Exploit the possiblities
Showing 1 - 25 of 184 RSS Feed

Files

Packet Storm New Exploits For June, 2015
Posted Jul 1, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains 183 exploits that were added to Packet Storm in June, 2015.

tags | exploit
systems | linux
MD5 | 9ef69c2a8c7127770b77f8a06adb0841
Watchguard XCS 10.0 SQL Injection / Command Execution
Posted Jun 30, 2015
Authored by Daniel Jensen | Site security-assessment.com

The Watchguard XCS virtual appliance contains a number of vulnerabilities, including unauthenticated SQL injection, command execution and privilege escalation. By combining these vulnerabilities, an attacker may remotely obtain root privileges on the underlying host. Versions 10.0 and below are affected.

tags | exploit, root, vulnerability, sql injection
MD5 | bf1ede087fd8f52948510e55bd983d5f
WedgeOS 4.0.4 Arbitrary File Read / Command Execution
Posted Jun 30, 2015
Authored by Daniel Jensen | Site security-assessment.com

Wedge Networks WedgeOS Virtual Appliance contains a number of security vulnerabilities, including unauthenticated arbitrary file read as root, command injection in the web interface, privilege escalation to root, and command execution via the system update functionality. Versions 4.0.4 and below are affected.

tags | exploit, web, arbitrary, root, vulnerability
MD5 | 882345aa8830eb0a40e7ff9fad972596
CollabNet Subversion Edge Management Tail LFI
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the tail action. Fixed in version 5.0. Version 4.0.11 is affected.

tags | exploit, arbitrary, local, file inclusion
MD5 | de79560bb10501b5f5f80a0fc253ef0d
NetIQ Access Manager 4.0 SP1 XXE Injection
Posted Jun 30, 2015
Authored by MustLive

NetIQ Access Manager is vulnerable to XXE injection attacks.

tags | exploit
MD5 | 244ecf8afc4e2725270516949ce27840
CollabNet Subversion Edge Management listViewItem LFI
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "listViewItem" parameter of the "index" action. Fixed in version 5.0. Version 4.0.11 is affected.

tags | exploit, arbitrary, local, file inclusion
MD5 | 7f47e2188d22636149146d1903b8f7d6
CollabNet Subversion Edge Management Show LFI
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the show action. Fixed in version 5.0. Version 4.0.11 is affected.

tags | exploit, arbitrary, local, file inclusion
MD5 | 19904a841b177e1362881c901a406b4b
GetSimple CMS 5.7.3.1 Cross Site Scripting
Posted Jun 29, 2015
Authored by Vadodil Joel Varghese

GetSimple CMS version 5.7.3.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7c4ef3ce65c1d171e0e683df45de5422
MODX Revolution 2.3.3-pl Cross Site Scripting
Posted Jun 29, 2015
Authored by Vadodil Joel Varghese

MODX Revolution version 2.3.3-pl suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 47fa7a928e892b39aca73f0575aaa4b1
Fiyo CMS 2.0_1.9.1 SQL Injection
Posted Jun 29, 2015
Authored by cfreer

Fiyo CMS version 2.0_1.9.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2015-3934
MD5 | 84b1de5448b1f7473baa16ed1a94373f
Novius OS 5.0.1-elche XSS / LFI / Open Redirect
Posted Jun 29, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Novius OS version 5.0.1-elche suffers from cross site scripting, local file inclusion, and open redirection vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2015-5354, CVE-2015-5353
MD5 | 1ba733e4bbbd7191237d66f6a53bebdd
CollabNet Subversion Edge Management downloadHook LFI
Posted Jun 29, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the "downloadHook" action. Fixed in version 5.0.

tags | exploit, arbitrary, local, file inclusion
MD5 | d5ce5862a5fb534d071ac3f51a8f83b5
CollabNet Subversion Edge Management Credential Leak
Posted Jun 29, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend leaks the unsalted MD5 hash of password of the currently logged in user via a "POST /csvn/user/index" request. An attacker that exploits an XSS or has gained a valid session via other means is able to retrieve the unsalted MD5 hash of the corresponding user and easily crack the hash in order to know the users password. Fixed in version 5.0.

tags | exploit, info disclosure
MD5 | da6edffc6850b8f6549b321fba26329f
Huawei Home Gateway HG530 / HG520b Password Disclosure / Change
Posted Jun 29, 2015
Authored by Fady Mohamed Osman

Two exploits for Huawei Home Gateway versions HG530 and HG520b that allow for password disclosure and password change.

tags | exploit
MD5 | 6d106f4154aa32cdc42b0ed65297b56e
CollabNet Subversion Edge Management Frontend Privilege Escalation
Posted Jun 29, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated administrators to escalate their privileges by creating and executing hook scripts. As a result they are able to execute arbitrary commands as the user the Management Frontend is running under without authenticating with valid credentials. Fixed in version 5.0.

tags | exploit, arbitrary
MD5 | 4eda3184e2653b0f46d537fb0c3ec862
C2Box 4.0.0 r19171 Cross Site Request Forgery
Posted Jun 28, 2015
Authored by Wissam Bashour

C2Box version 4.0.0 r19171 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-4460
MD5 | 0a1c412a6625365f8171deef853551f1
PivotX 2.3.10 Session Fixation / XSS / Code Execution
Posted Jun 28, 2015
Authored by Tim Coen

PivotX version 2.3.10 suffers from session fixation, code execution, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
MD5 | cefa8f451d24090e8e34f2127420d1cb
Adobe Flash Player Drawing Fill Shader Memory Corruption
Posted Jun 27, 2015
Authored by Chris Evans, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a memory corruption happening when applying a Shader as a drawing fill as exploited in the wild on June 2015. This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.188, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.188, Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.188, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.460.

tags | exploit
systems | linux, windows, 7
advisories | CVE-2015-3105
MD5 | 27d8201ab2355b45ec75bb2d93ef2629
Polycom RealPresence Resource Manager (RPRM) Disclosure / Traversal
Posted Jun 26, 2015
Authored by Rene Freingruber | Site sec-consult.com

By combining all vulnerabilities documented in this advisory an unprivileged authenticated remote attacker can gain full system access (root) on the RPRM appliance. This has an impact on all conferences taking place via this RP Resource Manager. Attackers can steal all conference passcodes and join or record any conference. Versions prior to 8.4 are affected.

tags | exploit, remote, root, vulnerability
advisories | CVE-2015-4681, CVE-2015-4682, CVE-2015-4683, CVE-2015-4684, CVE-2015-4685
MD5 | 6000873fcc165414249c80fa248c6873
Koha ILS 3.20.x CSRF / XSS / Traversal / SQL Injection
Posted Jun 26, 2015
Authored by Raschin Tavakoli

Koha ILS suffers from cross site request forgery, cross site scripting, remote SQL injection, and path traversal vulnerabilities. Versions 3.20.x less than or equal to 3.20.1, 3.18.x less than or equal to 3.18.8, and 3.16.x less than or equal to 3.16.12 are affected.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2015-4631, CVE-2015-4632, CVE-2015-4633
MD5 | a7487c24750ea3dc5d6254bc58df41bf
NETGEAR ProSafe Cross Site Scripting / SQL Injection / Header Injection
Posted Jun 26, 2015
Authored by Juan J. Guelfo

NETGEAR ProSafe suffers from cross site scripting, header injection, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | db5b65b3e1cd683650ed85d9db104466
Download Zip Attachments 1.0 File Download
Posted Jun 26, 2015
Authored by Larry W. Cashdollar

Download Zip Attachments version 1.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
advisories | CVE-2015-4704
MD5 | 3abffc6441d8fe10c43f7cca6b866b42
WordPress WP-Instance-Rename 1.0 File Download
Posted Jun 26, 2015
Authored by Larry W. Cashdollar

WordPress WP-Instance-Rename plugin version 1.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
advisories | CVE-2015-4703
MD5 | c4886460dc83be92521a993d49a30413
ArcSight Log Poisoning
Posted Jun 26, 2015
Authored by Andrea Menin

ArcSight suffers from a log poisoning vulnerability.

tags | exploit
MD5 | 7804fa9d0f8f8ffcd47ad4c92f2ac2ca
Nucleus CMS 3.65 Cross Site Scripting
Posted Jun 26, 2015
Authored by Sharankumar Somana

Nucleus CMS version 3.65 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1514321918bca9ad1297f52a3a256af8
Page 1 of 8
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
Bogus Linux Vulnerability Gets Publicity
Posted Feb 20, 2018

tags | headline, linux
Google Reveals Edge Bug That Microsoft Has Had Trouble Fixing
Posted Feb 20, 2018

tags | headline, microsoft, flaw, google
Mueller Flips American Who Sold Bank Info To Russians
Posted Feb 19, 2018

tags | headline, government, russia, fraud, cyberwar
Hackers Pilfered $6M From Russian Central Bank Via SWIFT System
Posted Feb 19, 2018

tags | headline, hacker, bank, russia, cybercrime, fraud
Cryptography Is Our Digital Immune System
Posted Feb 19, 2018

tags | headline, privacy, cryptography
The Tactics Of A Russian Troll Farm
Posted Feb 19, 2018

tags | headline, government, russia, fraud, cyberwar
Facebook Told To Stop Tracking In Belgium
Posted Feb 17, 2018

tags | headline, government, privacy, facebook
A Hacker Has Wiped A Spyware Company's Servers - Again
Posted Feb 17, 2018

tags | headline, hacker, malware, spyware
Special Counsel Indicts 13 People, Russian Troll Farm On Conspiracy Charges
Posted Feb 17, 2018

tags | headline, government, usa, russia, fraud, cyberwar
Variants Of Meltdown-Spectre Flaws May Have Been Discovered
Posted Feb 16, 2018

tags | headline, hacker, flaw, intel
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close