Twenty Year Anniversary
Showing 1 - 25 of 236 RSS Feed

Files

Packet Storm New Exploits For August, 2016
Posted Sep 1, 2016
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 235 exploits added to Packet Storm in August, 2016.

tags | exploit
MD5 | f400f2bb650c88053a24043a77729952
CryptWare CryptoPro Secure Disk For Bitlocker 5.1.0.6474 Manipulation
Posted Aug 31, 2016
Authored by Rene Freingruber, M. von Dach | Site sec-consult.com

CryptWare CryptoPro Secure Disk for Bitlocker version 5.1.0.6474 suffers from flaws that allows a malicious party to attack the boot process and backdoor the system to steal login credentials, the private 802.1x certificate, and the associated password.

tags | exploit
MD5 | fa3e0983e05e19b0dfcc2b70f17ffa3d
ZKTeco ZKBioSecurity 3.0 User Enumeration
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a user enumeration weakness vulnerability.

tags | exploit
MD5 | 84b96eb656c1af18652dad06c91b1a27
ZKTeco ZKAccess Security System 5.3.1 Persistent Cross Site Scripting
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTeco ZKAccess Security System version 5.3.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | d8bd7463fd5989edb979e3ef6053653c
ZKTeco ZKBioSecurity 3.0 visLogin.jsp Authorization Bypass
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a local authorization bypass vulnerability in visLogin.jsp.

tags | exploit, local, bypass
MD5 | 4ecb8c492cf6713ab277cdecf8bad926
ZKTeco ZKBioSecurity 3.0 File Path Manipulation
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a file path manipulation vulnerability.

tags | exploit
MD5 | f4f1ac3b6303590393a13abe9fdebe21
ZKTeco ZKBioSecurity 3.0 Add Superadmin Cross Site Request Forgery
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 16b0a2b5a8003afbb3065920efbd101e
ZKTeco ZKBioSecurity 3.0 Cross Site Scripting
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKBioSecurity suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.1.0_R_230 is affected.

tags | exploit, arbitrary, vulnerability, xss
MD5 | 412234f22c7a93e0ceae359b0e42a0ca
ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

The ZKBioSecurity solution suffers from a use of hard-coded credentials. The application comes bundled with a pre-configured apache tomcat server and an exposed 'manager' application that after authenticating with the credentials: username: zkteco, password: zkt123, located in tomcat-users.xml file, it allows malicious WAR archive containing a JSP application to be uploaded, thus giving the attacker the ability to execute arbitrary code with SYSTEM privileges. Version 3.0.1.0_R_230 is affected.

tags | exploit, arbitrary
MD5 | 372cf1b9b006b5525bd170c507681162
ZKTeco ZKAccess Professional 3.5.3 Insecure File Permissions
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKAccess suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) for 'Authenticated Users' group. Version 3.5.3 is affected.

tags | exploit
MD5 | 05cfd802f588536de977ba624823c2ce
ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKTime.Net suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Everyone' group, making the entire directory 'ZKTimeNet3.0' and its files and sub-dirs world-writable. Version 3.0.1.6 is affected.

tags | exploit
MD5 | a5214c3e7c6c4b35eb1264aa4ddc5e7c
CactuShop 7 Database Disclosure
Posted Aug 31, 2016
Authored by indoushka

CactuShop version 7 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 49d08fa0cb6c4c055196ac893afde53f
Joomla JSJobs 1.0.7.5 SQL Injection
Posted Aug 31, 2016
Authored by xBADGIRL21

Joomla JSJobs component version 1.0.7.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | bf66100aee7e4f7eb6e655db3ed5d891
Avira Free Antivirus DLL Hijacking
Posted Aug 30, 2016
Authored by Stefan Kanthak

Avira's free antivirus package installers suffer from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | ef85937d1fd27368254a23e9a0e07c1f
Freepbx 13.0.35 SQL Injection
Posted Aug 29, 2016
Authored by i-Hmx

Freepbx version 13.0.35 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 08bc4bcf06bf8561fc2b45634f781ee0
HelpDeskz 1.0.2 Shell Upload
Posted Aug 29, 2016
Authored by Lars Morgenroth

HelpDeskz versions 1.0.2 and below suffer from a remote, unauthenticated shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 1bffc0d2e7cd410e95ce8f3f601f1643
PLC Wireless Router GPN2.4P21-C-CN File Disclosure
Posted Aug 29, 2016
Authored by Rahul Raz

PLC Wireless Router GPN2.4P21-C-CN suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 310d2a6a33e26403b0bc7fff5c4d8ff3
PHP 5.0.0 xmldocfile() Denial Of Service
Posted Aug 29, 2016
Authored by Yakir Wizman

PHP version 5.0.0 suffers from a xmldocfile() denial of service vulnerability.

tags | exploit, denial of service, php
MD5 | 97a2d95d126ccab3e53a09d5a1ba9ae7
Advanced File Manager 3.0 XSS / Backup Disclosure
Posted Aug 29, 2016
Authored by indoushka

Advanced File Manager version 3.0 suffers from backup disclosure and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | b0e993550f077ae8660dd6bfe9586a94
PHP 7.0 Object Cloning Denial Of Service
Posted Aug 29, 2016
Authored by Yakir Wizman

PHP version 7.0 suffers from an object cloning denial of service vulnerability.

tags | exploit, denial of service, php
MD5 | a08724ccf2a577ff9761c9428e22fb2b
Goron Web Server 2.0 XSS / CSRF / Denial Of Service
Posted Aug 29, 2016
Authored by Guillaume Kaddouch

Goron Web Server version 2.0 suffers from cross site request forgery, cross site scripting, and denial of service vulnerabilities.

tags | exploit, web, denial of service, vulnerability, xss, csrf
MD5 | 3b20bc54ca4159f4fc3a1f2251ab4a5a
PHP 5.0.0 simplexml_load_file() Denial Of Service
Posted Aug 29, 2016
Authored by Yakir Wizman

PHP version 5.0.0 suffers from a simplexml_load_file() local denial of service vulnerability.

tags | exploit, denial of service, local, php
MD5 | 2c0b303ab0f6a4850e17e00c2fbaaeb3
MEGAsync 2.9.9 DLL Hijacking
Posted Aug 29, 2016
Authored by Amir.ght

MEGAsync version 2.9.9 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | b9e1d6c77cb1a4a47723c8f983a74e9e
PHP 5.0.0 domxml_open_file() Denial Of Service
Posted Aug 29, 2016
Authored by Yakir Wizman

PHP version 5.0.0 suffers from a denial of service vulnerability in domxml_open_file().

tags | exploit, denial of service, php
MD5 | 7fae3a24ec654eab034d1eb50fd81913
Keeper UI Injection
Posted Aug 28, 2016
Authored by Tavis Ormandy, Google Security Research

Keeper suffers from an issue where a trusted UI is injected into an untrusted webpage.

tags | exploit
MD5 | 094f53c1f2d3b75115d565669dfaa9d0
Page 1 of 10
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
US Exposes North Korea Government's Typeframe Malware
Posted Jun 18, 2018

tags | headline, government, malware, usa, cyberwar, korea
PageUp Confirms Some Data Compromised In Breach
Posted Jun 18, 2018

tags | headline, hacker, data loss
Huawei Rejects Australia Security Concerns
Posted Jun 18, 2018

tags | headline, government, australia, china, flaw, cyberwar, backdoor
Ex-Fitbit Employees Indicted For Allegedly Stealing Secrets
Posted Jun 15, 2018

tags | headline, data loss, fraud
This New Android Malware Delivers Banking Trojan, Keylogger And Ransomware
Posted Jun 15, 2018

tags | headline, malware, phone, google
Xen Project Patches Intel's Lazy FPU Flaw
Posted Jun 15, 2018

tags | headline, flaw, patch, intel
Quantum Cryptography Demo Shows No Need For New Infrastructure
Posted Jun 15, 2018

tags | headline, science, cryptography
Ether Doesn't Fall Under SEC Rules
Posted Jun 15, 2018

tags | headline, government, bank, usa, cryptography
Decades-Old PGP Bug Allowed Hackers To Spoof Just About Anyone's Signature
Posted Jun 15, 2018

tags | headline, flaw, cryptography
LuckyMouse Threat Group Attacks Government Websites
Posted Jun 14, 2018

tags | headline, hacker, government, malware, china
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close