exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 143 RSS Feed

Files

HP Client Automation Command Injection
Posted Feb 24, 2015
Authored by juan vazquez, Ben Turner | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on HP Client Automation, distributed actually as Persistent Systems Client Automation. The vulnerability exists in the Notify Daemon (radexecd.exe), which doesn't authenticate execution requests by default neither. This Metasploit module has been tested successfully on HP Client Automation 9.00 over Windows 2003 SP2 and CentOS 5.

tags | exploit
systems | linux, windows, centos
advisories | CVE-2015-1497
SHA-256 | d843ef58af2b82e590925f0a42de6759952ad10722aca5dd7bb3fdf81fef83ab
Zeuscart 4 Cross Site Scripting / SQL Injection
Posted Feb 23, 2015
Authored by Steffen Roesemann

Zeuscart version 4 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 83fe2ac3fff4f7dd6763b128da0c9fc09bb6c126b4c892de632011dd0205f869
WordPress Admin Shell Upload
Posted Feb 23, 2015
Authored by Rob Carr | Site metasploit.com

This Metasploit module will generate a plugin, pack the payload into it and upload it to a server running WordPress providing valid admin credentials are used.

tags | exploit
SHA-256 | a2b4ca412d9f29c4356c655f0f95dafeadc83a07afc9bdd472d5188927e91f03
Kony EMM 1.2 Insecure Direct Object Reference
Posted Feb 23, 2015
Authored by Michael Hendrickx

Kony EMM version 1.2 suffers from an insecure direct object reference vulnerability.

tags | exploit
advisories | CVE-2014-8487
SHA-256 | 4ae88ded8493b490c6e43fa9c02849c47b3dc15fefa544ac71e8150dee3bae25
MyConnection Server 8.2b Cross Site Scripting
Posted Feb 23, 2015
Authored by Kenneth F. Belva

MyConnection Server version 8.2b suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-2043
SHA-256 | c9ab77625e1367cca46f4d58fe3c3178212c8c6049ec8e802f27e40fb5e81473
Zabbix 2.0.5 Password Disclosure
Posted Feb 23, 2015
Authored by Pablo Gonzalez | Site metasploit.com

Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.

tags | exploit, remote, info disclosure
advisories | CVE-2013-5572, OSVDB-97811
SHA-256 | 327557842dd7782175a33303962605165ac096158c48e68bfc6b59817ebd0933
xaviershay-dm-rails 0.10.3.8 MySQL Credential Disclosure
Posted Feb 22, 2015
Authored by Larry W. Cashdollar

xaviershay-dm-rails 0.10.3.8 suffers from a MySQL credential disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 35e1d1923fcb9cbedc88f92f321c4d39b8695274a52d7b4326b6010d8c0151d5
WeBid 1.1.1 Unrestricted File Upload
Posted Feb 21, 2015
Authored by CWH Underground

WeBid version 1.1.1 suffers from an unrestricted file upload vulnerability.

tags | exploit, file upload
SHA-256 | 0a29501b52601df8e1a2c36d36023a6d23b42554cdc2393e27eeb09b58827dcd
WordPress ADPlugg 1.1.33 Cross Site Scripting
Posted Feb 21, 2015
Authored by Kaustubh G. Padwad

WordPress ADPlugg plugin version 1.1.33 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 415920191d7780c63381322152622b9cf64d89a50a07bd324e8362f21f50bf6f
Samsung iPolis Buffer Overflow
Posted Feb 21, 2015
Authored by Praveen Darshanam

Samsung iPolis suffers from a buffer overflow vulnerability in XnsSdkDeviceIpInstaller.ocx.

tags | exploit, overflow
advisories | CVE-2015-0555
SHA-256 | b6d6a1c2a12ac249535847b900730cc7783217dd0b10561a9b461f6096e66d01
Clipbucket 2.7.0.4.v2929-rc3 Blind SQL Injection
Posted Feb 20, 2015
Authored by CWH Underground

Clipbucket version 2.7.0.4.v2929-rc3 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-2102
SHA-256 | f9100e2bf9451bea1a2cc28324f069af76f121782cfc3f115453c63ed3703a94
PHP DateTimeZone Type Confusion Infoleak
Posted Feb 20, 2015
Authored by Taoguang Chen

PHP versions below 5.6.6, below 5.5.22, and below 5.4.38 suffer from a type confusion information leak in DateTimeZone.

tags | exploit, php
SHA-256 | 960a07af7fc962fbbbd63879673d29572b4d34a6892640c9968ebecc39750216
PHP DateTime Use-After-Free
Posted Feb 20, 2015
Authored by Taoguang Chen

PHP versions below 5.6.6, below 5.5.22, and below 5.4.38 suffer from a use-after-free vulnerability in DateTime.

tags | exploit, php
advisories | CVE-2015-0273
SHA-256 | a243dbfd64f8ccb636b6f3bfc76ae91d623d78d08de0e0aa1aeff9c533da6157
Javascript Injection For Eval-Based Unpackers
Posted Feb 19, 2015
Authored by joev | Site metasploit.com

This Metasploit module generates a Javascript file that executes arbitrary code when an eval-based unpacker is run on it. Works against js-beautify's P_A_C_K_E_R unpacker.

tags | exploit, arbitrary, javascript
SHA-256 | 194f0e7d20b41bd0f60332ef1dde95810fea4f44e8d6390c5cd8dd449d473c9b
phpBugTracker 1.6.0 CSRF / XSS / SQL Injection
Posted Feb 19, 2015
Authored by Steffen Roesemann

phpBugTracker version 1.6.0 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | 80141a2040b6e83e1773fa82844b97f72955d8ce941b04a67be80c1a64d74097
WordPress Easy Social Icons 1.2.2 CSRF / XSS
Posted Feb 19, 2015
Authored by Eric Flokstra

WordPress Easy Social Icons plugin version 1.2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | fd957c35e50224cc064e2cf7276a9291121981439577b9efd85ab12f511589c2
4images Cross Site Scripting / Clickjacking
Posted Feb 19, 2015
Authored by Provensec

4images suffers from cross site scripting and clickjacking vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 09c4abaa255db0a37a4f9f84e77c05b488e33ba4523376c67742e931a2cd42b2
WordPress WooCommerce 2.2.10 Cross Site Scripting
Posted Feb 19, 2015
Authored by Eric Flokstra

WordPress WooCommerce plugin version 2.2.10 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3050b4f52a9bef799cfb09247cc5c4345f9a7d45e75923cfb83f6d4f552d9cff
MyBB 1.8.3 Cross Site Scripting
Posted Feb 19, 2015
Authored by Steffen Roesemann

MyBB version 1.8.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1d47711226472947526b8fac23169ceec888526e58a712734ce421ea17a18d26
Hybris Commerce Software Suite 5.x File Disclosure / Traversal
Posted Feb 18, 2015
Site redteam-pentesting.de

Various Hybris Commerce Software Suite 5.x releases suffer from a directory traversal vulnerability that allows for arbitrary file disclosure.

tags | exploit, arbitrary
advisories | CVE-2014-8871
SHA-256 | 17b94928a6a0b7178ed197b19f76f4af812b8e169995b757edc5833a7ce479d2
jQuery jui_filter_rules PHP Code Execution
Posted Feb 18, 2015
Authored by Timo Schmid

The jQuery jui_filter_rules parsing library suffers from an arbitrary php remote code execution vulnerability.

tags | exploit, remote, arbitrary, php, code execution
SHA-256 | 131a9fd0e0fc4c224e84111b39ffb97b81febd81cf27c8d5d9d53012bf8b05a3
InstantASP InstantForum.NET 3.x / 4.x Cross Site Scripting
Posted Feb 18, 2015
Authored by Jing Wang

InstantASP InstantForum.NET versions 3.4.0, 4.0.0, 4.1.0, 4.1.1, 4.1.2, and 4.1.3 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-9468
SHA-256 | 198979dff8c07522717738454f6462a6ff57118fb83d630a79ed893092c24062
Piwigo 2.7.3 SQL Injection
Posted Feb 18, 2015
Authored by Sven Schleier

Piwigo version 2.7.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-1517
SHA-256 | 4f89c8ae87708c11b47721a446fb545ef18c11237e913f40918d5b424441273a
WordPress Duplicator 0.5.8 Privilege Escalation
Posted Feb 18, 2015
Authored by Kacper Szurek

WordPress Duplicator plugin version 0.5.8 suffers from a backup related vulnerability that allows for privilege escalation.

tags | exploit
SHA-256 | 2686c6ec8e9b41b2a83e9491f36cd0847817a7f345ec9514fe10d88a6c1b1be1
DLGuard 4.5 SQL Injection
Posted Feb 18, 2015
Authored by Jing Wang

DLGuard version 4.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c61b126e13f55a698c9e09df95b5f1969f77439a275c7f851da9aa42a597b00d
Page 2 of 6
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close