Exploit the possiblities
Showing 1 - 25 of 162 RSS Feed

Files

Packet Storm New Exploits For October, 2014
Posted Nov 5, 2014
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 161 exploits added to Packet Storm in October, 2014.

tags | exploit
systems | linux
MD5 | 0f3ef706f7670fd94107ee11f5e3ed44
Xerox Multifunction Printers (MFP) "Patch" DLM Escalation
Posted Oct 31, 2014
Authored by Deral Heiland, Pete Bokojan Arzamendi | Site metasploit.com

This Metasploit module exploits a vulnerability found in Xerox Multifunction Printers (MFP). By supplying a modified Dynamic Loadable Module (DLM), it is possible to execute arbitrary commands under root privileges.

tags | exploit, arbitrary, root
MD5 | 270e3aa9b73dd488246b837651307080
McAfee EEFF / FRP Predictable Salt
Posted Oct 31, 2014
Authored by Matthias Deeg

The software encryption tool McAfee Endpoint Encryption for Removable Media (EERM) which is part of the data protection software McAfee Endpoint Encryption for Files and Folders (EEFF) uses a static and thus predictable salt for generating password hashes using the password-based key derivation function 2 (PBKDF2). Due to the use of a predictable, hard-coded salt, it is possible for an attacker to precompute password candidates and thus to perform more efficient dictionary attacks against the password-based authentication with the use of rainbow tables (time-memory trade-off).

tags | exploit
advisories | CVE-2014-8565
MD5 | 390b4a7ad55a68812f34c441ef059425
HumHub Modules Mail 0.5.8 Cross Site Scripting
Posted Oct 31, 2014
Authored by Morten Nortoft, Kenneth Jepsen, Mikkel Vej

HumHub Modules Mail version 0.5.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 0742c9011158d478fb61391c642832fe
F5 Big-IP 11.3.0.39.0 XML External Entity Injection #2
Posted Oct 30, 2014
Authored by Oliver Gruskovnjak | Site portcullis-security.com

F5 Big-IP version 11.3.0.39.0 suffers from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2014-6033
MD5 | 6982ddb9816c893aa70aa34750f3f3ea
F5 Big-IP 11.3.0.39.0 XML External Entity Injection #1
Posted Oct 30, 2014
Authored by Oliver Gruskovnjak | Site portcullis-security.com

F5 Big-IP version 11.3.0.39.0 suffers from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2014-6032
MD5 | 9f5e815449dbbfe8d1b5de6b4c756b6c
MAARCH 1.4 Arbitrary File Upload
Posted Oct 30, 2014
Authored by Adrien Thierry

MAARCH version 1.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | ca2b50876ac57a8ccc3e9fdf3042d614
MAARCH 1.4 SQL Injection
Posted Oct 30, 2014
Authored by Adrien Thierry

MAARCH version 1.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 647a4fc392499661bdba82106636557b
IBM Tivoli Monitoring 6.2.2 kbbacf1 Privilege Escalation
Posted Oct 30, 2014
Authored by Robert Jaroszuk

IBM Tivoli Monitoring version 6.2.2 kbbacf1 privilege escalation exploit.

tags | exploit
advisories | CVE-2013-5467
MD5 | 653f2bb6a7913408f4cc0ffc92081cf6
Konke Smart Plug Authentication Bypass
Posted Oct 30, 2014
Authored by zixian, gamehacker

Konke Smart Plug suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2014-7279
MD5 | f850baa81babc49cb3f2addc71c8e0e1
EspoCRM 2.5.2 XSS / LFI / Access Control
Posted Oct 29, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

EspoCRM version 2.5.2 suffers from cross site scripting, local file inclusion, and improper access control vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2014-7985, CVE-2014-7986, CVE-2014-7987
MD5 | 6d3526d415f07821621503e79ba586d0
Confluence RefinedWiki Original Theme Cross Site Scripting
Posted Oct 29, 2014
Authored by Manuel Hofer | Site sec-consult.com

Confluence RefinedWiki Original Theme versions 3.x through 4.0.x suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 41ef09eddf4a336af9a4729f9a2db14b
Joomla RD Download SQL Injection
Posted Oct 29, 2014
Authored by Claudio Viviani

Joomla RD Download component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3fdcf85c29196d21ef907436b776b5e8
Nuevolabs Nuevoplayer For Clipshare SQL Injection
Posted Oct 29, 2014
Authored by Cory Marsh

Nuevolabs Nuevoplayer for Clipshare suffer from privilege escalation and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2014-8339
MD5 | bd94d7ea9b8d81bedd2772b675062f88
CUPS Filter Bash Environment Variable Code Injection
Posted Oct 28, 2014
Authored by Michal Zalewski, Stephane Chazelas | Site metasploit.com

This Metasploit module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables by default.

tags | exploit, bash
advisories | CVE-2014-6271, CVE-2014-6278
MD5 | 29f7d463eabc5a2bc1364b1db48a8215
Tuleap 7.4.99.5 Remote Command Execution
Posted Oct 28, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

Enalean Tuleap versions 7.4.99.5 and below suffer from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2014-7178
MD5 | c281c54c18b0e63255d47b4e3bd15c05
Tuleap 7.2 XXE Injection
Posted Oct 28, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

Enalean Tuleap versions 7.2 and below suffer from an external XML entity injection vulnerability.

tags | exploit
advisories | CVE-2014-7177
MD5 | 7448df07c86ae67d844fb035d4507230
Tuleap 7.4.99.5 Blind SQL Injection
Posted Oct 28, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

Enalean Tuleap versions 7.4.99.5 and below suffer from a remote, authenticated blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-7176
MD5 | 3230d92c11f0d7e71905298061cbb705
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) Buffer Overflow
Posted Oct 28, 2014
Authored by ZoRLu

Mini-stream RM-MP3 Converter version 3.1.2.1.2010.03.30 suffers from a buffer overflow vulnerability when handling .wax files.

tags | exploit, overflow
MD5 | bdc26c20b4676cc54f28f085bbfb482f
ESTsoft ALUpdate 8.5.1.0.0 Privilege Escalation
Posted Oct 28, 2014
Authored by Osanda Malith

ESTsoft ALUpdate version 8.5.1.0.0 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2014-8494
MD5 | 1ffa37aae8784b3305279987120f2b25
Windows TrackPopupMenu Win32k NULL Pointer Dereference
Posted Oct 28, 2014
Authored by Spencer McIntyre, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a NULL Pointer Dereference in win32k.sys, the vulnerability can be triggered through the use of TrackPopupMenu. Under special conditions, the NULL pointer dereference can be abused on xxxSendMessageTimeout to achieve arbitrary code execution. This Metasploit module has been tested successfully on Windows XP SP3, Windows 2003 SP2, Windows 7 SP1 and Windows 2008 32bits. Also on Windows 7 SP1 and Windows 2008 R2 SP1 64 bits.

tags | exploit, arbitrary, code execution
systems | windows, xp, 7
advisories | CVE-2014-4113
MD5 | 52feb4363d45b4378ac8a66855db145f
CBN CH6640E/CG6640E Wireless Gateway XSS / CSRF / DoS / Disclosure
Posted Oct 28, 2014
Authored by LiquidWorm | Site zeroscience.mk

The CBN CH6640E/CG6640E wireless gateway series suffers from information disclosure, cross site request forgery, cross site scripting, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, info disclosure, csrf
MD5 | 280cf06b56acc49647c159ab2fdb0bf3
Google Youtube Filter Bypass / Cross Site Scripting
Posted Oct 27, 2014
Authored by Jasminder Pal Singh | Site vulnerability-lab.com

Google Youtube suffered from filter bypass and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | f077cfed9b8a78027cab7e6af29d1925
Folder Plus 2.5.1 Script Injection
Posted Oct 27, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Folder Plus version 2.5.1 suffers from a persistent script insertion vulnerability.

tags | exploit
MD5 | 1755959d7a7ce0b0a31b51eb0ffa63af
Apple iOS 8.0.2 Denial Of Service
Posted Oct 27, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Apple iOS version 8.0.2 suffers from a contact handling denial of service vulnerability.

tags | exploit, denial of service
systems | apple, ios
MD5 | e57bf30ef838656f87cd666e13a7c69f
Page 1 of 7
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
PlexCoin Scam Founder Sentenced To Jail And Fined $10k
Posted Dec 10, 2017

tags | headline, cybercrime, fraud, scam, cryptography
Google Lifts Lid On FBI Data Requests: Now You Can Read Actual Letters Online
Posted Dec 9, 2017

tags | headline, government, privacy, usa, google, fbi
Android Flaw Lets Attack Code Slip Into Signed Apps
Posted Dec 9, 2017

tags | headline, malware, phone, flaw, google
Millions Stolen In NiceHash Bitcoin Heist
Posted Dec 9, 2017

tags | headline, hacker, cybercrime, fraud, cryptography
Apple HomeKit Flaw Left Smart Gadgets Vulnerable
Posted Dec 9, 2017

tags | headline, flaw, apple
Intel Management Engine Pwned By Buffer Overflow
Posted Dec 7, 2017

tags | headline, hacker, flaw, conference, intel
Google Steps Up Browser Rivalry With Site Isolation Security
Posted Dec 7, 2017

tags | headline, google, chrome
Ajit Pai Falsely Claims Killing Net Neutrality Helps The Sick
Posted Dec 7, 2017

tags | headline, government, usa, fraud
Bitcoin Breaks Through The $15,000 Mark
Posted Dec 7, 2017

tags | headline, cryptography
CryptoKitties Craze Slows Down Transactions On Ethereum
Posted Dec 6, 2017

tags | headline, denial of service, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close