Exploit the possiblities
Showing 1 - 25 of 188 RSS Feed

Files

Packet Storm New Exploits For January, 2015
Posted Feb 2, 2015
Authored by Todd J. | Site packetstormsecurity.org

This archive contains all of the 187 exploits added to Packet Storm in January, 2015.

tags | exploit
systems | linux
MD5 | 78a0ede9b22751ec549b10e5adda4798
SnipSnap 0.5.2a / 1.0b1 / 1.0b2 Cross Site Scripting
Posted Jan 31, 2015
Authored by Jing Wang

SnipSnap versions 0.5.2a, 1.0b1, and 1.0b2 suffer from a cross site scripting vulnerability. This vulnerability was already previously discovered by Sony in February of 2012.

tags | exploit, xss
advisories | CVE-2014-9559
MD5 | fa2e507ffc3438c9e2dcf8de61042fa8
ZeroCMS 1.3.3 SQL Injection
Posted Jan 31, 2015
Authored by Steffen Roesemann

ZeroCMS versions 1.3.3 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ab025f335c41bc390772c835e45a26a0
SIPhone Enterprise PBX SQL Injection
Posted Jan 31, 2015
Authored by BaD-HaCKeR-MaN

SIPhone Enterprise PBX suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | fdd9f4a6b02e42ee298125dee1968950
Asus RT-N10 Plus Cross Site Scripting
Posted Jan 30, 2015
Authored by Kaustubh G. Padwad

Asus RT-N10 Plus with firmware version 2.1.1.1.70 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | cbd31adcbb31f787ab3a7f9c44d83530
Symantec Encryption Management Server Remote Command Injection
Posted Jan 30, 2015
Authored by Paul Craig from Vantage Point

Symantec Encryption Management Server versions prior to 3.2.0 MP6 suffers from a remote command injection vulnerability.

tags | exploit, remote
MD5 | 50510916c10731276008f34f7d1f6764
NPDS CMS Revolution-13 SQL Injection
Posted Jan 30, 2015
Authored by Nahendra Bhati

NPDS CMS Revolution-13 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-1400
MD5 | 6ffe620b7668bd0453350f6674aa844d
McAfee Data Loss Prevention Endpoint Privilege Escalation
Posted Jan 30, 2015
Authored by Parvez Anwar

McAfee Data Loss Prevention Endpoint version 9.3.200.23 suffers from an arbitrary write privilege escalation vulnerability.

tags | exploit, arbitrary
advisories | CVE-2015-1305
MD5 | 92a10ae42d3ddfdec969f1c581b2ee81
Kaseya Browser 7.0 Android Path Traversal
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

This advisory details a vulnerability found within Kaseya Browser Android application. A path traversal vulnerability was discovered within an exported content provider, resulting in the disclosure of arbitrary files, including internal application files.

tags | exploit, arbitrary, file inclusion
MD5 | e96819aa7e39e1623c71e59dd7bf05a2
MantisBT 1.2.17 XSS / Improper Access Control / SQL Injection
Posted Jan 29, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

MantisBT version 1.2.17 suffers from improper access control, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2014-9571, CVE-2014-9572, CVE-2014-9573
MD5 | 0f926f4efcc5bff0d41478179110cb8b
Kaseya BYOD Gateway 7.0.2 SSL Certificate Validation / Redirection
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

This advisory details multiple vulnerabilities found within the Kaseya BYOD Gateway software. By chaining a combination of lacking SSL verification, poor authentication mechanisms and arbitrary redirection vulnerabilities, a malicious entity may potentially compromise any Kaseya BYOD installation. The Kaseya BYOD Gateway software uses a redirection feature, wherein users are redirected to their local Kaseya installation via Kaseya's hosted servers. The update request from the BYOD Gateway software to the Kaseya hosted servers was not found to verify SSL certificates and fails to implement any form of authentication, instead relying on the length of the gateway identifier to provide security. Thus, the security of the solution depends on an attacker's ability to enumerate the gateway identifier. Once a malicious user enumerates the Gateway identifier, then they may update the redirect rule for that customer in Kaseya's hosted servers, redirecting customers to a malicious Kaseya BYOD Gateway. Version 7.0.2 is affected.

tags | exploit, arbitrary, local, vulnerability
MD5 | f01ce6f62fb92059c9e3299103497252
ManageEngine Firewall Analyzer 8.0 Directory Traversal / XSS
Posted Jan 29, 2015
Authored by AmirHadi Yazdani

ManageEngine Firewall Analyzer versions 8.0 and below suffer from cross site scripting and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion
MD5 | 04ac1879cf9ea965ae56ccf68f19beaa
AirWatch Direct Object Reference
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

Multiple direct object reference vulnerabilities were found within the AirWatch cloud console. VMWare advised that these issues also affect on-premise AirWatch deployments. A malicious AirWatch user may leverage several direct object references to gain access to information regarding other AirWatch customers using the AirWatch cloud. This includes viewing groups and downloading private APKs belonging to other organizations.

tags | exploit, vulnerability
advisories | CVE-2014-8372
MD5 | 16402408cf32772e47bf2b7787d201e9
UniPDF 1.1 Buffer Overflow / Denial Of Service
Posted Jan 29, 2015
Authored by bonze

UniPDF version 1.1 suffers from a buffer overflow vulnerability. This is a SEH overwrite denial of service proof of concept exploit.

tags | exploit, denial of service, overflow, proof of concept
MD5 | 3567d3488c7e7994235e9055a8ccd583
ClearSCADA Remote Authentication Bypass
Posted Jan 29, 2015
Authored by Jeremy Brown

There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in dbserver.exe and taking advantage of the way the program handles it.

tags | exploit, bypass
advisories | OSVDB-75022
MD5 | 5a91b8965b0bd7e42547ec87525ee02b
ManageEngine File Download / Content Disclosure / SQL Injection
Posted Jan 29, 2015
Authored by Pedro Ribeiro

ManageEngine OpManager, Applications Manager, and IT360 suffer from arbitrary file download, directory content disclosure, and blind SQL injection vulnerabilities.

tags | exploit, arbitrary, vulnerability, sql injection, info disclosure
MD5 | 7aea427606c71aefe920fb9e4aecca03
Fortinet FortiOS Denial Of Service / Man-In-The-Middle
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

Fortinet FortiOS with firmware 5.0 build 4457 (GA Patch 7) suffers from a CAPWAP daemon DTLS denial of service vulnerability and man-in-the-middle vulnerability.

tags | exploit, denial of service
MD5 | a9dedd6e1c4147dde2d00cbc2fb24a8d
Fortinet FortiClient Hardcoded Encryption Keys / Broken SSL Validation
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

Fortinet FortiClient suffers from broken SSL certificate validation and hardcoded encryption key vulnerabilities. This affects FortiClient iOS version 5.2.028 and FortiClient Android version 5.2.3.091.

tags | exploit, vulnerability
systems | ios
MD5 | 165be4326ff765a2f8b3e6f66ea742f2
Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation
Posted Jan 29, 2015
Authored by Matthew Bergin

The tcpip.sys driver fails to sufficiently validate memory objects used during the processing of a user-provided IOCTL. By crafting an input buffer that will be passed to the Tcp device through the NtDeviceIoControlFile() function, it is possible to trigger a vulnerability that would allow an attacker to elevate privileges. Proof of concept exploit included.

tags | exploit, tcp, proof of concept
systems | windows
advisories | CVE-2014-4076
MD5 | 0e5bf58c3098f957d7ea2adc3e6e6f15
SupportCenter Plus 7.9 Cross Site Scripting
Posted Jan 29, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

SupportCenter Plus version 7.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-0866
MD5 | 3306c865509986287cb55b1b20ef2c3b
Fortinet FortiAuthenticator XSS / Disclosure / Bypass
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

Fortinet FortiAuthenticator suffers from subshell bypass, cross site scripting, password disclosure, and file disclosure vulnerabilities.

tags | exploit, vulnerability, xss, bypass, info disclosure
MD5 | 270d639454c304a12962e27aed9c393d
Blubrry PowerPress 6.0 Cross Site Scripting
Posted Jan 29, 2015
Authored by Onur YILMAZ, Omar Kurt

Blubrry PowerPress version 6.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-1385
MD5 | f4a8e136653f992faa6c8024a4f986d9
Cisco Meraki Systems Manager CSRF / XSS / Functionality Abuse
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

Cisco Meraki Systems Manager suffers from cross site request forgery, abuse of functionality, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
systems | cisco
MD5 | 5c7face724c8332f8bd26ef26486f624
WordPress Geo Mashup 1.8.2 Cross Site Scripting
Posted Jan 29, 2015
Authored by Paolo Perego

WordPress Geo Mashup plugin versions 1.8.2 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-1383
MD5 | 947ded67623bf53bd779ffc01f5d040f
WordPress Photo Gallery 1.2.8 Cross Site Scripting
Posted Jan 29, 2015
Authored by Sven Schleier

WordPress Photo Gallery plugin version 1.2.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-1394
MD5 | 4326e9146ba7249bcc77a0a44bb45744
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close