accept no compromises
Showing 1 - 25 of 224 RSS Feed

Files

Packet Storm New Exploits For March, 2015
Posted Apr 1, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains 224 exploits that were added to Packet Storm in March, 2015.

tags | exploit
systems | linux
MD5 | 4e7b9eb1c34e67825729e2b496930a00
Adobe Flash Player ByteArray With Workers Use After Free
Posted Mar 30, 2015
Authored by juan vazquez, temp66, hdarwin | Site metasploit.com

This Metasploit module exploits an use after free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, who can fill the memory and notify the main thread to corrupt the new contents. This Metasploit module has been tested successfully on Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.296.

tags | exploit
systems | windows, 7
advisories | CVE-2015-0313
MD5 | 607a862ce32fda6ff085d1672dae217b
Windows Run Command As User
Posted Mar 30, 2015
Authored by Ben Campbell, Kx499 | Site metasploit.com

This Metasploit module will login with the specified username/password and execute the supplied command as a hidden process. Output is not returned by default. Unless targetting a local user either set the DOMAIN, or specify a UPN user format (e.g. user@domain). This uses the CreateProcessWithLogonW WinAPI function. A custom command line can be sent instead of uploading an executable. APPLICAITON_NAME and COMMAND_LINE are passed to lpApplicationName and lpCommandLine respectively. See the MSDN documentation for how these two values interact.

tags | exploit, local
MD5 | 7d3f40f88e66db3180d5a532980b66df
JBoss JMXInvokerServlet Remote Command Execution
Posted Mar 30, 2015
Authored by Luca Carettoni

This code exploits a common misconfiguration in JBoss Application Server. Whenever the JMX Invoker is exposed with the default configuration, a malicious "MarshalledInvocation" serialized Java object allows to execute arbitrary code. This exploit works even if the "Web-Console" and the "JMX Console" are protected or disabled.

tags | exploit, java, web, arbitrary
MD5 | 86630ac41a1f6448e3fd55661ed8a482
Palo Alto Traps Server 3.1.2.1546 Cross Site Scripting
Posted Mar 30, 2015
Authored by Michael Hendrickx

Palo Alto Traps Server (formerly Cyvera Endpoint Protection) version 3.1.2.1546 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-2223
MD5 | cd011bf4408b28ad0bb4b8135e932f61
Fedora 12 setroubleshootd Local Root Proof Of Concept
Posted Mar 30, 2015
Authored by Sebastian Krahmer

Fedora 21 setroubleshootd local root proof of concept exploit.

tags | exploit, local, root, proof of concept
systems | linux, fedora
MD5 | c01050fd0c33898ccd770a2b60b154e4
FiyoCMS 2.0.1.8 XSS / SQL Injection / URL Bypass
Posted Mar 30, 2015
Authored by Mahendra

FiyoCMS version 2.0.1.8 suffers from url bypass, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, bypass
advisories | CVE-2014-9145, CVE-2014-9146, CVE-2014-9147, CVE-2014-9148
MD5 | 53c5971155badeea69b727bdb699fc64
Joomla Gallery WD SQL Injection
Posted Mar 30, 2015
Authored by CrashBandicot

Joomla Gallery WD component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b1912482dbb07c7b5f977d42b12a7a20
Joomla Contact Form Maker 1.0.1 SQL Injection
Posted Mar 29, 2015
Authored by TUNISIAN CYBER

Joomla Contact Form Maker component version 1.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 695fbfec211f60584826737747dcb384
WebDepo CMS SQL Injection
Posted Mar 29, 2015
Authored by Cleiton Pinheiro

WebDepo CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e3c05019195fc94950b3412a5a942be0
ProjectPier 0.8.8 SP2 Cross Site Scripting
Posted Mar 29, 2015
Authored by Jaydeep Dave

ProjectPier version 0.8.8 SP2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 99ab941866018b706893a3d9ab3a2016
HTTrack Website Copier 3.48-21 DLL Hijacking
Posted Mar 29, 2015
Authored by TUNISIAN CYBER

HTTrack Website Copier version 3.48-21 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | dcd25e46743771bd0a3793e3850cd5ce
WordPress Aspose Importer / Exporter 1.0 File Download
Posted Mar 29, 2015
Authored by Ashiyane Digital Security Team

WordPress Aspose Importer and Exporter plugin version 1.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | 8180538334742de4c0ec93a3d7a2badb
BZR Player 1.03 DLL Hijacking
Posted Mar 29, 2015
Authored by TUNISIAN CYBER

BZR Player version 1.03 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 0e1d66f59f221cbe033a24daf2952fe9
UltraISO 9.6.2.3059 DLL Hijacking
Posted Mar 29, 2015
Authored by TUNISIAN CYBER

UltraISO version 9.6.2.3059 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 19d1d4d28d1001d9d4a361d1d0ce2e03
WordPress Aspose PDF Exporter File Download
Posted Mar 29, 2015
Authored by Ashiyane Digital Security Team

WordPress Aspose PDF Exporter plugin suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | f18a521d0c3875c639615694887e5a6b
WordPress Aspose Doc Exporter File Download
Posted Mar 29, 2015
Authored by Ashiyane Digital Security Team, ACC3SS

WordPress Aspose Doc Exporter plugin suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | 15c8011c63f7cf4f58602526288e068f
ZIP Password Recovery Professional 7.1 DLL Hijacking
Posted Mar 29, 2015
Authored by TUNISIAN CYBER

ZIP Password Recovery Professional version 7.1 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 3b0367bf3632cfb490f500da983d4e53
GoAhead 3.4.1 Heap Overflow / Traversal
Posted Mar 28, 2015
Authored by Matthew Daley

GoAhead web server versions 3.0.0 through 3.4.1 suffers from heap overflow and directory traversal vulnerabilities.

tags | exploit, web, overflow, vulnerability, file inclusion
advisories | CVE-2014-9707
MD5 | 0e112907cdfd966046f30d6d0fea063c
Appweb Web Server Denial Of Service
Posted Mar 28, 2015
Authored by Matthew Daley

Appweb Web Server suffers from a denial of service vulnerability.

tags | exploit, web, denial of service
advisories | CVE-2014-9708
MD5 | 50ef86cf238ee618e4cc2c09ac6169d9
WordPress Google Map Travel 3.4 XSS / CSRF
Posted Mar 28, 2015
Authored by Kaustubh G. Padwad

WordPress AB Google Map Travel (AB-MAP) plugin version 4.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2015-2755
MD5 | 4e136df0edf911a0cfccfb3f4ad7a168
Manage Engine Desktop Central 9 Unauthorized Administrative Password Reset
Posted Mar 27, 2015

A remote unauthenticated user can change the password of any Manage Engine Desktop Central user with the Administrator role (DCAdmin).

tags | exploit, remote
advisories | CVE-2015-2560
MD5 | 7240189a57fd5c2d8a5ae36d5098adac
WebGate WinRDS 2.0.8 StopSiteAllChannel Stack Overflow
Posted Mar 27, 2015
Authored by Praveen Darshanam

WebGate WinRDS version 2.0.8 suffers from a StopSiteAllChannel stack overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2015-2094
MD5 | a7690e63c750714527b4f9c1cfebef5c
Internet Download Manager 6.20 Local Buffer Overflow
Posted Mar 27, 2015
Authored by TUNISIAN CYBER

Internet Download Manager version 6.20 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
MD5 | ec11f85037c43e91adc23ab723fd43bf
AfterLogic WebMail Lite Authentication Bypass
Posted Mar 27, 2015
Authored by Paulos Yibelo

AfterLogic WebMail Lite allows for an unauthenticated user to set an administrative password.

tags | exploit, bypass
MD5 | 4d87f913808ad9ff44266e63485355e5
Page 1 of 9
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
UK TV Drama About North Korea Hit By Hackers
Posted Oct 17, 2017

tags | headline, hacker, government, britain, cyberwar, korea
Russia Tweaks Telegram With Tiny Fine For Decryption Denial
Posted Oct 17, 2017

tags | headline, government, privacy, russia, cryptography
Never Mind The WPA2 Drama... Details Emerge Of TPM Key Fail
Posted Oct 17, 2017

tags | headline, wireless, flaw, cryptography
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
Pizza Hut Latest To Be Hit In Card Data Breach
Posted Oct 16, 2017

tags | headline, hacker, privacy, bank, cybercrime, data loss, fraud
Artificial Intelligence - Hype, Hope, And Fear
Posted Oct 16, 2017

tags | headline, botnet, cyberwar
KRACK Attacks: Breaking WPA2 By Forcing Nonce Reuse
Posted Oct 16, 2017

tags | headline, privacy, phone, wireless, flaw, cryptography
Even Pokemon Go Was Used By Russia To Meddle In The Election
Posted Oct 13, 2017

tags | headline, government, usa, russia, cyberwar
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close