what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 197 RSS Feed

Files

Wildfly Filter Restriction Bypass / Information Disclosure
Posted Mar 21, 2016
Authored by Tal Solomon

Wildfly versions prior to 10.0.0.Final, including 9.0.2.Final, and 8.2.1.Final suffer from a WEB-INF and META-INF information disclosure issue via a filter restriction bypass vulnerability. Video included showing the proof of concept.

tags | exploit, web, proof of concept, bypass, info disclosure
systems | linux
advisories | CVE-2016-0793
SHA-256 | 702a857da000ebd458a935e4fbf17d96d7f77f33e1ef8aaa494e4206bfa48f76
WordPress Abtest Local File Inclusion
Posted Mar 21, 2016
Authored by CrashBandicot

WordPress Abtest plugin suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 4dfd25d83af233008ae8fd8f81633e2601547ac29e44fd477dde61fa603cb041
Sysax Multi Server 6.50 SEH Overflow
Posted Mar 21, 2016
Authored by Paul Purcell

Sysax Multi Server version 6.50 HTTP file share SEH overflow remote code execution exploit.

tags | exploit, remote, web, overflow, code execution
SHA-256 | c00ceddd52d084e84687306a20618247ce5e46f255ec2f4e36d4c94b92151b3f
Fortinet FortiOS Open Redirect / Cross Site Scripting
Posted Mar 19, 2016
Authored by Javier Nieto

Fortinet FortiOS suffers from cross site scripting and open redirect vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | adf6965aa4e456c066a759abb27c019e435a69201a13504c049ad95581b7976b
WebsiteBaker CMS 2.8.3-SP5 SQL Injection
Posted Mar 19, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

WebsiteBaker CMS version 2.8.3-SP5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d8c88cbdb9744e1a26af7b80ce4fe6fe1b5c53888b9441fc5f1c76364d300b27
Dating Pro Genie 2015.7 Cross Site Request Forgery
Posted Mar 19, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

High-Tech Bridge Security Research Lab discovered multiple cross site request forgery (CSRF) vulnerabilities in a popular dating social network Dating Pro. A remote unauthenticated attacker can perform CSRF attacks to change administrator's credentials and execute arbitrary system commands. Successful exploitation of the vulnerability may allow attacker to gain complete control over the vulnerable website, all its users and databases. suffers from a cross site request forgery vulnerability.

tags | exploit, remote, arbitrary, vulnerability, csrf
SHA-256 | 9b0685fd87ae9a98fe16f9d776280dfa8f697c3ea2872fce79f19f41bb912245
iTop 2.2.1 Cross Site Request Forgery
Posted Mar 19, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

High-Tech Bridge Security Research Lab discovered a remote code execution vulnerability in iTop that is exploitable via cross site request forgery flaw that is also present in the application. The vulnerability exists due to absence of validation of HTTP request origin in "/env-production/itop-config/config.php" script, as well as lack of user-input sanitization received via "new_config" HTTP POST parameter.

tags | exploit, remote, web, php, code execution, csrf
SHA-256 | 2a57050bf2377c2df7b28c31e707efa2cf5ea74cb641059629604c7bdc0bd715
Avira PE Section Header Parsing Heap Underflow
Posted Mar 19, 2016
Authored by Tavis Ormandy, Google Security Research

Avira suffers from a heap underflow vulnerability when parsing PE section headers.

tags | exploit
systems | linux
SHA-256 | ea61070846baddcbb28d0f5d8e2027b479bd9eb7b9a66c93cc181a9f30a48ac3
XOOPS 2.5.7.2 Cross Site Request Forgery
Posted Mar 18, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

XOOPS version 2.5.7.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 56dc964beea76e30a2f054812239297f424ec6166d368f20527609342894cfc9
XOOPS 2.5.7.2 Directory Traversal
Posted Mar 18, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

XOOPS version 2.5.7.2 has checks to defend against directory traversal attacks. However, they can be easily bypassed by simply issuing "..././" instead of "../".

tags | exploit
SHA-256 | 8e0c7e604227b0d036e3789cef8b9827cdedcbebab054b865cd01c359cf31f18
Grandstream Wave 1.0.1.26 Update Redirection
Posted Mar 18, 2016
Authored by Georg Lukas

The Grandstream Wave application version 1.0.1.26 periodically queries the Grandstream server for app updates. If a new update is found, the app shows a notification to the user that either opens the app's Google Play page or auto-downloads the APK file and opens it for installation. The update information is downloaded over an insecure connection from `media.ipvideotalk.com` and contains the version code and the update URL. An active attacker can redirect this request and trick the user into downloading a malicious update package

tags | exploit
advisories | CVE-2016-1520
SHA-256 | c530b1e4af62da81fc070ef71c1611d62d2872d39d07e2b965fb3fe3445fd447
BigTree 4.2.8 Object Injection / Improper Filename Sanitization
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

BigTree version 4.2.8 suffers from object injection and improper filename sanitization.

tags | exploit
SHA-256 | bb5b9719d7bfbf7cf86fcf58ff69f590fc08931de25d8fc421b05176a6b0c2a3
PivotX 2.3.11 Shell Upload
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

PivotX version 2.3.11 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 1fde09f58b26d38b03398935d6085dab67680b1fec165dc098830588ea42a109
PivotX 2.3.11 Directory Traversal
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

PivotX version 2.3.11 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 3dbedc633207c9beff4d14771b22c0d37f76842088d440fe37e3544851054b5e
PivotX 2.3.11 Cross Site Scripting
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

PivotX version 2.3.11 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 31d15c80f7f7e46d28b9c663b0fa5fb798008c4de2b256a1cc1dca6b3ec3b485
Zenphoto 1.4.11 Remote File Inclusion
Posted Mar 18, 2016
Authored by Tim Coen | Site curesec.com

Zenphoto version 1.4.11 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 64bd4c4defecd30504823144287f0037c179633ccaf922731536d159006d337a
ProjectSend r582 Cross Site Scripting
Posted Mar 17, 2016
Authored by Michael Helwig

ProjectSend version r582 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5a8b293f6200ed2995e1dee8ac4403297729385e05b38533144dd374cb20d671
Cisco UCS Manager 2.1(1b) Shellshock
Posted Mar 17, 2016
Authored by thatchriseckert

Cisco UCS Manager version 2.1(1b) shellshock exploit that spawns a connect-back shell.

tags | exploit, shell
systems | cisco
advisories | CVE-2014-6278
SHA-256 | 8e555e4314339995e576394135e468491a5591e41f42cc88f61d026cdbae0718
FreeBSD Kernel amd64_set_ldt Heap Overflow
Posted Mar 17, 2016
Authored by Core Security Technologies, Francisco Falcon

Core Security Technologies Advisory - An integer signedness error has been found in the amd64_set_ldt() function in the FreeBSD kernel code (define d in the /sys/amd64/amd64/sys_machdep.c file), which implements the i386_set_ldt system call on the amd64 version of the OS. This integer signedness issue ultimately leads to a heap overflow in the kernel, allowing local unprivileged attackers to crash the system. FreeBSD 10.2 amd64 is affected.

tags | exploit, overflow, kernel
systems | freebsd, bsd
advisories | CVE-2016-1885
SHA-256 | d41fcb2fcfd845b70a122e20b1cbd17e3b183211e307eaf35331480595a9fc22
AKIPS Network Monitor 16.5 OS Command Injection
Posted Mar 17, 2016
Authored by BrianWGray

AKIPS Network Monitor versions 15.37 through 16.5 suffer from a remote command injection vulnerability.

tags | exploit, remote
SHA-256 | 95b953fa411ca824ee148020ad6266248e425f74b8a092b166a88950b0cad00e
Window Secondary Login Failed Sanitization
Posted Mar 17, 2016
Authored by Google Security Research, forshaw

The SecLogon service does not sanitize standard handles when creating a new process leading to duplicating a system service thread pool handle into a user accessible process. This can be used to elevate privileges to Local System.

tags | exploit, local
systems | linux
advisories | CVE-2016-0099
SHA-256 | 1503dd54222782a3e53678913f5880565b05a932180f2498066832dd8aed5905
Windows Kernel ATMFD.DLL OTF Font Processing Stack Crash
Posted Mar 17, 2016
Authored by Google Security Research, mjurczyk

There is a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2016-0121
SHA-256 | 8d92358d69c6cf29a7a2e76627b8f20bcfc96b06bc62c811897c7535e426936e
Windows Kernel ATMFD.DLL OTF Font Processing Stack Corruption
Posted Mar 17, 2016
Authored by Google Security Research, mjurczyk

There is a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2016-0120
SHA-256 | 292d570afeace4b50b30f7dbd281243c97bd1306ff4c195b7d58b81eb6446be2
Adobe Flash op_pushwith Incorrect Jit Optimization
Posted Mar 16, 2016
Authored by Google Security Research, Ian Beer

The avmplus bytecode verifier misses a control-flow path via op_pushwith throwing an exception allowing crafted bytecode to be incorrectly optimized which can trivially be abused to get code execution.

tags | exploit, code execution
systems | linux
advisories | CVE-2014-0586
SHA-256 | 15e844ae6193dee99a1f13d80853248247c00f3baaac1706b37ffdc2478eb54a
Microsoft Internet Explorer Read AV In MSHTML!Layout::LayoutBuilderDivider::BuildPageLayout
Posted Mar 16, 2016
Authored by Google Security Research, mbarbella

Microsoft Internet Explorer has a read AV in MSHTML!Layout::LayoutBuilderDivider::BuildPageLayout issue.

tags | exploit
systems | linux
advisories | CVE-2016-0108
SHA-256 | b53f8e4c4ebe84b15587cf2408a4e03b8bba9fce031e88a6b70310b5cab23a39
Page 5 of 8
Back34567Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Sam Bankman-Fried's Sentencing Hearing Over FTX Fraud Begins Today
Posted Mar 28, 2024

tags | headline, fraud, cryptography
Sellafield To Be Prosecuted For IT Security Offenses
Posted Mar 28, 2024

tags | headline, government, britain, flaw
These 17,000 Microsoft Exchange Servers Are A Ticking Time Bomb
Posted Mar 28, 2024

tags | headline, microsoft, email, flaw
Analyse, Hunt, And Classify Malware Using .NET Metadata
Posted Mar 27, 2024

tags | headline, hacker, malware, microsoft
VPN Apps On Google Play Turn Android Devices Into Proxies
Posted Mar 27, 2024

tags | headline, privacy, phone, flaw, google
Fortinet FortiClient EMS SQL Injection Flaw Exploited In The Wild
Posted Mar 27, 2024

tags | headline, hacker, flaw
Google Reveals 0-Day Exploits In Enterprise Tech Surged 64% Last Year
Posted Mar 27, 2024

tags | headline, flaw, google, zero day
Ray AI Framework Vulnerability Exploited To Hack Hundreds Of Clusters
Posted Mar 27, 2024

tags | headline, hacker, flaw
Justice Dept Indicts 7 Accused In 14 Year Long Hack Campaign By Chinese Government
Posted Mar 26, 2024

tags | headline, hacker, government, usa, china, cyberwar, spyware, backdoor
Ransomware Can Mean Life Or Death At Hospital, But DEF CON Hackers Have A Plan
Posted Mar 26, 2024

tags | headline, hacker, malware, conference, cryptography
View More News →
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close