lab.com

Barracuda Networks Spam and Virus Firewall version 5.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, virus, xss
MD5 | 24cc68791462f50f645d1cd9d86eb112
CMSimple 4.4.4 RFI / Code Execution / Default Password
Posted Jul 28, 2014
Authored by Govind Singh

CMSimple version 4.4.4 suffers from code execution, default credential, and remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
MD5 | 2c4c894cb9402575d943e3582b4a367c
MasterCard Open Redirect
Posted Jul 28, 2014
Authored by Anastasios Monachos

MasterCard.com.au suffers from an open redirect vulnerability.

tags | exploit
MD5 | 77dc1b214c7c0b74a7b3c4e00d19a427
Page 1 of 6
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close