exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 166 RSS Feed

Files

HP SiteScope DNS Tool Command Injection
Posted Oct 10, 2015
Authored by juan vazquez, Charles Riggs, Kirk Hayes | Site metasploit.com

This Metasploit module exploits a command injection vulnerability discovered in HP SiteScope 11.30 and earlier versions (tested in 11.26 and 11.30). The vulnerability exists in the DNS Tool allowing an attacker to execute arbitrary commands in the context of the service. By default, HP SiteScope installs and runs as SYSTEM in Windows and does not require authentication. This vulnerability only exists on the Windows version. The Linux version is unaffected.

tags | exploit, arbitrary
systems | linux, windows
SHA-256 | 3607c5590e7cac6a67ea8ff74295111369ad5e039b60d25c3eb1d6bd7e802c0c
Belkin N300 Wifi N Router F9K1010 Arbitrary File Disclosure
Posted Oct 10, 2015
Authored by Todor Donev

Belkin N300 Wifi N Router F9K1010 suffers from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary, info disclosure
SHA-256 | d1d30cc1ca221150e284d860d9f3434d2258b60abbb1663bb53203a4c180f2a1
Joomla! CMS 3.4.3 Cross Site Scripting
Posted Oct 9, 2015
Authored by cfreer, 0keeteam

Joomla! CMS versions 3.4.0 through 3.4.3 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-6939
SHA-256 | 429b040ae8eb0d56c0cc95bcf56bcdba82a2542bbf15a63cc532bd9f86d1f58a
Veeam Backup And Replication 6 / 7 / 8 Privilege Escalation
Posted Oct 9, 2015
Authored by Francesco Ongaro, Antonio Parata, Pasquale Florillo

Veeam Backup and Replications versions 6 through 8 suffer from log disclosure and broken password security vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2015-5742
SHA-256 | 297149a77606ab6deac1de2bb98b0f033747ba6db8266944dfe68b46fdffd256
Buffalo LinkStation 1.34 / 1.69 / 1.70 Authentication Bypass
Posted Oct 9, 2015
Site redteam-pentesting.de

An authentication bypass vulnerability in the web interface of a Buffalo LinkStation Duo Network Attached Storage (NAS) device allows unauthenticated attackers to gain administrative privileges. This puts the confidentiality and integrity of the stored data as well as the integrity of the device configuration at high risk.

tags | exploit, web, bypass
SHA-256 | 8b56e71d7955315bcf04a3159d5fdfb83497857e77ff2660643acd96f4072268
Kaspersky Internet Security Network Attack Blocker Design Flaw
Posted Oct 9, 2015
Authored by Tavis Ormandy, Google Security Research

A component of Kaspersky Internet Security that's enabled by default is called the "Network Attack Blocker", described as "protects the computer against dangerous network activity". This researcher examined the implementation, and determined that it's actually a simple stateless packet filter with a pattern-matching signature system.

tags | exploit
systems | linux
SHA-256 | c93a85cd6e072be949ef0e44b2c0a5defdb132a1bdc0a750a43a8beadfd92a25
W150D Wireless N 150 Cross Site Request Forgery
Posted Oct 9, 2015
Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

The W150D Wireless N 150 ADSL2 modem router suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | d09ea1f749e714cfa623d2468198983f9b6a09ff2ee6b2e3583654d44f360254
VeryPDF Image2PDF Converter SEH Buffer Overflow
Posted Oct 9, 2015
Authored by Robbie Corley

VeryPDF Image2PDF Converter SEH buffer oevrflow exploit that spawns messagebox shellcode.

tags | exploit, overflow, shellcode
SHA-256 | fb0eb094b5e573fada445410e8039241a3a11cfe31027910642ed1bad8b24dda
FreeYouTubeToMP3 Converter 4.0.1 Buffer Overflow
Posted Oct 9, 2015
Authored by Vulnerability Laboratory, ZwX | Site vulnerability-lab.com

FreeYouTubeToMP3 Converter version 4.0.1 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | c25aa7b8ea2738b878b257f4887fbc5682c63e244b2a8b7c9f9bf2bc5ff5bf55
WebComIndia CMS 2015Q4 Authentication Bypass
Posted Oct 9, 2015
Authored by Vulnerability Laboratory, Aaditya Purani | Site vulnerability-lab.com

WebComIndia CMS 2015Q4 suffers from an authentication bypass vulnerability via remote SQL injection.

tags | exploit, remote, sql injection, bypass
SHA-256 | afc30dbcbcfb0ef32c6e8696ef381ed2d5d31290833839f08df44da1dacba8e1
PayPal Open Redirect
Posted Oct 9, 2015
Authored by Vulnerability Laboratory, Rui Silva | Site vulnerability-lab.com

PayPal suffered from an open redirect vulnerability.

tags | exploit
SHA-256 | e887d6170d64eb863e814260146a628878b0b1d63fc18ec8ff72b27057825e3d
Drupal 8.0.0 Beta 14 Cross Site Scripting
Posted Oct 8, 2015
Authored by Sandeep Kamble

Drupal version 8.0.0 Beta 14 suffers from a cross site scripting vulnerability. Drupal's sad fix was to simply throw an .htaccess file in place to block access to the file.

tags | exploit, xss
SHA-256 | 5bd347c6e00b7474b1898520fa6e4c484efeb9fdb98a576944cad1bd5ccda41a
Watermark Master Buffer Overflow (SEH)
Posted Oct 8, 2015
Authored by metacom, Andrew Smith aka jakx | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in Watermark Master 2.2.23 when processing a specially crafted .WCF file. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing a user of Watermark Master to open a malicious .WCF file.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2013-6935, OSVDB-99226
SHA-256 | 2851660cb4d62d8f9a40addd3ae13ca6e19d4f8f869bc1c54774ff4435357d12
ManageEngine ServiceDesk Plus Arbitrary File Upload
Posted Oct 8, 2015
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in ManageEngine ServiceDesk Plus. The vulnerability exists in the FileUploader servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on versions v9 b9000 - b9102 in Windows and Linux. The MSP versions do not expose the vulnerable servlet.

tags | exploit, file upload
systems | linux, windows
SHA-256 | 420d521b451538bcdb3d95efb3417571e395f8709b295655dad279c97881d455
Kallithea 0.2.9 HTTP Response Splitting
Posted Oct 8, 2015
Authored by LiquidWorm | Site zeroscience.mk

Kallithea suffers from a HTTP header injection (response splitting) vulnerability because it fails to properly sanitize user input before using it as an HTTP header value via the GET 'came_from' parameter in the login instance. This type of attack not only allows a malicious user to control the remaining headers and body of the response the application intends to send, but also allow them to create additional responses entirely under their control. Versions 0.2.9 and 0.2.2 are affected.

tags | exploit, web
advisories | CVE-2015-5285
SHA-256 | fe1b22a96957eec7a6d95ffebbcddb6a074d5a63287534cf402102b1561b064a
Microsoft Office 2007 And 2010 RTF Frmtxtbrl EIP Corruption
Posted Oct 8, 2015
Authored by Google Security Research, scvitti

This proof of concept shows a crash that was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified was enabled for testing and reproduction. This sample also reproduced in Office 2010 running on Windows 7 x86. It did not reproduce in Microsoft Office 2013 running under Windows 8.1 x86.

tags | exploit, x86, proof of concept
systems | linux, windows
SHA-256 | e861290e0691798f889619d754216a214754a16bdf818fc088da1d1365039880
TestLink 1.9.13 Cross Site Scripting
Posted Oct 7, 2015
Authored by Omar Kurt | Site netsparker.com

TestLink version 1.9.13 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-7391
SHA-256 | 5230eccf702e10b722d8c391655f290d789494d743b802c5506670a312281917
TestLink 1.9.13 SQL Injection
Posted Oct 7, 2015
Authored by Omar Kurt | Site netsparker.com

TestLink version 1.9.13 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-7390
SHA-256 | e9e6f1842a313a62999a5d4e95558ee5a223b9fd6e37b8be04d0e64fc4439978
Zope Management Interface 4.3.7 Cross Site Request Forgery
Posted Oct 7, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Zope Management Interface version 4.3.7 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-7293
SHA-256 | 4a44c59001f1f7565864d480e019a3a4fd024ae8fa91414db943f1b82c6bccf1
Netgear N300 Authentication Bypass
Posted Oct 7, 2015
Authored by Daniel Haake

Netgear N300 routers suffer from an authentication bypass vulnerability that allows for complete compromise.

tags | exploit, bypass
SHA-256 | ece995f2dfd26eb5923f193ab70874685004103c78f83bdc3caae1d7ee385353
Huawei 3G Routers CSRF / DoS / Bypass / Information Disclosure
Posted Oct 7, 2015
Authored by Pierre Kim

Huawei 3G routers suffer from authentication bypass, cross site request forgery, denial of service, and various other vulnerabilities.

tags | exploit, denial of service, vulnerability, csrf
SHA-256 | 5d2367658e0c166fbe6a18500efffe9f8332dd64802030160bd60d6778785f68
LanWhoIs.exe 1.0.1.120 Buffer Overflow
Posted Oct 7, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

LanWhoIs.exe version 1.0.1.120 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 7574eb8ce3b4e579f9b7bdfda42d4551f13c05418bf0b8426310d33e3bde8949
ZTE ZXHN H108N Unauthenticated Configuration Download
Posted Oct 7, 2015
Authored by Todor Donev

ZTE ZXHN H108N suffers from an unauthenticated configuration download vulnerability.

tags | exploit, info disclosure
SHA-256 | 9492b3a69ae4e315aa3846b3d5e95780dc24f6ca97111b000a275c42a4a7dbe0
RedHat Enterprise Linux 7.1 Denial Of Service
Posted Oct 7, 2015
Authored by Ralf Spenneberg, Hendrik Schwartke, Sergej Schumilo

RedHat Enterprise Linux version 7.1 suffers from a kernel crash vulnerability on invalid USB device descriptors.

tags | exploit, denial of service, kernel
systems | linux, redhat
SHA-256 | a6c1498865a19e4b8fb98829baeba3cc2c1cf40f95da53b3d912face5dffbc85
Last PassBroker 3.2.16 Buffer Overflow
Posted Oct 7, 2015
Authored by Un_N0n

Last PassBroker version 3.2.16 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
SHA-256 | d797c6a4c7897055c84bd5d87160180b3c0f4992d78149cf0ddb6801c15e1eb9
Page 5 of 7
Back34567Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close