Exploit the possiblities
Showing 1 - 25 of 170 RSS Feed

Files

Packet Storm New Exploits For May, 2015
Posted Jun 2, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains 169 exploits that were added to Packet Storm in May, 2015.

tags | exploit
systems | linux
MD5 | d286bccbec43d6a4a02c2a97bdb11109
WordPress XCloner 3.1.2 XSS / Command Execution
Posted May 31, 2015
Authored by Larry W. Cashdollar

WordPress XCloner plugin version 3.1.2 suffers from command execution and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-4336, CVE-2015-4337, CVE-2015-4338
MD5 | 5d0b053dd77486b7a90024b666ebdc48
Ektron CMS 9.10 SP1 Cross Site Scripting
Posted May 31, 2015
Authored by Jerold Hoong

Ektron CMS versions 9.10 SP1 build 9.1.0.184.1.102 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e32ce926956183a4821f7069cc599935
WebDrive 12.2 Buffer Overflow
Posted May 31, 2015
Authored by metacom

WebDrive version 12.2 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 80c86971a1b1819e00ea9d7d9fd01f15
Ektron CMS 9.10 SP1 Cross Site Request Forgery
Posted May 31, 2015
Authored by Jerold Hoong

Ektron CMS versions 9.10 SP1 build 9.1.0.184.1.114 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-3624
MD5 | bdc0476b8ba9f624a4c999d3c4b9579b
Dolibarr 3.5 / 3.6 HTML Injection
Posted May 30, 2015
Authored by NaxoneZ

Dolibarr versions 3.5 and 3.6 suffer from an html injection vulnerability.

tags | exploit, xss
advisories | CVE-2015-3935
MD5 | 6178584ea0c1af3b9763b6856eca434b
PonyOS 3.0 VFS Privilege Escalation
Posted May 30, 2015
Authored by Hacker Fantastic

PonyOS versions 3.0 and below VFS privilege escalation exploit.

tags | exploit
MD5 | 2ba0e89bd2b09e240d23ec4d69a1fa7b
Realtek SDK Miniigd UPnP SOAP Command Execution
Posted May 29, 2015
Authored by Michael Messner, Ricky Lawshae | Site metasploit.com

Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested successfully on a Trendnet TEW-731BR router with emulation.

tags | exploit
advisories | CVE-2014-8361
MD5 | 72b8fb778fd1fdd823f1a701f3594e09
Airties login-cgi Buffer Overflow
Posted May 29, 2015
Authored by Michael Messner, Batuhan Burakcin | Site metasploit.com

This Metasploit module exploits a remote buffer overflow vulnerability on several Airties routers. The vulnerability exists in the handling of HTTP queries to the login cgi with long redirect parameters. The vulnerability doesn't require authentication. This Metasploit module has been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation. Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT, Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.

tags | exploit, remote, web, overflow, cgi
MD5 | 24fc892e9293e536950a82cf2c9c2bc1
D-Link Devices UPnP SOAPAction-Header Command Execution
Posted May 29, 2015
Authored by Craig Heffner, Samuel Huntley | Site metasploit.com

Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR

tags | exploit
MD5 | 9120bc404ccb10c6abc177860b52fe17
Flash Timing Side-Channel Data Exfiltration
Posted May 29, 2015
Authored by Jann Horn

Flash by design allows local SWF files to read arbitrary local files, but prevents communication with remote servers. By smuggling data through a timing side-channel, this can be circumvented, allowing local SWF files to exfiltrate the contents of arbitrary local files to the internet.

tags | exploit, remote, arbitrary, local
systems | linux
MD5 | bf466e892df822f79e5d6bdb528cc1cf
ESC 8832 Data Controller Session Hijacking
Posted May 29, 2015
Authored by Balazs Makany

ESC 8832 suffers from insecure user session handling and generation as well as interception and user management issues.

tags | exploit
MD5 | 6ce1da56bad1f48c668cb9252a4e75b4
Sypex Dumper 2.0.11 Cross Site Scripting
Posted May 29, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Sypex Dumper version 2.0.11 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | bb25866ae6bb9ac5cdc4f226fbd896dc
JSPAdmin 1.1 SQL Injection / CSRF / Cross Site Scripting
Posted May 29, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

JSPAdmin version 1.1 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | 2edcffd18bcf1a67406d14393098f47c
60+ Vulnerabilities In 22 SOHO Routers
Posted May 29, 2015
Authored by Ivan Sanz de Castro, Alvaro Folgado Rueda, Jose Antonio Rodriguez Garcia

SOHO routers have been found vulnerable to privilege escalation, information disclosure, cross site request forgery, cross site scripting, authentication bypass, denial of service, and various other vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, info disclosure, csrf
MD5 | 883b458f340bf4b144ed04e1de200778
Invision Power Board 3.4.7 SQL Injection
Posted May 29, 2015
Authored by ZeroDay

Invision Power Board versions 3.4.7 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c6b333a75080c99e68840b1e0f23508b
Vevocart 6.1.0 Open Redirect
Posted May 29, 2015
Authored by Provensec

Vevocart version 6.1.0 suffers from an open redirection vulnerability.

tags | exploit
MD5 | 7f2c968a5b692ef42facdc007e1114fc
IBM Cognos Business Intelligence Developer 10.2.1 Open Redirect
Posted May 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

IBM Cognos Business Intelligence Developer version 10.2.1 suffers from an open redirect vulnerability.

tags | exploit
MD5 | d0f597d01edffb1a8baa3020c640a149
IBM Lotus Domino 8.5.4 / 8.5.3 Cross Site Scripting
Posted May 28, 2015
Authored by MustLive

IBM Lotus Domino versions 8.5.3 and 8.5.4 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | af359c85db0e68c71759288cd6d7fc2b
Audacity 2.0.5 DLL Hijack
Posted May 28, 2015
Authored by Mystyle Rahul

Audacity version 2.0.5 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | cf459dd81d8628cd822354530ace82fd
hwclock Privilege Escalation
Posted May 27, 2015
Authored by Federico Bento

hwclock on Linux, when setuid, allows for local root-level privilege escalation.

tags | exploit, local, root
systems | linux
MD5 | 94d75e96d56f527e3484ddc060ee32c6
WordPress Free Counter 1.1 Cross Site Scripting
Posted May 27, 2015
Authored by panVagenas

WordPress Free Counter plugin version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-4084
MD5 | 019f02a3b9e74a96d4dfe81951ab46d7
DbNinja Flash 3.2.6 Cross Site Scripting
Posted May 27, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

DbNinja Flash version 3.2.6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 19ae6c2baa0fda0c25c9be5e0210a055
SOPHOS WAF JSON Filter Bypass
Posted May 27, 2015
Authored by Glaudson Ocampos

SOPHOS WAF fails to mitigate SQL injection attacks leveraged via JSON.

tags | exploit, sql injection, bypass
MD5 | 15d2c9de301a1d486ae9791a56564c00
WordPress WP Fast Cache 1.4 CSRF / Cross Site Scripting
Posted May 27, 2015
Authored by Claudio Viviani

WordPress WP Fast Cache plugin version 1.4 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 970de0cccd55e97698e0ddb7dbc68aca
Page 1 of 7
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close