exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 143 RSS Feed

Files

Packet Storm New Exploits For February, 2015
Posted Mar 2, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 146 exploits added to Packet Storm in February, 2015.

tags | exploit
systems | linux
SHA-256 | fe470aa6494680f0b9f1494501103139ce6bb81434637f768cd7218e7acd9df9
Loxone Smart Home CSRF / XSS / DoS / Credential Leakage
Posted Feb 28, 2015
Authored by Daniel Schwarz | Site sec-consult.com

Loxone Smart Home versions prior to 6.3 suffer from cross site request forgery, cross site scripting, poor credential handling, unencrypted transport, denial of service, and various other vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, csrf
SHA-256 | 02c29ae33d4acb1828256438a75351814733be4ec3b4087cf344e27f99e97071
HelpDezk 1.0.1 Shell Upload / Code Execution / Disclosure
Posted Feb 28, 2015
Authored by Dennis Veninga

HelpDezk version 1.0.1 suffers from remote shell upload, code execution, and information disclosure vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution, info disclosure, file upload
SHA-256 | f8dc19ca4275500ad5087257d6ee2e04da4f47a00bc656afdf5a489a70d25fd0
Tcl 1.16 Cross Site Scripting
Posted Feb 27, 2015
Authored by Ben Fuhrmannek

Tcl versions 1.0.0 through 1.16 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 730a7bdc810f6661614e8c85a4d349f300753b320e0c094481b7623cf1db1ed1
WordPress Media Cleaner 2.2.6 Cross Site Scripting
Posted Feb 27, 2015
Authored by Ismail Saygili

WordPress Media Cleaner plugin version 2.2.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d6d74a75a7b2750fa09fb305d04f9190b5b35d816ed0e17bd581dad5ccd3abf6
Electronic Arts Origin Client 9.5.5 Privilege Escalation
Posted Feb 27, 2015
Authored by LiquidWorm | Site zeroscience.mk

Electronic Arts Origin Client version 9.5.5 suffers from multiple privilege escalation vulnerabilities.

tags | exploit, vulnerability
SHA-256 | bdc4deb08d63ed9cd53fd413b95ebd3ad366bfd82c36adf13589b24c4c2719be
Jetty 9.2.8 Shared Buffer Leakage
Posted Feb 27, 2015
Authored by Stephen Komal, Gotham Digital Science

Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data from previous requests and responses submitted to the server by other users. Jetty versions 9.2.3 through 9.2.8 are affected. Proof of concept code included.

tags | exploit, remote, web, arbitrary, proof of concept, info disclosure
advisories | CVE-2015-2080
SHA-256 | 17f918c6ed7be55415f6475ca5befcbf2d795848bb2960612e998e54f15479d5
Wireless File Transfer Pro Android Cross Site Request Forgery
Posted Feb 27, 2015
Authored by Hadji Samir, Vulnerability Laboratory | Site vulnerability-lab.com

Wireless File Transfer Pro Android suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | f709cfd1847fd656f23afa2f5a198b95fcf11abe5bc5307c2b3e6986922ffa41
Data Source: Scopus CMS SQL Injection
Posted Feb 27, 2015
Authored by P0!s0nC0d3, Vulnerability Laboratory | Site vulnerability-lab.com

Data Source: Scopus CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b800f8c298aac054e854e7dff0260d6929a4378ec6d5bbeb141735b6bb249cb1
DSS TFTP 1.0 Path Traversal
Posted Feb 27, 2015
Authored by Vulnerability Laboratory, lucyoa | Site vulnerability-lab.com

DSS TFTP version 1.0 suffers from a path traversal vulnerability.

tags | exploit
SHA-256 | 1659f811ad0d86f14519c3c5d8b7cf5d0467eaa4dfccab458a7219f5b85406ad
D-Link / TRENDnet ncc2 CSRF / Unauthenticated Access
Posted Feb 27, 2015
Authored by Peter Adkins

Multiple D-Link and TRENDnet devices suffer from cross site request forgery and unauthenticated access vulnerabilities. Various proof of concepts included.

tags | exploit, vulnerability, proof of concept, csrf
SHA-256 | d86bc02a0870f2b702d8d6cfe716a8d3945f7125fd82903e1ad431ce4f504b42
Collabtive 2.0 Cross Site Scripting
Posted Feb 27, 2015
Authored by Provensec

Collabtive version 2.0 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 51dbb48d16f19915093f913e78a13762366a085517ff044dcbe854adf5fca212
Akeneo PIM Cross Site Scripting
Posted Feb 27, 2015
Authored by Provensec

Akeneo PIM suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 040796ea07e3e0dd0e31046f63c7e45cef6b91156f100b03958457fd5300859d
eFront Learning 3.6.11 Cross Site Scripting
Posted Feb 27, 2015
Authored by Provensec

eFront Learning version 3.6.11 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 003e810011af79ee652072521748cd4aa32885be460c9e002ccdbf1dd2107972
TangoBB 1.5.0-A3 Cross Site Scripting
Posted Feb 26, 2015
Authored by Dennis Veninga

TangoBB version 1.5.0-A3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f14175c8ce177339644aee54e883870979db753dec8cfea37dfd6eec3d7e585d
Enano CMS 1.1.8pl1 Cross Site Scripting
Posted Feb 26, 2015
Authored by Dennis Veninga

Enano CMS version 1.1.8pl1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 77dfeefd90af3bf96609dca951ae09bcd4a7461ee0b4f68b894ccb8f1404c368
Cisco Ironport AsyncOS Cross Site Scripting
Posted Feb 25, 2015
Authored by Glafkos Charalambous

Cisco Ironport AsyncOS suffers from a cross site scripting vulnerability.

tags | exploit, xss
systems | cisco
advisories | CVE-2013-6780
SHA-256 | 625b938af5a85150b1a3686a1b0c965a9c909143433e02e16ae80a36174e5eb6
Ubisoft Uplay 5.0 Insecure File Permissions Local Privilege Escalation
Posted Feb 25, 2015
Authored by LiquidWorm | Site zeroscience.mk

Uplay for PC suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Users' group, making the entire directory 'Ubisoft Game Launcher' and its files and sub-dirs world-writable.

tags | exploit
SHA-256 | b8335176b54b66e8cbb9f9a3685e9203b083052ec2400eff910c1f08c844eedb
Cisco Ironport AsyncOS HTTP Header Injection
Posted Feb 25, 2015
Authored by Glafkos Charalambous

Cisco Ironport AsyncOS suffers from an HTTP header injection vulnerability.

tags | exploit, web
systems | cisco
advisories | CVE-2015-0624
SHA-256 | c57f9ad771a935b26f475d6d4926fe8d395da5205e4f888e8087a2c7dc97b1fa
SAP Business Objects Unauthorized File Repository Server Write
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows the writing of any file stored in the FRS without authentication.

tags | exploit
advisories | CVE-2015-2074
SHA-256 | 6de1db17a1a2cda52de24f00a98b3c5ab4bc5bda19395ccb1ab6ba6fee7121db
SAP Business Objects Unauthorized File Repository Server Read
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file stored in the FRS without authentication.

tags | exploit
advisories | CVE-2015-2073
SHA-256 | b91a029e7d55f1eaea5057b797bcbd5e83fb1e529410c558e0665b49ecab34ea
SEO Toaster E-Commerce 2.2.0 Cross Site Scripting
Posted Feb 25, 2015
Authored by Ankit Bharathan

SEO Toaster E-Commerce version 2.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 24bbaf5076666acb1c082a4015e52f5e8aa9a9c44a370c866f118c741c285a66
Webgate Buffer Overflow
Posted Feb 24, 2015
Authored by Praveen Darshanam

Various Webgate technology suffers from multiple buffer overflow vulnerabilities.

tags | exploit, overflow, vulnerability
SHA-256 | 6d6a87e39a520ec98120ccff8b68f26b54ef6465769b821e910397fd5a27aa7e
EVO-CMS 2.1.0 Cross Site Request Forgery
Posted Feb 24, 2015
Authored by Provensec

EVO-CMS version 2.1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 66e5f8134ad653e12601254b070187c2490a4f4b12edc64f2234aa3bbaa5b11e
WordPress Holding Pattern Theme Arbitrary File Upload
Posted Feb 24, 2015
Authored by Alexander Borg | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in all versions of the Holding Pattern theme found in the upload_file.php script which contains no session or file validation. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server.

tags | exploit, web, php, file upload
advisories | CVE-2015-1172
SHA-256 | ee5df7dbf0ac4eac44f2ff30e728e5eeff13120951dead86a3ad506611178a0b
Page 1 of 6
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close