exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 184 RSS Feed

Files

Adobe Connect 9.3 Cross Site Scripting
Posted Jun 11, 2015
Authored by Stas Volfus

Adobe Connect version 9.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-0343
SHA-256 | 34a15972095ac3667591b4ca3b3d0af98fdb37a6c638e54bcdd4983279790c3c
WordPress SE HTML5 Album Audio Player 1.1.0 Directory Traversal
Posted Jun 11, 2015
Authored by Larry W. Cashdollar

WordPress SE HTML5 Album Audio Player plugin version 1.1.0 suffers from a traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2015-4414
SHA-256 | 81424b362836e1f87647f0d8767db8affccfc69ef41a140b10eb979f0ded8ac7
FC2 / Rakuten Cross Site Scripting
Posted Jun 11, 2015
Authored by Jing Wang

FC2 and Rakuten Online websites suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 1fb62bc8f5ebd900d982563a1cfdd52226e4525623179b8e65ae73c93e3ec037
Projectsend r572 Cross Site Scripting
Posted Jun 11, 2015
Authored by Matt Landers

Projectsend r572 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | cc435eb98777bd119341c098258b2689927d36a6df2cef54892ebf0eb790ce7a
Libmimedir VCF Memory Corruption Proof Of Concept
Posted Jun 11, 2015
Authored by Jeremy Brown

Libmimedir suffers from a memory corruption vulnerability. Adding two NULL bytes to the end of a VCF file allows a user to manipulate free() calls which occur during it's lexer's memory clean-up procedure. This could lead to exploitable conditions such as crafting a specific memory chunk to allow for arbitrary code execution.

tags | exploit, arbitrary
advisories | CVE-2015-3205
SHA-256 | 782706b36ec37423bb60b4189000385c972cba361ddd33631487a01b1346633a
WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload
Posted Jun 11, 2015
Authored by Larry W. Cashdollar

WordPress Aviary Image Editor Add On For Gravity Forms plugin version 3.0 beta suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2015-4455
SHA-256 | 03e9ff17bf85e1c419744d224df38fb57c911c3c1e198198d29bab2ca183658f
Heroku Session Validation Issue
Posted Jun 11, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

An application-side re-auth session bypass vulnerability has been discovered in the official Heroku API and web-application service. The vulnerability allows an attacker to request unauthorized information without the second forced re-authentication module.

tags | exploit, web, bypass
SHA-256 | c42e20e6af494c024a32d6288be639d91cf860dcc07122b0e4ede8924d4698c8
Pandora FMS 5.0 / 5.1 Authentication Bypass
Posted Jun 10, 2015
Authored by A. Tsvetkov, Manuel Mancera

Pandora FMS versions 5.0 and 5.1 suffer from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 101abb232873cca16dc19d18de85b3977b7db101c7823334f4b70fcada3423a8
PHP 5.6.9 Use-After-Free
Posted Jun 10, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

High-Tech Bridge Security Research Lab discovered use-after-free vulnerability in a popular programming language PHP, which can be exploited to cause crash and possibly execute arbitrary code on the target system. The vulnerability resides within the 'spl_heap_object_free_storage()' PHP function when trying to dereference already freed memory. A local attacker can cause segmentation fault or possibly execute arbitrary code on the target system with privileges of webserver.

tags | exploit, arbitrary, local, php
SHA-256 | 97375f017fbc6339f20309d1873f364d4f4bb2e3171ae12a6883001f4efb66fc
ISPConfig 3.0.5.4p6 SQL Injection / Cross Site Request Forgery
Posted Jun 10, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

ISPConfig version 3.0.5.4p6 suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
advisories | CVE-2015-4118, CVE-2015-4119
SHA-256 | 7b20edde24f0f1fb2d963049457764c5312fb3b6037c0261c180f81ce8d63252
Bonita BPM 6.5.1 Directory Traversal / Open Redirect
Posted Jun 10, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

Bonita BPM version 6.5.1 suffers from open redirect and directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
advisories | CVE-2015-3897, CVE-2015-3898
SHA-256 | 318aebbb7238bd95d83a383ed6cec374ab8164e93742363befdec484d42c0016
Alcatel-Lucent OmniSwitch Web Interface Cross Site Request Forgery
Posted Jun 10, 2015
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request forgery attacks. This allows specially crafted web pages to change the switch configuration and create users, if an administrator accesses the website while being authenticated in the management web interface.

tags | exploit, web, csrf
advisories | CVE-2015-2805
SHA-256 | ebb5b0b74f92ebf4cf2025ae52d59a24ba40fc8487415190d9d0bd7efdc814ad
Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
Posted Jun 10, 2015
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate as a currently logged-in user and perform administrative tasks.

tags | exploit, web
advisories | CVE-2015-2804
SHA-256 | 81e6be2bf4112b23f31a9a4eb65f9147c563e93f5117e6190c5f3a95354f3823
This POODLE Bites: Exploiting The SSL 3.0 Fallback
Posted Jun 10, 2015
Authored by Bruno Luiz

Article discussing the SSL 3.0 fallback and POODLE vulnerabilities. Proof of concept code included.

tags | exploit, vulnerability, proof of concept
SHA-256 | c1251d89447f8978856d0cdde22d5bce6781a9bf91742126bb037c8054e02634
ProFTPD 1.3.5 Mod_Copy Command Execution
Posted Jun 10, 2015
Authored by Vadim Melihow | Site metasploit.com

This Metasploit module exploits the SITE CPFR/CPTO commands in ProFTPD version 1.3.5. Any unauthenticated client can leverage these commands to copy files from any part of the filesystem to a chosen destination. The copy commands are executed with the rights of the ProFTPD service, which by default runs under the privileges of the 'nobody' user. By using /proc/self/cmdline to copy a PHP payload to the website directory, PHP remote code execution is made possible.

tags | exploit, remote, php, code execution
advisories | CVE-2015-3306
SHA-256 | 6b1b6947386e30749005cc4bbf96249cdc5ee569e7eb6a39db9bbb3306f97451
TinySRP Buffer Overflow
Posted Jun 10, 2015
Authored by Douglas Held

TinySRP appears to suffer from a buffer overflow vulnerability in the username field.

tags | exploit, overflow
SHA-256 | 77b7bd5fa6ad642e38cebe659484fab925425c8a24142bd0d9e1cbb1b5cf414b
AnimaGallery 2.6 Local File Inclusion
Posted Jun 9, 2015
Authored by d4rkr0id

AnimaGallery version 2.6 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | a8594f40a409f61ee653dc4bd93654501613618322100129fb0161585eb831e9
DreamBox DM500s Cross Site Scripting
Posted Jun 9, 2015
Authored by Jay Turla

DreamBox DM500s suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1fb8f30202be86e4f413656dff4cb65aee9c8bc5f7089efa996a8a1f7afdfbb2
Paperlink Balance 710 Cross Site Request Forgery
Posted Jun 9, 2015
Authored by Provensec

Paperlink Balance 710 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 383566478a99a0be1dbd4b3452eb1c4186a558cbca37e101d80511ba58fe3b08
Persian Car CMS 1.0 SQL Injection
Posted Jun 9, 2015
Authored by indoushka

Persian Car CMS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 96c7e380e3dcfdf87d097b33ff55c6e62e36e620829a2f75694f7deeef5faaf8
Kankun Smart Socket / Mobile App Hardcoded AES Key
Posted Jun 8, 2015
Authored by Aseem Jakhar

The Kankun Smart Socket device and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP. An attacker on the local network can use the same key to encrypt and send unsolicited commands to the device and hijack it.

tags | exploit, local, udp, info disclosure
advisories | CVE-2015-4080
SHA-256 | 9225a407cd8c8dd1c678631cb1e646a383b42ee99ca1ea8aa1e039b735e9be08
SilverStripe CMS 3.1.13 XSS / Open Redirect
Posted Jun 8, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

SilverStripe CMS version 3.1.13 suffers from open redirection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-5063, CVE-2015-5062
SHA-256 | 701dc27fc99ae0950b14b0faf19d1fb54c6eff0e004fef057c3b3d65faef74f2
Apexis IP CAM Username / Password Disclosure
Posted Jun 8, 2015
Authored by Daniel Godoy

Apexis IP CAM suffers from a remote information disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | 6241365038e03dc58eafa111dc2905a716e965fcb30f266cfc7b10a7e6f1c8a2
SanyBee Gallery 0.2.9 / 0.2.10 XSS / Add Admin
Posted Jun 8, 2015
Authored by indoushka

SanyBee Gallery versions 0.2.9 and 0.2.10 suffer from cross site scripting and add administrator vulnerabilities.

tags | exploit, vulnerability, xss, add administrator
SHA-256 | f4038f6854de17663fff4ff5953a7bfa407b053ad722c8ea52c6d9aff3a1a1b4
WordPress Encrypted Contact Form 1.0.4 CSRF / XSS
Posted Jun 8, 2015
Authored by Nitin Venkatesh

WordPress Encrypted Contact Form plugin version 1.0.4 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2015-4010
SHA-256 | de168bc9ae565931b08fd16f0f2a4a87e5905225a349be79aefeabea3d4371f1
Page 5 of 8
Back34567Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close