Exploit the possiblities
Showing 1 - 25 of 108 RSS Feed

Files

Packet Storm New Exploits For August, 2014
Posted Sep 2, 2014
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 107 exploits added to Packet Storm in August, 2014.

tags | exploit
systems | linux
MD5 | 4f825f64dba14971bbabd747b5501530
ManageEngine Desktop Central Remote Shell Upload
Posted Aug 31, 2014
Authored by Pedro Ribeiro

ManageEngine Desktop Central suffers from code execution and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution
advisories | CVE-2014-5005, CVE-2014-5006, CVE-2014-5007
MD5 | 5ba76316b7f2f11846d0b5bd3617315f
WordPress Slideshow Gallery 1.4.6 Shell Upload
Posted Aug 31, 2014
Authored by Jesus Ramirez Pichardo

WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2014-5460
MD5 | 81f4cca040bad7650f17271b5bd88568
Fat Free CRM Cross Site Scripting
Posted Aug 31, 2014
Authored by Ankit Bharathan

Fat Free CRM suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4deecdbcdb47e7c3805ef3c2e3d5e992
STI-CS Cross Site Scripting
Posted Aug 30, 2014
Authored by IeDb

Sites powered by STI-CS appear to suffer from a reflective cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | 8266ca03c5192d79ee8fe25d278bf8a6
MX-SmartTimer 13.18.5.11 SQL Injection
Posted Aug 30, 2014
Authored by Juan Seybold

MX-SmartTimer version 13.18.5.11 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-5440
MD5 | 2f9e6853e43395d2a0de57e255121a54
EhsanWeb Cross Site Scripting
Posted Aug 30, 2014
Authored by IeDb

EhsanWeb suffers from a reflective cross site scripting vulnerability in the forgot password flow. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | 5c13b0ebe959a64a0446bf656677454e
Wing FTP Server Authenticated Command Execution
Posted Aug 29, 2014
Authored by Nicholas Nam | Site metasploit.com

This Metasploit module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. When supplying a specially crafted HTTP POST request an attacker can use os.execute() to execute arbitrary system commands on the target with SYSTEM privileges.

tags | exploit, web, arbitrary
MD5 | 21df48639ac98acdd1f24e97cb91eb26
Microsoft Internet Explorer MS14-029 Memory Corruption
Posted Aug 29, 2014
Authored by PhysicalDrive0

Microsoft Internet Explorer memory corruption proof of concept exploit that leverages the vulnerability noted in MS14-029.

tags | exploit, proof of concept
advisories | CVE-2014-1815
MD5 | 6b443ab31438092898630626b781717f
HTML Help Workshop 1.4 Buffer Overflow
Posted Aug 29, 2014
Authored by Moroccan Kingdom

HTML Help Workshop version 1.4 SEH buffer overflow exploit.

tags | exploit, overflow
MD5 | a820da9b22d7d49b0249dc2f9767e87d
F5 Unauthenticated rsync Access To Remote Root Code Execution
Posted Aug 29, 2014
Authored by Thomas Hibbert | Site security-assessment.com

When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance. Affected includes F5 BIG-IP 11.x versions before 11.6.0, 11.5.1 HF3, 11.5.0 HF4, 11.4.1 HF, 11.4.0 HF7, 11.3.0 HF9, and 11.2.1 HF11, Enterprise Manager 3.x versions before 3.1.1 HF2.

tags | exploit, remote, root
MD5 | 868726aed8a7161145314346c69c2e08
NRPE 2.15 Remote Command Execution
Posted Aug 28, 2014
Authored by Dawid Golunski, Claudio Viviani

NRPE version 2.15 remote command execution exploit written in Python.

tags | exploit, remote, python
advisories | CVE-2014-2913
MD5 | 4b0b57ab99b65f8ef2ab1855d3a61cbd
DomainTrader Domain Parking / Auction Script 2.5.3 CSRF / XSS
Posted Aug 28, 2014
Authored by Haider Mahmood

DomainTrader Domain Parking and Auction Script version 2.5.3 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 7327c89ee1f75ee1b3df7335da2449a5
Jappix Cross Site Scripting
Posted Aug 28, 2014
Authored by Provensec

Jappix suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 93fbb0ecd176a2ff77362057c52b9bba
F5 BIG-IP 11.5.1 Cross Site Scripting
Posted Aug 28, 2014
Authored by S. Viehbock | Site sec-consult.com

F5 BIG-IP versions 11.5.1 and below suffer from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-4023
MD5 | 1edf12bed5c1cdadc32d85e80675f569
ActualAnalyzer Remote Command Execution
Posted Aug 28, 2014
Authored by Benjamin Harris

ActualAnalyzer remote command execution exploit that leverages an eval.

tags | exploit, remote
MD5 | 3df62c9ba5621917a524f1632b1ad4b2
PhpWiki Ploticus Command Injection
Posted Aug 28, 2014
Authored by Benjamin Harris

Proof of concept exploit for PhpWiki that demonstrates a remote command injection vulnerability via the Ploticus module.

tags | exploit, remote, proof of concept
MD5 | 208372d3a805a6d5bc13de70fcdfadad
XRMS Blind SQL Injection / Command Execution
Posted Aug 28, 2014
Authored by Benjamin Harris

XRMS blind SQL injection exploit that leverages $_SESSION poisoning and achieves remote command execution.

tags | exploit, remote, sql injection
MD5 | a8201810d4fe781c5a5600f3a57aaac9
Plogger Authenticated Arbitrary File Upload
Posted Aug 28, 2014
Authored by b0z

Plogger versions prior to 1.0-RC1 suffer from a remote authenticated arbitrary file upload vulnerability.

tags | exploit, remote, arbitrary, file upload
advisories | CVE-2014-2223
MD5 | a47fe11fe297628978abb90f66b405fc
Firefox WebIDL Privileged Javascript Injection
Posted Aug 27, 2014
Authored by joev, Marius Mlynski | Site metasploit.com

This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs.

tags | exploit, remote, javascript, vulnerability, code execution
advisories | CVE-2014-1510, CVE-2014-1511
MD5 | cd3bc27615aee1fe6d9023c93754e0ee
ManageEngine DeviceExpert 5.9 Credential Disclosure
Posted Aug 27, 2014
Authored by Pedro Ribeiro

ManageEngine DeviceExpert version 5.9 suffers from a user credential disclosure vulnerability.

tags | exploit, info disclosure
MD5 | e6fc466b67f24a9a196f74543cad86b1
WooCommerce Store Exporter 1.7.5 Cross Site Scripting
Posted Aug 27, 2014
Authored by Mike Manzotti

WooCommerce Store Exporter version 1.7.5 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | beb5e0712cc1cf553e26750bb6be869c
Furniture Site Manager SQL Injection
Posted Aug 27, 2014
Authored by KnocKout

Furniture Site Manager suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 4381e13813da1876a4b595817e07016c
glibc __gconv_translit_find() Privilege Escalation
Posted Aug 26, 2014
Authored by Chris Evans, Tavis Ormandy

glibc __gconv_translit_find() single-fixed-byte heap metadata overflow local root exploit for Fedora 20 32-bit. This issue is not specific to Fedora, but the proof of concept is specifically for Fedora 20 32-bit.

tags | exploit, overflow, local, root, proof of concept
systems | linux, unix, fedora
advisories | CVE-2014-5119
MD5 | 793916b5756ad9ad1e630a13328c6fa9
Grand MA 300 Fingerprint Reader Weak PIN Verification
Posted Aug 26, 2014
Authored by Eric Sesterhenn | Site lsexperts.de

Grand MA 300/ID with firmware 6.60 has a weakness that allows the retrieval of the access pin from sniffed data, as well as a weakness that allows a fast brute-force attack on the pin.

tags | exploit
advisories | CVE-2014-5380, CVE-2014-5381
MD5 | 5eb76cc847bc8f032caa96b99771031d
Page 1 of 5
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
PlexCoin Scam Founder Sentenced To Jail And Fined $10k
Posted Dec 10, 2017

tags | headline, cybercrime, fraud, scam, cryptography
Google Lifts Lid On FBI Data Requests: Now You Can Read Actual Letters Online
Posted Dec 9, 2017

tags | headline, government, privacy, usa, google, fbi
Android Flaw Lets Attack Code Slip Into Signed Apps
Posted Dec 9, 2017

tags | headline, malware, phone, flaw, google
Millions Stolen In NiceHash Bitcoin Heist
Posted Dec 9, 2017

tags | headline, hacker, cybercrime, fraud, cryptography
Apple HomeKit Flaw Left Smart Gadgets Vulnerable
Posted Dec 9, 2017

tags | headline, flaw, apple
Intel Management Engine Pwned By Buffer Overflow
Posted Dec 7, 2017

tags | headline, hacker, flaw, conference, intel
Google Steps Up Browser Rivalry With Site Isolation Security
Posted Dec 7, 2017

tags | headline, google, chrome
Ajit Pai Falsely Claims Killing Net Neutrality Helps The Sick
Posted Dec 7, 2017

tags | headline, government, usa, fraud
Bitcoin Breaks Through The $15,000 Mark
Posted Dec 7, 2017

tags | headline, cryptography
CryptoKitties Craze Slows Down Transactions On Ethereum
Posted Dec 6, 2017

tags | headline, denial of service, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close