Exploit the possiblities
Showing 1 - 25 of 184 RSS Feed

Files

Packet Storm New Exploits For 2014
Posted Jan 3, 2015
Authored by Todd J. | Site packetstormsecurity.org

Complete comprehensive archive of all 1,915 exploits added to Packet Storm in 2014.

tags | exploit
systems | linux
MD5 | 5d8dfaace265e744db58310fb34aba75
Packet Storm New Exploits For December, 2014
Posted Jan 3, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 181 exploits added to Packet Storm in December, 2014.

tags | exploit
systems | linux
MD5 | 6dba0e9e36b2f0377ddbd4128d59cad4
Symantec Web Gateway 5.2.1 OS Command Injection
Posted Dec 31, 2014
Authored by EgiX

Symantec Web Gateway versions 5.2.1 and below suffer from a remote OS command injection vulnerability.

tags | exploit, remote, web
advisories | CVE-2014-7285
MD5 | 273c532a1992d8c9055fb637dae33ffc
GetSimple CMS 3.3.4 XML External Entity Injection
Posted Dec 31, 2014
Authored by EgiX

GetSimple CMS versions 3.1.1 through 3.3.4 suffer from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2014-8790
MD5 | b8ab5de12acbf7ab9f48c19dcb966947
Absolut Engine 1.73 Cross Site Scripting / SQL Injection
Posted Dec 31, 2014
Authored by Steffen Roesemann

CMS Absolute Engine version 1.73 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 5530d741598ceedde7cc2793632e3839
i-FTP 2.20 Schedule Buffer Overflow
Posted Dec 31, 2014
Authored by Gabor Seljan, metacom | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in i-Ftp version 2.20, caused by a long time value set for scheduled download. By persuading the victim to place a specially-crafted Schedule.xml file in the i-FTP folder, a remote attacker could execute arbitrary code on the system or cause the application to crash. This Metasploit module has been tested successfully on Windows XP SP3.

tags | exploit, remote, overflow, arbitrary
systems | windows, xp
MD5 | 91faa2a1b6eebff51d22ba13f4275a3f
Mantis Bug Tracker 1.2.17 PHP Code Injection
Posted Dec 31, 2014
Authored by EgiX

Mantis Bug Tracker versions 1.2.0 through 1.2.17 suffer from a PHP code injection vulnerability.

tags | exploit, php
advisories | CVE-2014-7146
MD5 | 673ab348d712c0f346dee0bed801dc1b
Osclass 3.4.2 Local File Inclusion
Posted Dec 31, 2014
Authored by EgiX

Osclass versions 3.4.2 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2014-8084
MD5 | 8d1d44d69ceb0a756bcf6e9d24106133
Osclass 3.4.2 Shell Upload
Posted Dec 31, 2014
Authored by EgiX

Osclass versions 3.4.2 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2014-8085
MD5 | 565d75744e6dfbe93bbf6b0a5ef4653c
Osclass 3.4.2 SQL Injection
Posted Dec 31, 2014
Authored by EgiX

Osclass versions 3.4.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-8083
MD5 | 40a49924f80fdc8f871af28198600d95
Desktop Central Add Administrator
Posted Dec 31, 2014
Authored by Pedro Ribeiro

Desktop Central versions 7 and forward suffer from an add administrator vulnerability.

tags | exploit, add administrator
advisories | CVE-2014-7862
MD5 | b60d61a41115d3cd7c6886ff1ad95235
UCell Software For ZTE Modems DLL Hijacking
Posted Dec 31, 2014
Authored by Hadji Samir

UCell Software for ZTE Modems suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 0bc4863b9981c12d616b1d2e24b9528d
Cforms 14.7 Remote Code Execution
Posted Dec 30, 2014
Authored by Zakhar Fedotkin

Cforms version 14.7 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 1ad09cf26c6262770ce28f512163c43a
iFunbox 2014 3.4.697.652 DLL Hijacking
Posted Dec 30, 2014
Authored by Hadji Samir

iFunbox 2014 version 3.4.697.652 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 3b49a3f28c9fca23d1ebc34b50135512
MobiConnect 23.009.17.00.216 Privilege Escalation / DLL Hijacking
Posted Dec 30, 2014
Authored by Hadji Samir

MobiConnect version 23.009.17.00.216 suffers from privilege escalation and DLL hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
MD5 | 3ed0c26452ce3e89f0e9064db2aaf978
WordPress RevSlider Local File Disclosure
Posted Dec 30, 2014
Authored by FarbodEZRaeL

WordPress RevSlider suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
MD5 | a320035939bf0a8a1ca05353ac91d5d3
Phoenix Service Software 2012.16.004.48159(Nokia) DLL Hijacking
Posted Dec 30, 2014
Authored by Hadji Samir

Phoenix Service Software version 2012.16.004.48159(Nokia) suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 929f9bc2b07d58d9a97353c5e4d6eb0c
iExplorer 3.6.3.0 DLL Hijacking
Posted Dec 30, 2014
Authored by Hadji Samir

iExplorer version 3.6.3.0 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 95154d524274f91adb4fe650d5861a21
ProjectSend Arbitrary File Upload
Posted Dec 29, 2014
Authored by Fady Mohammed Osman | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in ProjectSend revisions 100 to 561. The 'process-upload.php' file allows unauthenticated users to upload PHP files resulting in remote code execution as the web server user.

tags | exploit, remote, web, php, code execution, file upload
MD5 | 6132c16a9f34de6549cfc05d0921dcca
Incom CMS SQL Injection
Posted Dec 29, 2014
Authored by Xodiak

Incom CMS suffers from an authentication bypass vulnerability via remote SQL injection.

tags | exploit, remote, sql injection, bypass
MD5 | da0d3865528e19c18292a57c90698af1
Desktop Linux Password Stealer / Privilege Escalation
Posted Dec 29, 2014
Authored by Jakob Lell | Site metasploit.com

This Metasploit module steals the user password of an administrative user on a desktop Linux system when it is entered for unlocking the screen or for doing administrative actions using policykit. Then it escalates to root privileges using sudo and the stolen user password. It exploits the design weakness that there is no trusted channel for transferring the password from the keyboard to the actual password verification against the shadow file (which is running as root since /etc/shadow is only readable to the root user). Both screensavers (xscreensaver/gnome-screensaver) and policykit use a component running under the current user account to query for the password and then pass it to a setuid-root binary to do the password verification. Therefore it is possible to inject a password stealer after compromising the user account. Since sudo requires only the user password (and not the root password of the system), stealing the user password of an administrative user directly allows escalating to root privileges. Please note that you have to start a handler as a background job before running this exploit since the exploit will only create a shell when the user actually enters the password (which may be hours after launching the exploit). Using exploit/multi/handler with the option ExitOnSession set to false should do the job.

tags | exploit, shell, root
systems | linux
MD5 | 7a355a677b733a2bafc0af3d544a89a6
Ex Libris Patron Directory Services 2.1 Open Redirect
Posted Dec 29, 2014
Authored by Jing Wang

Ex Libris Patron Directory Services version 2.1 suffers from an open redirection vulnerability.

tags | exploit
advisories | CVE-2014-7294
MD5 | 152da38a0b04e65a395837219b7c3244
Ex Libris Patron Directory Services 2.1 Cross Site Scripting
Posted Dec 29, 2014
Authored by Jing Wang

Ex Libris Patron Directory Services version 2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7293
MD5 | f9a5a13195c412f5c9638a21f9dcfe78
CNN Cross Site Scripting / Open Redirect
Posted Dec 29, 2014
Authored by Jing Wang

The travel.cnn.com and ads.cnn.com sites suffer from cross site scripting and open redirection vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 004fd090a979fa4a861cfcad03e0eec1
WordPress Dmsguestbook Unauthenticated Data Injection
Posted Dec 29, 2014
Authored by Evex

WordPress Dmsguestbook plugin suffers from a remote unauthenticated data injection vulnerability.

tags | exploit, remote
MD5 | d1188bab34809f0cf26aa2d2c090f508
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Germany Urges Parents To Destroy Snooping Smartwatches
Posted Nov 20, 2017

tags | headline, privacy, germany
Drone Maker Makes Hacking Accusations
Posted Nov 20, 2017

tags | headline, hacker, flaw
DNS Resolver 9.9.9.9 Will Check Requests Against IBM Threat Database
Posted Nov 20, 2017

tags | headline, malware, dns
F5 DROWNing, Not Waving, In Crypto Fail
Posted Nov 20, 2017

tags | headline, flaw, cryptography
Cap'n Crunch Booted From Conferences Due To Sexual Misconduct Claims
Posted Nov 18, 2017

tags | headline, hacker, phone, conference
3 More Android Malware Families Invade Google Play Store
Posted Nov 18, 2017

tags | headline, malware, phone, google
Shamed TLS/SSL Cert Authority StartCom To Shut Up Shop
Posted Nov 18, 2017

tags | headline, privacy, data loss, flaw, cryptography
Massive US Military Social Media Spying Archive Left Wide Open In AWS S3 Buckets
Posted Nov 18, 2017

tags | headline, government, privacy, usa, amazon, data loss, flaw, spyware, social
NYPD Cops Need A Warrant To Snoop On Your Phone
Posted Nov 17, 2017

tags | headline, government, privacy, usa, phone
Oracle Scrambles To Fix Security Flaws In Tuxedo
Posted Nov 17, 2017

tags | headline, database, flaw, oracle
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close