Exploit the possiblities
Showing 1 - 25 of 192 RSS Feed

Files

Packet Storm New Exploits For September, 2015
Posted Oct 1, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains 191 exploits that were added to Packet Storm in September, 2015.

tags | exploit
systems | linux
MD5 | fbdd7ccb2d08187b210204af0098df09
Kaseya Virtual System Administrator Code Execution / Privilege Escalation
Posted Sep 30, 2015
Authored by Pedro Ribeiro

Kaseya Virtual System Administrator suffers from multiple code execution vulnerabilities and a privilege escalation vulnerability. VSA versions 7.0.0.0 through 7.0.0.32, 8.0.0.0 through 8.0.0.22, 9.0.0.0 through 9.0.0.18, and 9.1.0.0 through 9.1.0.8 are affected.

tags | exploit, vulnerability, code execution
advisories | CVE-2015-6589, CVE-2015-6922
MD5 | c5ce0ad42b5f4e9209f7d699f7abb8c9
Mitsubishi Melsec FX3G-24M Denial Of Service
Posted Sep 30, 2015
Authored by Ralf Spenneberg

Mitsubishi Melsec FX3G-24M suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2015-3938
MD5 | 2a10a9dca38e65e0d1a507ad24a8483e
Western Digital My Cloud Command Injection
Posted Sep 30, 2015
Authored by absane

Western Digital My Cloud with firmware versions 04.01.03-421 and 04.01.04-422 suffer from a command injection vulnerability.

tags | exploit
MD5 | c17220221eba2bd68f5752e3dcea1a6e
WordPress mTheme-Unus Local File Inclusion
Posted Sep 30, 2015
Authored by Milad Hacking

WordPress mTheme-Unus theme versions prior to 2.3 suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 20176880b789d3d7f22d9fe6ab1f4e6e
Centreon 2.6.1 Persistent Cross Site Scripting
Posted Sep 29, 2015
Authored by LiquidWorm | Site zeroscience.mk

Centreon version 2.6.1 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7223fef091e6e1bd899a9973ee3d8fb7
PCMan FTP Server 2.0.7 Directory Traversal
Posted Sep 29, 2015
Authored by Jay Turla

PCMan FTP Server version 2.0.7 suffers from a directory traversal vulnerability.

tags | exploit
MD5 | 83f0216fbc7de361db8ed444168409ee
Vtiger CRM 6.3 Remote Code Execution
Posted Sep 29, 2015
Authored by Benjamin Daniel Mussler

Vtiger CRM versions 6.3 and below suffer from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2015-6000
MD5 | f902e3b97f48bf8fd6abab295f15fdad
Centreon 2.6.1 Command Injection
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Centreon version 2.6.1 suffers from a command injection vulnerability. The POST parameter 'persistant' which serves for making a new service run in the background is not properly sanitized before being used to execute commands. This can be exploited to inject and execute arbitrary shell commands as well as using cross site request forgery attacks.

tags | exploit, arbitrary, shell, csrf
MD5 | ed1afc21672db6e6d5419984ecce247e
IconLover 5.4.5 Stack Buffer Overflow
Posted Sep 28, 2015
Authored by ZwX | Site vulnerability-lab.com

IconLover version 5.4.5 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
MD5 | c8aff1275f7c8500204bd91e66859a60
Photos In Wifi 1.0.1 File Upload
Posted Sep 28, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Photos in Wifi version 1.0.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | e6195c0d80ab8f6fafbf4b9d6160ace0
Centreon 2.6.1 Add Administrator Cross Site Request Forgery
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Centreon version 2.6.1 add administrator cross site request forgery exploit.

tags | exploit, csrf
MD5 | 1138e1cb51c1767b3a1796a2e6c23530
Flash Failing Checks On uint Capacity Field
Posted Sep 28, 2015
Authored by Google Security Research, forshaw

The latest version of the Vector.primitive length check in Flash 18,0,0,232 is not robust against memory corruptions such as heap overflows. While it is no longer possible to obviously bypass the length check there is still unguarded data in the object which could be corrupted to serve as a useful primitive.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-5568
MD5 | d8d63f278bfaf7212db84743a736c353
BisonWare BisonFTP 3.5 Directory Traversal
Posted Sep 28, 2015
Authored by Jay Turla

BisonWare BisonFTP version 3.5 suffers from a directory traversal vulnerability.

tags | exploit
MD5 | eceff934180525af8de9af76168dbd0f
ManageEngine EventLog Analyzer Remote Code Execution
Posted Sep 28, 2015
Authored by xistence | Site metasploit.com

This Metasploit module exploits a SQL query functionality in ManageEngine EventLog Analyzer v10.6 build 10060 and previous versions. Every authenticated user, including the default "guest" account can execute SQL queries directly on the underlying Postgres database server. The queries are executed as the "postgres" user which has full privileges and thus is able to write files to disk. This way a JSP payload can be uploaded and executed with SYSTEM privileges on the web server. This Metasploit module has been tested successfully on ManageEngine EventLog Analyzer 10.0 (build 10003) over Windows 7 SP1.

tags | exploit, web
systems | windows, 7
MD5 | 8aa69f01509e92e3e8de9b7ce3fbd570
Rowhammer Linux Kernel Privilege Escalation Proof Of Concept
Posted Sep 28, 2015
Authored by Google Security Research, mseaborn

Proof of concept exploit code for the Linux Rowhammer DRAM privilege escalation vulnerability.

tags | exploit, proof of concept
systems | linux
MD5 | 2a3a58b2b7cb030ce8a4bc92628f308e
Centreon 2.6.1 Shell Upload
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Centreon version 2.6.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 71a4b274917f301d9cf6e59ae074de13
WordPress Appointment Booking Calendar 1.1.7 XSS
Posted Sep 28, 2015
Authored by Iberia Medeiros

WordPress Appointment Booking Calendar plugin version 1.1.7 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-7320
MD5 | 88b7530045412c37df11b752add627f4
ProjeQtor 4.5.2 Shell Upload
Posted Sep 28, 2015
Authored by Arturo Rodriguez

ProjeQtor version 4.5.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 88889431648b2b18a9911d0ca38873bb
Collabtive 2.0 Shell Upload
Posted Sep 28, 2015
Authored by Arturo Rodriguez

Collabtive version 2.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2015-0258
MD5 | 9c6a8438c3abf888bb1b897c4d3d293e
Mango Automation 2.6.0 File Upload / Code Execution CSRF
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Mango Automation version 2.6.0 file upload and arbitrary JSP code execution cross site request forgery exploit.

tags | exploit, arbitrary, code execution, file upload, csrf
MD5 | 320696d72a2c027da67ab2d5e323901a
Mango Automation 2.6.0 Command Execution Cross Site Request Forgery
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Mango Automation version 2.6.0 arbitrary command execution cross site request forgery exploit.

tags | exploit, arbitrary, csrf
MD5 | 4c424619c43451bce85dc22cdcf34e38
Mango Automation 2.6.0 Unprotected Debug Log View
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Mango Automation version 2.6.0 suffers from an information disclosure vulnerability because it contains default configuration for debugging enabled in the '/WEB-INF./web.xml' file (debug=true). An attacker can entice a logged-in user to visit a specially crafted URL which will produce a system exception with stack trace on the Jetty server. When this error occurs, the debug option generates a status page with all the information from the visitor, meaning that the attacker is able to see usernames, password hashes, e-mails and of course, Cookie sessions). Using the generated error, the attacker can easily perform session hijacking and take over the system using previously discovered vulnerabilities by just visiting the status page non-authenticated.

tags | exploit, web, vulnerability, info disclosure
MD5 | 79ee3cee23eb127e9c44dd66054f1149
Mango Automation 2.6.0 SQL Query Cross Site Request Forgery
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Mango Automation version 2.6.0 arbitrary SQL query execution cross site request forgery exploit.

tags | exploit, arbitrary, csrf
MD5 | 907b130bc43a6988c4842c75b39db550
Mango Automation 2.6.0 Add Admin Cross Site Request Forgery
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Mango Automation version 2.6.0 add administrator cross site request forgery exploit.

tags | exploit, csrf
MD5 | 7cda52b28cf782b6acd4343eb9acad1f
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Archive Of 1.4 Billion Creds Found On Dark Web
Posted Dec 12, 2017

tags | headline, hacker, data loss, password
MoneyTaker Steals Millions From US, UK, Russian Banks
Posted Dec 12, 2017

tags | headline, malware, bank, usa, britain, russia, cybercrime, fraud
Web Pioneers Plead To Cancel US Net Vote
Posted Dec 12, 2017

tags | headline, government, usa, fraud
Google Releases Tool To Help iPhone Hackers
Posted Dec 12, 2017

tags | headline, hacker, phone, google, apple
Language Bugs Infest Downstream Software
Posted Dec 11, 2017

tags | headline, flaw
German Spy Agency Warns Of Chinese LinkedIn Espionage
Posted Dec 11, 2017

tags | headline, government, china, cyberwar, germany, spyware, social
Dynamics 365 Sandbox Leaked TLS Certificates
Posted Dec 11, 2017

tags | headline, privacy, microsoft, data loss, flaw, cryptography
Keylogger Uncovered On Hundreds Of HP PCs
Posted Dec 11, 2017

tags | headline, flaw, spyware, backdoor
PlexCoin Scam Founder Sentenced To Jail And Fined $10k
Posted Dec 10, 2017

tags | headline, cybercrime, fraud, scam, cryptography
Google Lifts Lid On FBI Data Requests: Now You Can Read Actual Letters Online
Posted Dec 9, 2017

tags | headline, government, privacy, usa, google, fbi
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close