Exploit the possiblities
Showing 1 - 25 of 159 RSS Feed

Files

Packet Storm New Exploits For November, 2014
Posted Nov 30, 2014
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 158 exploits added to Packet Storm in November, 2014.

tags | exploit
systems | linux
MD5 | 51af3b88b8d31e4eede4d66ec8ec98a1
Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution
Posted Nov 30, 2014
Authored by Yuange, Rik van Duijn, Robert Freeman | Site metasploit.com

This Metasploit module exploits Windows OLE Automation Array Vulnerability known as CVE-2014-6332. The vulnerability affects Internet Explorer 3.0 until version 11 within Windows95 up to Windows 10. Powershell is required on the target machine. On Internet Explorer versions using Protected Mode, the user has to manually allow powershell.exe to execute in order to be compromised.

tags | exploit
systems | windows
advisories | CVE-2014-6332
MD5 | dc3b2b3c5d14cf3129327699d7fcaad0
Tiny Server 1.1.9 Arbitrary File Disclosure
Posted Nov 29, 2014
Authored by ZoRLu

Tiny Server version 1.1.9 suffers from a file disclosure vulnerability via directory traversal.

tags | exploit, info disclosure
MD5 | 75dcaeabe7ab879d3f79ae75ed9bca3d
WordPress 4.0 Denial Of Service
Posted Nov 29, 2014
Authored by John Martinelli

WordPress versions 4.0 and below suffer from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2014-9034
MD5 | 6bf443ef64575baec673f3590c78c66d
Tuleap 7.6-4 PHP Object Injection
Posted Nov 28, 2014
Authored by EgiX

Tuleap versions 7.6-4 and below suffer from a PHP object injection vulnerability in register.php.

tags | exploit, php
advisories | CVE-2014-8791
MD5 | 996df917e13e1acb41ce3587aaadfbe7
Microsoft IIS 7.5 Cross Site Scripting
Posted Nov 28, 2014
Authored by A Z

Microsoft IIS version 7.5 suffers from an error message cross site scripting vulnerability.

tags | exploit, xss
MD5 | 152e4ab2c7c811226a05af5d9a02f75b
D-Link DAP-1360 Cross Site Scripting / Cross Site Request Forgery
Posted Nov 28, 2014
Authored by MustLive

The D-Link DAP-1360 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 27bd4054a49156d0664a0f4a7b85cf4b
Sniffit Root Shell
Posted Nov 27, 2014
Authored by Hector Marco, Ismael Ripoll

A specially-crafted sniffit configuration file can be leveraged to execute code as root.

tags | exploit, root
advisories | CVE-2014-5439
MD5 | 39dc90168b607b2a256340489f35bf4f
India Times Cross Site Scripting
Posted Nov 27, 2014
Authored by Jing Wang

The India Times site suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | a664084726bc1f4955f0d1119a8cae19
WordPress Ad-Manager 1.1.2 Open Redirect
Posted Nov 27, 2014
Authored by Jing Wang

WordPress Ad-Manager version 1.1.2 suffers from an open redirection vulnerability.

tags | exploit
advisories | CVE-2014-8754
MD5 | 83f7a807768b8afb1c2036ab7bf3f82f
Springshare LibCal 2.0 Cross Site Scripting
Posted Nov 27, 2014
Authored by Jing Wang

Springshare LibCal version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7291
MD5 | ba2a031fb24b6cb8f10993c4f5680095
Weather Channel Cross Site Scripting
Posted Nov 27, 2014
Authored by Jing Wang

Weather Channel's weather.com suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 869c3e1769340d7852c8012042f81f40
Pandora FMS SQL Injection Remote Code Execution
Posted Nov 26, 2014
Authored by Jason Kratzer, Lincoln | Site metasploit.com

This Metasploit module attempts to exploit multiple issues in order to gain remote code execution under Pandora FMS versions equal to and prior to 5.0 SP2. First, an attempt to authenticate using default credentials is performed. If this method fails, a SQL injection vulnerability is leveraged in order to extract the "Auto Login" password hash. If this value is not set, the module will then extract the administrator account's MD5 password hash.

tags | exploit, remote, code execution, sql injection
MD5 | d879b2c710bcfc29da92c8253b550c36
xEpan 1.0.1 Cross Site Request Forgery
Posted Nov 26, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

xEpan version 1.0.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-8429
MD5 | c3382b74a1102f2a0d52556b93f634ce
Android WAPPushManager SQL Injection
Posted Nov 26, 2014
Authored by WangTao, Zhang Donghui, WangYu

Android versions prior to 5.0 suffer from a remote SQL injection vulnerability in the opt module WAPPushManager.

tags | exploit, remote, sql injection
advisories | CVE-2014-8507
MD5 | 5a102c9595a8170289122969255e08d4
Android SMS Resend
Posted Nov 26, 2014
Authored by WangTao, Zhang Donghui, WangYu

Android versions prior to 5.0 allow an unprivileged application the ability to resend all the SMS's stored in the users phone.

tags | exploit
advisories | CVE-2014-8610
MD5 | 9f5ebc82ec4837d35e7ffff8981a2ab1
Android Settings Pendingintent Leak
Posted Nov 26, 2014
Authored by WangTao, Zhang Donghui, WangYu

In Android versions prior to 5.0 and possibly greater than and equal to 4.0, Settings application leaks Pendingintent with a blank base intent (neither the component nor the action is explicitly set) to third party applications. Due to this, a malicious app can use this to broadcast intent with the same permissions and identity of the Settings application, which runs as SYSTEM uid.

tags | exploit
advisories | CVE-2014-8609
MD5 | b7ba70229b21bd94751929637627477f
Device42 Embedded Credentials
Posted Nov 26, 2014
Authored by Brandon Perry

Device42 DCIM Appliance Manager versions 5.10 and 6.0 have hardcoded credentials and also suffer from remote command injection vulnerabilities.

tags | exploit, remote, vulnerability
MD5 | 970d75c3fd1cf02517ca875a7dfb7097
Device42 Traceroute Command Injection
Posted Nov 26, 2014
Authored by Brandon Perry | Site metasploit.com

Device42 DCIM Appliance Manager versions 5.10 and 6.0 with WAN emulator version 2.3 remote command injection exploit for Metasploit that leverages traceroute.

tags | exploit, remote
MD5 | 29dea352245e10c3a4a7588e05342cc0
Device42 Ping Command Injection
Posted Nov 26, 2014
Authored by Brandon Perry | Site metasploit.com

Device42 DCIM Appliance Manager versions 5.10 and 6.0 with WAN emulator version 2.3 remote command injection exploit for Metasploit that leverages ping.

tags | exploit, remote
MD5 | 6b6c3329dff12b38c51a77d1df5e5d00
CCH Wolters Kluwer PFX Engagement 7.1 Privilege Escalation
Posted Nov 26, 2014
Authored by singularitysec

CCH Wolters Kluwer PFX Engagement versions 7.1 and below suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2014-9113
MD5 | 6f603f041b2a459e6c6fffb9a771fea4
MyBB 1.8.2 unset_globals() Bypass / Remote Code Execution
Posted Nov 26, 2014
Authored by Taoguang Chen

MyBB versions 1.8.2 and below suffer from an unset_globals() function bypass and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, bypass
MD5 | 2db89ccf55f105aebb8916ab28acff84
phpBB 3.1.1 deregister_globals() Bypass
Posted Nov 26, 2014
Authored by Taoguang Chen

phpBB versions 3.1.1 and below suffer from a deregister_globals() bypass vulnerability.

tags | exploit, bypass
MD5 | 81da95da009a459c377573cf804f75a0
Slider Revolution/Showbiz Pro Shell Upload
Posted Nov 26, 2014
Authored by Simo Ben Youssef | Site morxploit.com

Slider Revolution versions 3.0.95 and below and Showbiz Pro versions 1.7.1 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 8e7f33830730cefac23bf4df2b47c4ae
WordPress Sexy Squeeze Pages Cross Site Scripting
Posted Nov 26, 2014
Authored by KnocKout

WordPress Sexy Squeeze Pages plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 98633baceec400054a7d0d46590b1abe
Page 1 of 7
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Germany Urges Parents To Destroy Snooping Smartwatches
Posted Nov 20, 2017

tags | headline, privacy, germany
Drone Maker Makes Hacking Accusations
Posted Nov 20, 2017

tags | headline, hacker, flaw
DNS Resolver 9.9.9.9 Will Check Requests Against IBM Threat Database
Posted Nov 20, 2017

tags | headline, malware, dns
F5 DROWNing, Not Waving, In Crypto Fail
Posted Nov 20, 2017

tags | headline, flaw, cryptography
Cap'n Crunch Booted From Conferences Due To Sexual Misconduct Claims
Posted Nov 18, 2017

tags | headline, hacker, phone, conference
3 More Android Malware Families Invade Google Play Store
Posted Nov 18, 2017

tags | headline, malware, phone, google
Shamed TLS/SSL Cert Authority StartCom To Shut Up Shop
Posted Nov 18, 2017

tags | headline, privacy, data loss, flaw, cryptography
Massive US Military Social Media Spying Archive Left Wide Open In AWS S3 Buckets
Posted Nov 18, 2017

tags | headline, government, privacy, usa, amazon, data loss, flaw, spyware, social
NYPD Cops Need A Warrant To Snoop On Your Phone
Posted Nov 17, 2017

tags | headline, government, privacy, usa, phone
Oracle Scrambles To Fix Security Flaws In Tuxedo
Posted Nov 17, 2017

tags | headline, database, flaw, oracle
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close