exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 197 RSS Feed

Files

Manage Engine EventLog Analyzer 11.0 Build 11000 Cross Site Scripting
Posted Mar 30, 2016
Authored by Omkar Joshi

Manage Engine EventLog Analyzer version 11.0 build 11000 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 825a03cbb015a5b79cbb7eb9f62d92d862768e7e84d9cbd4d1497eb92c26ea12
Easy Hosting Control Panel 0.37.9 Bypass / File Upload / Disclosure
Posted Mar 30, 2016
Authored by Kyle Lovett

Easy Hosting Control Panel versions 0.29 through 0.37.9 suffer from information disclosure, authentication bypass, clear text password storage, and remote file upload vulnerabilities.

tags | exploit, remote, vulnerability, bypass, info disclosure, file upload
SHA-256 | 92d027b491a0587f69c8ac9a28d8b652868ac013c1ddd4a5765f2af4ee55d67e
PayPal Filter Bypass / Malicious Input
Posted Mar 30, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

PayPal suffered from a filter bypass vulnerability that allowed for malicious input into email.

tags | exploit, bypass
SHA-256 | fe4d650bbad9b984a3100d0893167bcbde00cf4efdd6e965562337ffd31c3f01
ATutor 2.2.1 Directory Traversal / Remote Code Execution
Posted Mar 29, 2016
Authored by mr_me | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in ATutor on an Apache/PHP setup with display_errors set to On, which can be used to allow us to upload a malicious ZIP file. On the web application, a blacklist verification is performed before extraction, however it is not sufficient to prevent exploitation. You are required to login to the target to reach the vulnerability, however this can be done as a student account and remote registration is enabled by default. Just in case remote registration isn't enabled, this module uses 2 vulnerabilities in order to bypass the authentication.

tags | exploit, remote, web, php, vulnerability
SHA-256 | 785e70dc713dbe9859a24caed94df37a4548874034fcd9af2cb5fcfe2e29d3b8
TrendMicro Remote Debugger Stub Listening
Posted Mar 29, 2016
Authored by Tavis Ormandy, Google Security Research

There is a remote debugger stub listening by default on a new install of TrendMicro Antivirus that can be exploited to launch executables.

tags | exploit, remote
systems | linux
SHA-256 | 191c3b9d20b797c02c3aeb399b9f99fed1f18221adf47c360e14714b35343f0c
Manage Engine Desktop Central 9.1.0 Build 91099 XSS
Posted Mar 29, 2016
Authored by Omkar Joshi

Manage Engine Desktop Central version 9.1.0 build 91099 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f8ccfebb4e934635d94e79bd0f76926af384cafb4f57181e94a1a6e511b9d44e
Fireware XTM Web UI Open Redirect
Posted Mar 29, 2016
Authored by Manuel Mancera

Fireware XTM Web UI versions prior to 11.10.7 suffer from an open redirection vulnerability.

tags | exploit, web
SHA-256 | 9cf0d50a76454efe4c350846c2758f2facd9d84fa66efc3f5409c80f01a2a26b
Cogent Datahub 7.3.9 Privilege Escalation
Posted Mar 28, 2016
Authored by mr_me

Cogent Datahub versions 7.3.9 and below suffer from a gamma script elevation of privilege vulnerability.

tags | exploit
advisories | CVE-2016-2288
SHA-256 | 2ae65153dc3e6b35a12d5c12ec5b362b36f6d464768f9bdd2c17bc2d18c1e488
TallSoft SNMP TFTP Server 1.0.0 Denial Of Service
Posted Mar 28, 2016
Authored by Charley Celice

TallSoft SNMP TFTP server version 1.0.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | f8935126d59fd833b21b23b2631bd40d708bec744aa6ed525ed4cb088eb59e3a
Trend Micro Deep Discovery Inspector 3.7 / 3.8 CSRF
Posted Mar 28, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Trend Micro Deep Discovery versions 3.7 and 3.8 suffer from multiple cross site request forgery vectors. If an authenticated user visits a malicious webpage attackers will have ability to modify many settings of the Deep Discovery application to that of the attackers choosing.

tags | exploit, csrf
SHA-256 | 4fcbc0ecd161f07f84b6f494716b66c2911b8b6d48a5b8ad3ba321fb4be6f363
WordPress Photocart Link 1.6 Local File Inclusion
Posted Mar 28, 2016
Authored by CrashBandicot

WordPress Photocart Link plugin version 1.6 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 937709f095f23ded1eeaf31ad1fcacb2a5ca7bf97b91f27583ad59fa470cbd8f
WordPress IMDb Profile Widget 1.0.8 Local File Inclusion
Posted Mar 28, 2016
Authored by CrashBandicot

WordPress IMDb Profile Widget plugin version 1.0.8 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 835851d014df83981e56e6c795a9db667207a83a17e80527deb4d2c78d0726b7
WordPress Visual Form Builder 2.8.6 Cross Site Scripting
Posted Mar 28, 2016
Authored by Sachin Wagh

WordPress Visual Form Builder plugin version 2.8.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d59e3708a15b9db6b5b606ae383991ce223d12827956904e28faeeec5f087565
WordPress Music Store 1.0.41 Cross Site Scripting
Posted Mar 28, 2016
Authored by Sachin Wagh

WordPress Music Store plugin version 1.0.41 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 988d284d6c1d709b5bfdd283880cfa6381231da2fee67fe96e8305120928fdf6
WordPress CloudFlare 1.3.20 Cross Site Scripting
Posted Mar 28, 2016
Authored by Sachin Wagh

WordPress CloudFlare plugin version 1.3.20 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 391af5fb920c77241b88831fa068d1fc2401dad6b87cddb277f854c56fc39923
WordPress Claptastic Clap! Button 1.3 Cross Site Scripting
Posted Mar 28, 2016
Authored by Sachin Wagh

WordPress Claptastic Clap! Button plugin version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ce6b8f7bed87ddff3fd682d9b53ada66633787541bcc3983e301782d06ce59c9
Adobe Flash PCRE Regex Complication Logic Issue
Posted Mar 28, 2016
Authored by Google Security Research, markbrand

There's a logic error in the PCRE engine version used in Adobe Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.

tags | exploit, remote, arbitrary, code execution
systems | linux
advisories | CVE-2015-0318
SHA-256 | 7634c378b901e854196bb2c6638f9cdaaeebb56a0a8e8bedc196af24d7ed49f8
C2Box 4.0.0(r19171) Validation Bypass
Posted Mar 28, 2016
Authored by Harish Ramadoss

C2Box versions 4.0.0(r19171) and below suffer from a validation bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2015-4626
SHA-256 | bc375d41b3055dd7d57b4dcb888c8376a80e14b7eb5b23111b255db7bf853cad
D-Link DVG-5402SP CSRF / Brute Force
Posted Mar 28, 2016
Authored by MustLive

D-Link DVG-5402SP with firmware RU_1.01 suffers from brute force and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | c8410e7fa996a726bd780808ee545d5c8187522011902a3d7b92ba00281dcef9
WAP Music CMS 1.0.2 SQL Injection
Posted Mar 27, 2016
Authored by Shelesh Rauthan

WAP Music CMS version 1.0.2 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 440c37697ab8edd8dbd6a0b562451a6b35fdf19e78f73c8da8cdb1fb86dfe490
SM Soft Tech CMS 1.0 SQL Injection
Posted Mar 27, 2016
Authored by Shelesh Rauthan

SM Soft Tech CMS XHTML Mobile version 1.0 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 3f52ab5972f21a1805820c848ac3fb090e009c3ec26573e6539cedbeda2dbd25
FireEye Malware Input Processor Privilege Escalation
Posted Mar 25, 2016
Authored by Tavis Ormandy, Google Security Research

The mip user is already quite privileged, capable of accessing sensitive network data. However, as the child process has supplementary gid contents, there is a very simple privilege escalation to root.

tags | exploit, root
systems | linux
SHA-256 | 5b5d78147822a04ece55e3ad4dc78e4634f5ee4ab840d7ead31f0b0e6099d778
Android One Privilege Escalation
Posted Mar 25, 2016
Authored by Google Security Research, Mark Brand

The wireless driver for the Android One (sprout) devices has a bad copy_from_user in the handling for the wireless driver socket private read ioctl IOCTL_GET_STRUCT with subcommand PRIV_CMD_SW_CTRL. This ioctl is permitted for access from the untrusted-app selinux domain, so this is an app-to-kernel privilege escalation from any app with android.permission.INTERNET.

tags | exploit, kernel
systems | linux
SHA-256 | f09afcb089991f9bdfe7878694f1b4aa53a78b0716b0db1d420fbf8364088819
innovaphone IP222 11r2 sr9 Brute Force
Posted Mar 24, 2016
Authored by Sven Freund | Site syss.de

The innovaphone IP222 provides a password protected administration interface, which can be accessed via a web browser. Although the basic authentication was disabled and instead the digest authentication is used, it is still possible to perform brute-force attacks against the password authentication process.

tags | exploit, web
SHA-256 | 5a2d36d564fe004b8101678bcdc007666e0547fe8e23b7a50847efbc69680872
innovaphone IP222 11r2 sr9 Download Denial Of Service
Posted Mar 24, 2016
Authored by Sven Freund | Site syss.de

At startup the innovaphone IP222 sends an HTTP request for a special PNG file to the involved server system. After the download has finished, the image is displayed on the phone by selecting the receiver screen in the menu. Providing a large image file (6.9 MB) within the download process and selecting the receiver screen on the phone will lead to a crash of the application and cause a denial of service condition. Remote code execution via this security vulnerability may also be possible, but was not confirmed by the SySS GmbH.

tags | exploit, remote, web, denial of service, code execution
SHA-256 | 082b8f3575ba36bdc1044ed8d817104a1afb0c9d70e9163c8f9dfb60e5762b1a
Page 2 of 8
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close