what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 145 RSS Feed

Files

PHPmongoDB 1.0.0 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 14, 2016
Authored by Ozer Goker

PHPmongoDB version 1.0.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | e76ac1cdaae844776a01728a703770c3e964816b862a0c6b2c52054c63a4e509
Windows Kernel ATMFD.DLL NamedEscape 0x2511 Out-Of-Bounds Read
Posted Apr 14, 2016
Authored by Google Security Research, mjurczyk

The Adobe Type Manager Font Driver (ATMFD.DLL) suffers from a NamedEscape out-of-bounds read.

tags | exploit
systems | linux
SHA-256 | 47ff745db957f4da9f0bfd5c001563adb1efd711f4a8c5d321e86fdc7660d19a
ChitaSoft CMS 3 Cross Site Scripting
Posted Apr 14, 2016
Authored by T3NZOG4N, Mojtaba MobhaM

ChitaSoft CMS version 3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f2496bfce8bfd1272daa114fe6e23c1117c8a54c7bb3145226a1d3e60df3b268
OpenWGA Content Manager 7.1.9 User-Agent HTTP Header XSS
Posted Apr 13, 2016
Authored by LiquidWorm | Site zeroscience.mk

OpenWGA Content Manager version 7.1.9 suffers from a cross site scripting vulnerability when input passed via the User-Agent HTTP header is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | exploit, web, arbitrary, xss
SHA-256 | 9d71ce5e11ca39dfc7ec78ef37fa5c5ebd50d84f836c4358d8cf523620e4a121
OpenWGA Developer Studio 3.1.0 OpenDialog Arbitrary Code Execution
Posted Apr 13, 2016
Authored by LiquidWorm | Site zeroscience.mk

OpenWGA Developer Studio version 3.1.0 suffers from an arbitrary code execution vulnerability when using the File OpenDialog box enabling the attacker to execute any binary he or she chooses including elevation of privileges.

tags | exploit, arbitrary, code execution
SHA-256 | cac68fae3b766c1b59f1effea63f646a7d46e1e5a92a57e85fcc6a77d37f8919
Dell KACE K1000 File Upload
Posted Apr 13, 2016
Authored by Brendan Coles, Bradley Austin | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Kace K1000 versions 5.0 to 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 which allows unauthenticated users to execute arbitrary commands under the context of the 'www' user. This Metasploit module also abuses the 'KSudoClient::RunCommandWait' function to gain root privileges. This Metasploit module has been tested successfully with Dell KACE K1000 version 5.3.

tags | exploit, arbitrary, root, file upload
SHA-256 | ce165f4ada05beefea1776978f34c8b9073a363082d4e2c9070aa0d2aed7d73d
Texas Instruments Calculators Emulator 3.03-nogdb+dfsg-3 Buffer Overflow
Posted Apr 13, 2016
Authored by Juan Sacco

Texas Instruments Calculators Emulator version 3.03-nogdb+dfsg-3 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 189c0e2dd8442cb5bb1443d6a2b0e7a6e2a076cb8c15f1bc5ba7f76146a40887
Webline CMS 2016Q2 SQL Injection
Posted Apr 13, 2016
Authored by Vulnerability Laboratory, ICG SEC | Site vulnerability-lab.com

Webline CMS 2016Q2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0a5013f90a4d1adad4f948811aefe1b99cc92775272d91587066533f3c50a3f3
Ovidentia Troubletickets 7.6 Remote File Inclusion
Posted Apr 13, 2016
Authored by bd0rk

Ovidentia module Troubletickets version 7.6 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 8b8b42d83c24b45290bbe6733839b4dcde30f4bfb2e1b86847d77f45461c6242
ImPAX Agility 1.1074.RC.b122.20150602 Cross Site Scripting
Posted Apr 12, 2016
Authored by vesp3r

ImPAX Agility version 1.1074.RC.b122.20150602 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 93b3bd2558046b9a690c3d500cc1621a85419cfb93b18fbe7f16b7851b4f51db
IBM Java Issue 70 Bad Patch
Posted Apr 12, 2016
Authored by Adam Gowdiak | Site security-explorations.com

The patch for Issue 70 in IBM Java discovered by Security Explorations in 2013 was found to be faulty. Included are the full report and a proof of concept.

tags | exploit, java, proof of concept
systems | linux
advisories | CVE-2013-5456
SHA-256 | 24180117b921605ffa337bfcd62c889bf47a2e79be4fd3593f12c7031b1258ce
RockMongo 1.1.8 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 12, 2016
Authored by Ozer Goker

RockMongo version 1.1.8 suffers from cross site request forgery, cross site scripting, and html injection vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | ad136abaa1fb15aa651f56b122c30dc9f88d81a491bc7bd509617a574f423492
WordPress Robo Gallery 2.0.14 Code Execution
Posted Apr 12, 2016
Authored by Vulnerability Laboratory, ICG SEC | Site vulnerability-lab.com

WordPress Robo Gallery plugin version 2.0.14 suffers from a code execution vulnerability.

tags | exploit, code execution
SHA-256 | 774d75ce63929680b6281e707bdf8bf21ed7453a304fe3f4249bb389a592ba9f
Perl 5.22 VDir::MapPathA/W Out-Of-Bounds Reads / Buffer Over-Reads
Posted Apr 11, 2016
Authored by John Leitch

Perl version 5.22 suffers from two out-of-bounds reads and multiple small buffer over-read vulnerabilities in the VDir::MapPathA and VDir::MapPathW functions that could potentially be exploited to achieve arbitrary code execution.

tags | exploit, arbitrary, perl, vulnerability, code execution
advisories | CVE-2015-8608
SHA-256 | cd84d70480486213183c751f06e787f023b2261ad301971f1c15757a078757f7
Novell Service Desk 7.1.0 Code Execution / Information Disclosure
Posted Apr 11, 2016
Authored by Pedro Ribeiro

Novell Service Desk versions 7.1.0 and below suffer from code execution, information disclosure, cross site scripting, remote file upload, HQL injection, and traversal vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, info disclosure, file upload
advisories | CVE-2016-1593, CVE-2016-1594, CVE-2016-1595, CVE-2016-1596
SHA-256 | c58735b33740e5edd50a8cae45802afa2db11198bcbbc4f1e7779e1640bb8f1c
CAM UnZip 5.1 Path Traversal / Code Execution
Posted Apr 11, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

CAM UnZip version 5.1 suffers from a path traversal vulnerability that allows for code execution.

tags | exploit, code execution
SHA-256 | 801d5878708fdba9cecf84f8db7cae0615b691a858521efc97847de2890f7721
OpenCart 2.2.0.0 Remote PHP Code Execution
Posted Apr 11, 2016
Authored by Naser Farhadi

OpenCart version 2.2.0.0 suffers from a remote PHP code execution vulnerability.

tags | exploit, remote, php, code execution
SHA-256 | 1417eaf1f6b4295c475e0cc0fe94f8b4ddfb74538eee3554c3b8bb9362212ef5
WPN-XM 0.8.6 Cross Site Request Forgery
Posted Apr 11, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

WPN-XM version 0.8.6 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | ee094c05732b4c27eea8c21fd850ef9e38ee6b36fe9b509f2145d5431162b38c
WPN-XM 0.8.6 Cross Site Scripting
Posted Apr 11, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

WPN-XM version 0.8.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7a7c1e768bebb233949624598b2001150a93cbf0cb5ae10be6a52ab59e4d034b
DirectAdmin Control Panel 1.50.0 Cross Site Scripting
Posted Apr 11, 2016
Authored by Amir

DirectAdmin Control Panel version 1.50.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d936827aaafa73b7b8ec6b09f4046e372adf34843e950a51329f0ec0256f2db4
Mobilya Scripti 2 Shell Upload
Posted Apr 11, 2016
Authored by Antidote

Mobilya Scripti 2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | f0553b31a8ebb47291d787fabfc5388080415751f064cf2557a9a45ab3fa50ca
IDA SDK 6.9 Demo / IDA 5.0 Freeware DLL Hijacking
Posted Apr 11, 2016
Authored by Jeet Pandya

IDA SDK version 6.9 Demo and IDA 5.0 Freeware suffer from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 48366b45036a800a749b85bca2248bdb06ecde55c5a24ec7a1a74aa165a54239
CivicRM 4.7b3 SQL Injection
Posted Apr 10, 2016
Authored by Simon Waters

CivicRM version 4.7b3 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b46c1c9644858cd9f5157a2a8c9b025f2d88d4276e0161fedcc1aa49d74ea152
DotCMS 3.5 Beta Cross Site Scripting
Posted Apr 9, 2016
Authored by Piaox Xiong

DotCMS version 3.5 Beta suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d9b67e3866760f53eed0d680abdd9d5b2fae352477c2d8af3ce6a5c48701e9cf
DotCMS 3.5 Beta Directory Traversal
Posted Apr 9, 2016
Authored by Piaox Xiong

DotCMS version 3.5 Beta suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 1fad220bd9b74144259838fdc1996fc91aa92055bf12ec9962731c4a8aa8c02d
Page 4 of 6
Back23456Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close