exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 159 RSS Feed

Files

Packet Storm New Exploits For November, 2014
Posted Nov 30, 2014
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 158 exploits added to Packet Storm in November, 2014.

tags | exploit
systems | linux
SHA-256 | 24de2b71477635f2bdb96e6990ed37de9cb8848dd29210ffe8ddd1d0ec948734
Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution
Posted Nov 30, 2014
Authored by Yuange, Rik van Duijn, Robert Freeman | Site metasploit.com

This Metasploit module exploits Windows OLE Automation Array Vulnerability known as CVE-2014-6332. The vulnerability affects Internet Explorer 3.0 until version 11 within Windows95 up to Windows 10. Powershell is required on the target machine. On Internet Explorer versions using Protected Mode, the user has to manually allow powershell.exe to execute in order to be compromised.

tags | exploit
systems | windows
advisories | CVE-2014-6332
SHA-256 | a21c73516ca752edd0b68c3886ddd782c3596ad30278942d9c8600f98098d65b
Tiny Server 1.1.9 Arbitrary File Disclosure
Posted Nov 29, 2014
Authored by ZoRLu

Tiny Server version 1.1.9 suffers from a file disclosure vulnerability via directory traversal.

tags | exploit, info disclosure
SHA-256 | 8e024c6f998f6f042e074c97d5919ff9e0154ff022aa987da869b585ca75c143
WordPress 4.0 Denial Of Service
Posted Nov 29, 2014
Authored by John Martinelli from ISRD.com

WordPress versions 4.0 and below suffer from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2014-9034
SHA-256 | db06a68758cd9dad1d5395c990fc04dd3f23911c44cbcde51be81bd708299ba0
Tuleap 7.6-4 PHP Object Injection
Posted Nov 28, 2014
Authored by EgiX

Tuleap versions 7.6-4 and below suffer from a PHP object injection vulnerability in register.php.

tags | exploit, php
advisories | CVE-2014-8791
SHA-256 | 192dd00027ad64789b52484759c17f92a935cf687f895373607d3b900d19a1ad
Microsoft IIS 7.5 Cross Site Scripting
Posted Nov 28, 2014
Authored by A Z

Microsoft IIS version 7.5 suffers from an error message cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 81fc5a1359863025158fd7f1f9fdf3d02dcf4f689641d8608af4bda5ce325575
D-Link DAP-1360 Cross Site Scripting / Cross Site Request Forgery
Posted Nov 28, 2014
Authored by MustLive

The D-Link DAP-1360 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 55251ecf0633440957d348713dd25ad1aa213796491552bd68d69efa4111b2e0
Sniffit Root Shell
Posted Nov 27, 2014
Authored by Hector Marco, Ismael Ripoll

A specially-crafted sniffit configuration file can be leveraged to execute code as root.

tags | exploit, root
advisories | CVE-2014-5439
SHA-256 | 0e5fe0fcd83bf75ca01e02b696edc874fa9921b6318df3ad0fddb1136bf2a3eb
India Times Cross Site Scripting
Posted Nov 27, 2014
Authored by Jing Wang

The India Times site suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 27ec2357a0f195cb6415de9ecdba19bb9890d2d4f6cbd1342c38d2f4dcf4dd04
WordPress Ad-Manager 1.1.2 Open Redirect
Posted Nov 27, 2014
Authored by Jing Wang

WordPress Ad-Manager version 1.1.2 suffers from an open redirection vulnerability.

tags | exploit
advisories | CVE-2014-8754
SHA-256 | 481e53868adfd461ba5cde08f15d349c49cb6d5d3b80e29c05bf4b37ff39b763
Springshare LibCal 2.0 Cross Site Scripting
Posted Nov 27, 2014
Authored by Jing Wang

Springshare LibCal version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7291
SHA-256 | 4c0fe54916f30cdf49c6c044a53f873e35b2d1c4e776981a9ad714a82f7cc20f
Weather Channel Cross Site Scripting
Posted Nov 27, 2014
Authored by Jing Wang

Weather Channel's weather.com suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 4659c08736f1b4bac545584b83972e574cc06de7ed4a970775fe6adbe922aacd
Pandora FMS SQL Injection / Remote Code Execution
Posted Nov 26, 2014
Authored by Jason Kratzer, Lincoln | Site metasploit.com

This Metasploit module attempts to exploit multiple issues in order to gain remote code execution under Pandora FMS versions equal to and prior to 5.0 SP2. First, an attempt to authenticate using default credentials is performed. If this method fails, a SQL injection vulnerability is leveraged in order to extract the "Auto Login" password hash. If this value is not set, the module will then extract the administrator account's MD5 password hash.

tags | exploit, remote, code execution, sql injection
SHA-256 | fc913d99854d2c8194e4f3b46434494278885d559958fa670ed923151a77b005
xEpan 1.0.1 Cross Site Request Forgery
Posted Nov 26, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

xEpan version 1.0.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-8429
SHA-256 | 93905a94b8881af358eda8b862d28a7d5a7bdbd6d87c6e77054c3f04728082bf
Android WAPPushManager SQL Injection
Posted Nov 26, 2014
Authored by WangTao, Zhang Donghui, WangYu

Android versions prior to 5.0 suffer from a remote SQL injection vulnerability in the opt module WAPPushManager.

tags | exploit, remote, sql injection
advisories | CVE-2014-8507
SHA-256 | 18706be9be8033c24e8c2f06033de0b992c7dd3941e112ef9d8ce5cecd8fdef9
Android SMS Resend
Posted Nov 26, 2014
Authored by WangTao, Zhang Donghui, WangYu

Android versions prior to 5.0 allow an unprivileged application the ability to resend all the SMS's stored in the users phone.

tags | exploit
advisories | CVE-2014-8610
SHA-256 | 9954c7e735f97d8deaa62bdd4dd7a93cbbb3e11d2057e1ba006ba091a07683fc
Android Settings Pendingintent Leak
Posted Nov 26, 2014
Authored by WangTao, Zhang Donghui, WangYu

In Android versions prior to 5.0 and possibly greater than and equal to 4.0, Settings application leaks Pendingintent with a blank base intent (neither the component nor the action is explicitly set) to third party applications. Due to this, a malicious app can use this to broadcast intent with the same permissions and identity of the Settings application, which runs as SYSTEM uid.

tags | exploit
advisories | CVE-2014-8609
SHA-256 | cfc2aeebb8ce7b28e800f8cd2c1a2ef4f012afd9da67892dea7842b3fef42e7c
Device42 Embedded Credentials
Posted Nov 26, 2014
Authored by Brandon Perry

Device42 DCIM Appliance Manager versions 5.10 and 6.0 have hardcoded credentials and also suffer from remote command injection vulnerabilities.

tags | exploit, remote, vulnerability
SHA-256 | 47d0bb4ee432dc13a705f89a07909d8cdbdeeb3f951e98bf1888d524fb84ce61
Device42 Traceroute Command Injection
Posted Nov 26, 2014
Authored by Brandon Perry | Site metasploit.com

Device42 DCIM Appliance Manager versions 5.10 and 6.0 with WAN emulator version 2.3 remote command injection exploit for Metasploit that leverages traceroute.

tags | exploit, remote
SHA-256 | e2f6512a30f338fd030b36604071a79b13a88b9fdf4c8034dc527a27aa2ff592
Device42 Ping Command Injection
Posted Nov 26, 2014
Authored by Brandon Perry | Site metasploit.com

Device42 DCIM Appliance Manager versions 5.10 and 6.0 with WAN emulator version 2.3 remote command injection exploit for Metasploit that leverages ping.

tags | exploit, remote
SHA-256 | 09e949ee2c12810265edcb0ba195795b730ea412d995e215b44e58c84ea6d497
CCH Wolters Kluwer PFX Engagement 7.1 Privilege Escalation
Posted Nov 26, 2014
Authored by singularitysec

CCH Wolters Kluwer PFX Engagement versions 7.1 and below suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2014-9113
SHA-256 | 36550649271a777da5e3bdb31f777a4a5c0c5f089e34ab04078ef57d4129ecbe
MyBB 1.8.2 unset_globals() Bypass / Remote Code Execution
Posted Nov 26, 2014
Authored by Taoguang Chen

MyBB versions 1.8.2 and below suffer from an unset_globals() function bypass and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, bypass
SHA-256 | a691b9b40b1b09c878c6dabf004797b5a74ac29c49123dfae6aadb61bdba3161
phpBB 3.1.1 deregister_globals() Bypass
Posted Nov 26, 2014
Authored by Taoguang Chen

phpBB versions 3.1.1 and below suffer from a deregister_globals() bypass vulnerability.

tags | exploit, bypass
SHA-256 | 05feb1c2143bc563aea79f035ee6a9f2a25fd7538e2a1eaf959167cbc2e80130
Slider Revolution/Showbiz Pro Shell Upload
Posted Nov 26, 2014
Authored by Simo Ben Youssef | Site morxploit.com

Slider Revolution versions 3.0.95 and below and Showbiz Pro versions 1.7.1 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | ca657f1a9a31a06a387229bf959af2f2630ece3badc1c268a0ca6e9c67272e71
WordPress Sexy Squeeze Pages Cross Site Scripting
Posted Nov 26, 2014
Authored by KnocKout

WordPress Sexy Squeeze Pages plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8793ad38d9dfbe4490552ccd9b80858ec761b30f9e6cba3c99073dba85c6703d
Page 1 of 7
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close