what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 164 RSS Feed

Files

4 TOTOLINK Routers Backdoored
Posted Jul 16, 2015
Authored by Pierre Kim

4 TOTOLINK router models are backdoored with hardcoded credentials.

tags | exploit
SHA-256 | 9ca4b52af2e1f01e95d564008e9b6c31d1c43d2dd18ac9b2367ff9593944b575
4 TOTOLINK Routers Cross Site Request Forgery / Cross Site Scripting
Posted Jul 16, 2015
Authored by Pierre Kim

4 TOTOLINK router models suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | ee42e57cb222a8571eb397cc642d24092fc7b9ce794c4736e98942a28f40d66a
15 TOTOLINK Routers Remote Command Execution
Posted Jul 16, 2015
Authored by Pierre Kim, Alexandre Torres

15 TOTOLINK router models are vulnerable to multiple remote command execution vulnerabilities.

tags | exploit, remote, vulnerability
SHA-256 | d072f0831923e919022e8fbd4d7bd9357586f76c8cc3e511d592af9cd3edea96
WordPress Download Manager Free 2.7.94 / Pro 4 XSS
Posted Jul 16, 2015
Authored by Filippos Mastrogiannis

WordPress Download Manager Free version 2.7.94 and Pro version 4 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0309ec8cd7dbe37e81c6995f0bb31b5a363fb77bdd24d0b90bc2454f50653838
phpVibe Stored Cross Site Scripting
Posted Jul 16, 2015
Authored by Filippos Mastrogiannis

phpVibe versions prior to 4.20 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 99a7c3ccb97289e5e90665ab5b974a718b5252267a0ac9fee73c005731d23314
Internet Download Manager Crash Proof Of Concepts
Posted Jul 16, 2015
Authored by Mohammad Reza Espargham

2 crash proof of concept exploits for Internet Download Manager.

tags | exploit, proof of concept
SHA-256 | 5db31f347809c02dd4958a966daa63a1b1af5ffea1857474dbd4213d06bd7703
WordPress BuddyPress Activity Plus 1.5 CSRF / File Deletion
Posted Jul 15, 2015
Authored by Tom Adams

WordPress BuddyPress Activity Plus plugin version 1.5 suffers from cross site request forgery and arbitrary file deletion vulnerabilities.

tags | exploit, arbitrary, vulnerability, info disclosure, csrf
SHA-256 | 61aad3a7f270847cbbf9e3c63259099d37595b528db86f197368bc0673bdaad6
GetSimpleCMS 3.3.5 XSS / Code Execution / DoS / Weak Auth
Posted Jul 15, 2015
Authored by Tim Coen

GetSimpleCMS version 3.3.5 suffers from weak authentication, password leak, code execution, cross site scripting, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, code execution, xss
SHA-256 | 9e524b7da4c827b7782b84debb83677baaca15fd0aaa97f53ec59a867d8bd0c7
SPBAS Payment Bypass
Posted Jul 15, 2015
Authored by ph33r

SPBAS suffers from a price augmentation vulnerability when sending users through Paypal.

tags | exploit
SHA-256 | 99806278509709f3a62a33045db92b1a40aed0b5ef8fc39d9d337862cd0c996d
WordPress Subscribe To Comments 2.1.2 LFI / Code Execution
Posted Jul 15, 2015
Authored by Tom Adams

WordPress Subscribe to Comments plugin version 2.1.2 suffers from code execution and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, code execution, file inclusion
SHA-256 | 4c5f361d4f71da927a1ede8b63f1aebbdf421dbdd9ffd77d4020a51acdca545b
WordPress WP Attachment Export 0.2.3 Arbitrary File Download
Posted Jul 15, 2015
Authored by Nitin Venkatesh

WordPress WP Attachment Export plugin version 0.2.3 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
SHA-256 | 9a85df012d25d9b1b45171c582fc339bdd7bb368f32d4d395882bec6755b8998
WordPress Image Export 1.1 Arbitrary File Download
Posted Jul 14, 2015
Authored by Larry W. Cashdollar

WordPress Image Export plugin version 1.1 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | f5dbd9b328b410e55ced6b1b19e5fa2738b42682e045d966972cc9e7585402e1
Joomla Docman Path Disclosure / Local File Inclusion
Posted Jul 14, 2015
Authored by Hugo Santiago dos Santos

Joomla Docman suffers from full path disclosure and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, info disclosure
SHA-256 | 2035df9be9103e5e7731bca557187aa16e61e414a6b55770d4e589c8c6d8cbbf
Kaseya Virtual System Administrator File Download / Open Redirect
Posted Jul 14, 2015
Authored by Pedro Ribeiro

Kaseya Virtual System Administrator suffers from arbitrary file download open redirection vulnerabilities.

tags | exploit, arbitrary, vulnerability
SHA-256 | 8f81d492c8f92ef800d091dc7a9b9b4e65c6a0776aa789f26d9207772f0843d5
PFSense 2.2.2 Cross Site Scripting
Posted Jul 14, 2015
Authored by William Costa

PFSense version 2.2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b41b9c68576f0be0722976059ed088c83310cca21a4d01f12703068087ad1bcc
ArticleFR 3.0.6 Cross Site Request Forgery
Posted Jul 14, 2015
Authored by LiquidWorm | Site zeroscience.mk

ArticleFR version 3.0.6 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
SHA-256 | fc4cceecf98e26b34c3709337914564c092fc67141584a9307de989d67ef1162
ArticleFR 3.0.6 Cross Site Scripting
Posted Jul 14, 2015
Authored by LiquidWorm | Site zeroscience.mk

ArticleFR suffers from multiple stored cross site scripting vulnerabilities. The issues are triggered when input passed via the POST parameter 'name' in Categories, POST parameters 'title' and 'rel' in Links and GET parameter 'url' in PingServers module is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.6 is affected.

tags | exploit, arbitrary, vulnerability, xss
SHA-256 | 97577b9ace469f43b13d8ce2548ca3144fe75dccb6067e8bf74ca67d2b2dbe4f
WordPress Plotly 1.0.2 Cross Site Scripting
Posted Jul 14, 2015
Authored by Tom Adams

WordPress Plotly plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-5484
SHA-256 | 8c8ecc962a319c7bfa3171c85e8bd93531f424c4f1101eaddd89bbe50f29c468
Pimcore CMS Build 3450 SQL Injection
Posted Jul 14, 2015
Authored by Josh Foote

Pimcore CMS build 3450 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-4426
SHA-256 | f7b0a644408b713c75a3b2b6813d047888f1cc7dda004eb2ff27ab376715fb66
phpVibe 4.0 Arbitrary File Disclosure
Posted Jul 14, 2015
Authored by ali ahmady

phpVibe version 4.0 suffers from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary, info disclosure
SHA-256 | 872cb632d10ee1d392d46059c45f959ef8b2d1c387db7d3980d10e5df1f17249
Pimcore CMS Build 3450 Directory Traversal
Posted Jul 14, 2015
Authored by Josh Foote

Pimcore CMS build 3450 suffers from an issues where it is possible for an administrative user with the 'assets' permission to overwrite system configuration files via exploiting a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2015-4425
SHA-256 | ab88a54c96cee261f04972545556b484aa577fdfae39c4f1a28989afe29b7997
The Events Calender: Eventbrite Tickets 3.9.6 Cross Site Scripting
Posted Jul 14, 2015
Authored by Tom Adams

The WordPress Eventbrite Tickets plugin from The Events Calendar version 3.9.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-5485
SHA-256 | 9d007e52a0aca85109b108602e13c60f95a5b63d24894f873375bcaaa6a3c02f
FreiChat 9.6 SQL Injection
Posted Jul 14, 2015
Authored by Kacper Szurek

FreiChat version 9.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 340c717fd761abf304ec7c246e204eb9f11ad8a6f4c06aabb383e69a76994e3a
sysPass 1.0.9 SQL Injection
Posted Jul 14, 2015
Authored by Daniele Salaris | Site syss.de

sysPass versions 1.0.9 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6b3b7dbe62538e63e5bf0114ba91c34d647ba966aa039a58a9ad1fad1a067add
WordPress WP-PowerPlayGallery 3.3 File Upload / SQL Injection
Posted Jul 14, 2015
Authored by Larry W. Cashdollar

WordPress WP-PowerPlayGallery plugin version 3.3 suffers from remote file upload and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file upload
SHA-256 | 9f8d10108d02ae3286eb0f5ff0f4e6c51b291455c43a4e920c4dd937fcc5c9a4
Page 4 of 7
Back23456Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Hackers Demand $6 Million From Seattle Airport Operators
Posted Sep 19, 2024

tags | headline, hacker, cybercrime, data loss, fraud, cryptography
Recent WhatsUp Gold Vulnerabilities Possibly Exploited In Ransomware Attacks
Posted Sep 19, 2024

tags | headline, malware, cybercrime, flaw, cryptography
14 Dead As Hezbollah Walkie Talkies Explode In Second, Deadlier Attack
Posted Sep 19, 2024

tags | headline, cyberwar, israel, terror, backdoor
UK Activists Targeted With Pegasus Spyware Ask Police To Charge NSO Group
Posted Sep 19, 2024

tags | headline, government, privacy, britain, israel, spyware
Pip Dreams And Security Schemes: Chaos In Your Configuration Files
Posted Sep 18, 2024

tags | headline, backdoor
Apple Suddenly Drops NSO Group Spyware Lawsuit
Posted Sep 18, 2024

tags | headline, privacy, phone, flaw, israel, spyware, apple
11 Dead, Thousands Injured In Explosive Supply Chain Attack On Hezbollah Pagers
Posted Sep 18, 2024

tags | headline, wireless, cyberwar, israel, terror, backdoor
CloudImposer Attack Targets Google Cloud Services
Posted Sep 18, 2024

tags | headline, hacker, google
AT&T Fined $13 Million For Data Breach
Posted Sep 18, 2024

tags | headline, privacy, phone, data loss
WhatsApp View Once Fix Gets Defeated In Less Than A Week
Posted Sep 18, 2024

tags | headline, privacy, facebook, social
View More News →
packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close