Twenty Year Anniversary
Showing 1 - 25 of 184 RSS Feed

Files

Packet Storm New Exploits For 2014
Posted Jan 3, 2015
Authored by Todd J. | Site packetstormsecurity.org

Complete comprehensive archive of all 1,915 exploits added to Packet Storm in 2014.

tags | exploit
systems | linux
MD5 | 5d8dfaace265e744db58310fb34aba75
Packet Storm New Exploits For December, 2014
Posted Jan 3, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 181 exploits added to Packet Storm in December, 2014.

tags | exploit
systems | linux
MD5 | 6dba0e9e36b2f0377ddbd4128d59cad4
Symantec Web Gateway 5.2.1 OS Command Injection
Posted Dec 31, 2014
Authored by EgiX

Symantec Web Gateway versions 5.2.1 and below suffer from a remote OS command injection vulnerability.

tags | exploit, remote, web
advisories | CVE-2014-7285
MD5 | 273c532a1992d8c9055fb637dae33ffc
GetSimple CMS 3.3.4 XML External Entity Injection
Posted Dec 31, 2014
Authored by EgiX

GetSimple CMS versions 3.1.1 through 3.3.4 suffer from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2014-8790
MD5 | b8ab5de12acbf7ab9f48c19dcb966947
Absolut Engine 1.73 Cross Site Scripting / SQL Injection
Posted Dec 31, 2014
Authored by Steffen Roesemann

CMS Absolute Engine version 1.73 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 5530d741598ceedde7cc2793632e3839
i-FTP 2.20 Schedule Buffer Overflow
Posted Dec 31, 2014
Authored by Gabor Seljan, metacom | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in i-Ftp version 2.20, caused by a long time value set for scheduled download. By persuading the victim to place a specially-crafted Schedule.xml file in the i-FTP folder, a remote attacker could execute arbitrary code on the system or cause the application to crash. This Metasploit module has been tested successfully on Windows XP SP3.

tags | exploit, remote, overflow, arbitrary
systems | windows, xp
MD5 | 91faa2a1b6eebff51d22ba13f4275a3f
Mantis Bug Tracker 1.2.17 PHP Code Injection
Posted Dec 31, 2014
Authored by EgiX

Mantis Bug Tracker versions 1.2.0 through 1.2.17 suffer from a PHP code injection vulnerability.

tags | exploit, php
advisories | CVE-2014-7146
MD5 | 673ab348d712c0f346dee0bed801dc1b
Osclass 3.4.2 Local File Inclusion
Posted Dec 31, 2014
Authored by EgiX

Osclass versions 3.4.2 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2014-8084
MD5 | 8d1d44d69ceb0a756bcf6e9d24106133
Osclass 3.4.2 Shell Upload
Posted Dec 31, 2014
Authored by EgiX

Osclass versions 3.4.2 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2014-8085
MD5 | 565d75744e6dfbe93bbf6b0a5ef4653c
Osclass 3.4.2 SQL Injection
Posted Dec 31, 2014
Authored by EgiX

Osclass versions 3.4.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-8083
MD5 | 40a49924f80fdc8f871af28198600d95
Desktop Central Add Administrator
Posted Dec 31, 2014
Authored by Pedro Ribeiro

Desktop Central versions 7 and forward suffer from an add administrator vulnerability.

tags | exploit, add administrator
advisories | CVE-2014-7862
MD5 | b60d61a41115d3cd7c6886ff1ad95235
UCell Software For ZTE Modems DLL Hijacking
Posted Dec 31, 2014
Authored by Hadji Samir

UCell Software for ZTE Modems suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 0bc4863b9981c12d616b1d2e24b9528d
Cforms 14.7 Remote Code Execution
Posted Dec 30, 2014
Authored by Zakhar Fedotkin

Cforms version 14.7 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 1ad09cf26c6262770ce28f512163c43a
iFunbox 2014 3.4.697.652 DLL Hijacking
Posted Dec 30, 2014
Authored by Hadji Samir

iFunbox 2014 version 3.4.697.652 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 3b49a3f28c9fca23d1ebc34b50135512
MobiConnect 23.009.17.00.216 Privilege Escalation / DLL Hijacking
Posted Dec 30, 2014
Authored by Hadji Samir

MobiConnect version 23.009.17.00.216 suffers from privilege escalation and DLL hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
MD5 | 3ed0c26452ce3e89f0e9064db2aaf978
WordPress RevSlider Local File Disclosure
Posted Dec 30, 2014
Authored by FarbodEZRaeL

WordPress RevSlider suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
MD5 | a320035939bf0a8a1ca05353ac91d5d3
Phoenix Service Software 2012.16.004.48159(Nokia) DLL Hijacking
Posted Dec 30, 2014
Authored by Hadji Samir

Phoenix Service Software version 2012.16.004.48159(Nokia) suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 929f9bc2b07d58d9a97353c5e4d6eb0c
iExplorer 3.6.3.0 DLL Hijacking
Posted Dec 30, 2014
Authored by Hadji Samir

iExplorer version 3.6.3.0 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 95154d524274f91adb4fe650d5861a21
ProjectSend Arbitrary File Upload
Posted Dec 29, 2014
Authored by Fady Mohammed Osman | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in ProjectSend revisions 100 to 561. The 'process-upload.php' file allows unauthenticated users to upload PHP files resulting in remote code execution as the web server user.

tags | exploit, remote, web, php, code execution, file upload
MD5 | 6132c16a9f34de6549cfc05d0921dcca
Incom CMS SQL Injection
Posted Dec 29, 2014
Authored by Xodiak

Incom CMS suffers from an authentication bypass vulnerability via remote SQL injection.

tags | exploit, remote, sql injection, bypass
MD5 | da0d3865528e19c18292a57c90698af1
Desktop Linux Password Stealer / Privilege Escalation
Posted Dec 29, 2014
Authored by Jakob Lell | Site metasploit.com

This Metasploit module steals the user password of an administrative user on a desktop Linux system when it is entered for unlocking the screen or for doing administrative actions using policykit. Then it escalates to root privileges using sudo and the stolen user password. It exploits the design weakness that there is no trusted channel for transferring the password from the keyboard to the actual password verification against the shadow file (which is running as root since /etc/shadow is only readable to the root user). Both screensavers (xscreensaver/gnome-screensaver) and policykit use a component running under the current user account to query for the password and then pass it to a setuid-root binary to do the password verification. Therefore it is possible to inject a password stealer after compromising the user account. Since sudo requires only the user password (and not the root password of the system), stealing the user password of an administrative user directly allows escalating to root privileges. Please note that you have to start a handler as a background job before running this exploit since the exploit will only create a shell when the user actually enters the password (which may be hours after launching the exploit). Using exploit/multi/handler with the option ExitOnSession set to false should do the job.

tags | exploit, shell, root
systems | linux
MD5 | 7a355a677b733a2bafc0af3d544a89a6
Ex Libris Patron Directory Services 2.1 Open Redirect
Posted Dec 29, 2014
Authored by Jing Wang

Ex Libris Patron Directory Services version 2.1 suffers from an open redirection vulnerability.

tags | exploit
advisories | CVE-2014-7294
MD5 | 152da38a0b04e65a395837219b7c3244
Ex Libris Patron Directory Services 2.1 Cross Site Scripting
Posted Dec 29, 2014
Authored by Jing Wang

Ex Libris Patron Directory Services version 2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7293
MD5 | f9a5a13195c412f5c9638a21f9dcfe78
CNN Cross Site Scripting / Open Redirect
Posted Dec 29, 2014
Authored by Jing Wang

The travel.cnn.com and ads.cnn.com sites suffer from cross site scripting and open redirection vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 004fd090a979fa4a861cfcad03e0eec1
WordPress Dmsguestbook Unauthenticated Data Injection
Posted Dec 29, 2014
Authored by Evex

WordPress Dmsguestbook plugin suffers from a remote unauthenticated data injection vulnerability.

tags | exploit, remote
MD5 | d1188bab34809f0cf26aa2d2c090f508
Page 1 of 8
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
After Indictment, Russian Hackers' Lives Changed Forever, Ex-Ambassador Says
Posted Jul 16, 2018

tags | headline, hacker, government, usa, russia, fraud, cyberwar, spyware
Can Graphical Passwords Keep Us Secure Online?
Posted Jul 16, 2018

tags | headline, data loss, password
Kodak Bitcoin Mining Scam Evaporates
Posted Jul 16, 2018

tags | headline, fraud
Russians Mined Bitcoin To Fund DNC Hack
Posted Jul 16, 2018

tags | headline, hacker, government, usa, russia, cyberwar
Mueller Indicts 12 Russian Intelligence Officers, Including Guccifer 2.0, For Hacking Democrats
Posted Jul 13, 2018

tags | headline, hacker, government, usa, russia, cyberwar, spyware, fbi
Bogus MDM System Used To Hack iPhones In India
Posted Jul 13, 2018

tags | headline, malware, phone, india, fraud, apple
Chrome Adds Ambitious Browser Mitigation For Spectre
Posted Jul 13, 2018

tags | headline, flaw, google, patch, chrome, intel
Cisco Patches High-Severity Bug In VoIP Phones
Posted Jul 13, 2018

tags | headline, flaw, patch, cisco
Ukraine Claims It Blocked VPNFilter Attack At Chemical Plant
Posted Jul 13, 2018

tags | headline, malware, cyberwar, scada
Ticketmaster Breach Part Of Massive Card Skimming Campaign
Posted Jul 12, 2018

tags | headline, hacker, privacy, bank, data loss, fraud
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close