exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 179 RSS Feed

Files

NetDrive 2.6.12 Privilege Escalation
Posted Sep 26, 2016
Authored by Tulpa

NetDrive version 2.6.12 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
SHA-256 | 44e9157e043df161e9fb39f0394ed4b5e87209512feab29c65900291fa239691
Elantech-Smart Pad 11.9.0.0 Privilege Escalation
Posted Sep 26, 2016
Authored by zaeek

Elantech-Smart Pad version 11.9.0.0 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
SHA-256 | 02cbc53fbab8dd783a934681021613cab5ebb2e51216a62a12dfaeaea3b2fc7e
MSI NTIOLib.sys / WinIO.sys Local Privilege Escalation
Posted Sep 26, 2016
Authored by ReWolf

MSI NTIOLib.sys and WinIO.sys suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 415b2d2aaef60ccb1d070b2c6d33045cf983ade86cec4127cad48888f27a3309
Iperius Remote 1.7.0 Privilege Escalation
Posted Sep 26, 2016
Authored by Tulpa

Iperius Remote version 1.7.0 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit, remote
SHA-256 | 8618b69a05255ad576b094dcdf6475d4a7c5bf04e4e1aaf1057780c9f2fbb385
Macro Expert 4.0 Privilege Escalation
Posted Sep 26, 2016
Authored by Tulpa

Macro Expert version 4.0 suffers from multiple privilege escalation vulnerabilities.

tags | exploit, vulnerability
SHA-256 | a58d108f27dbbcb9826ab807cde340349804f0af2171e8dbf29a67e963befa29
Epson WorkForce Lack Of Firmware Signing / CSRF
Posted Sep 26, 2016
Authored by Ralf Spenneberg

Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates. Additionally, they suffer from a cross site request forgery vulnerability that allows an attacker to commit such a firmware update.

tags | exploit, csrf
SHA-256 | 1cd736567c6dd8e7a4095d0328fa865f1aa4a27333c0a07940e10243460214b6
u5 CMS 5.1.4 Open Redirect
Posted Sep 25, 2016
Authored by indoushka

u5 CMS version 5.1.4 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | 6b20bacedcb2762e94ed550d1b2b27ec17c7c86bef19af15363878bdd28cb82a
Joomla Event Booking 2.10.1 SQL Injection
Posted Sep 25, 2016
Authored by Mojtaba MobhaM

Joomla Event Booking component version 2.10.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9a6a60554a1304a06e8aff69352e7ba22ceafdee6f1e0bfde8366c2574e24407
Pop Under Ads Network 1.0 MySQL Credential Disclosure
Posted Sep 24, 2016
Authored by indoushka

Pop Under Ads Network version 1.0 discloses MySQL credentials in html source code.

tags | exploit, info disclosure
SHA-256 | b61df52b0185ea6b9e4036666b505dc6b4b1381807797cebe5c6b71b04558560
VenShop System 2010 Database Disclosure
Posted Sep 24, 2016
Authored by indoushka

VenShop System 2010 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | b0ceb4716a625ecbcff7f9491cf60784443bc16c2085848c56ecc381ccdd0731
Metasploit Web UI Static secret_key_base Value
Posted Sep 24, 2016
Authored by joernchen, Justin Steven | Site metasploit.com

This Metasploit module exploits the Web UI for Metasploit Community, Express and Pro where one of a certain set of Weekly Releases have been applied. These Weekly Releases introduced a static secret_key_base value. Knowledge of the static secret_key_base value allows for deserialization of a crafted Ruby Object, achieving code execution. This Metasploit module is based on exploits/multi/http/rails_secret_deserialization.

tags | exploit, web, code execution, ruby
SHA-256 | 0aed762884874a2a56109540ad0db42b6eefad643e2cf8d5c9179b0f1d8783a6
Linux SELinux W+X AIO Protection Bypass
Posted Sep 23, 2016
Authored by Jann Horn, Google Security Research

SELinux suffers from a protection bypass that allows for a memory mapping that is both readable and writable.

tags | exploit
SHA-256 | d26907f58e891ec5eb0984325531067ebfcfec48499313b6f58bfd76d6484a2b
Adobe Flash Video Decompression Memory Corruption
Posted Sep 23, 2016
Authored by Google Security Research, natashenka

Adobe Flash suffers from a memory corruption vulnerability in video decompression.

tags | exploit
SHA-256 | 6ab77f9cdd155daa4dc1957698507e9e4e763903c61c47078ea8d064042796a5
Zortam MP3 Media Studio 21.15 Privilege Escalation
Posted Sep 23, 2016
Authored by Tulpa

Zortam MP3 Studio version 21.15 suffers from an insecure file permission privilege escalation vulnerability.

tags | exploit
SHA-256 | 89618de9d7c006b9d723db98c264efbaca9fd48244720eb80aa9314a4da750b4
RealEstate CMS 3.00.50 Cross Site Scripting
Posted Sep 23, 2016
Authored by ZwX | Site vulnerability-lab.com

RealEstate CMS version 3.00.50 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e8120930436e9c5c5f11e43a93debcf5d4c9505276ec32924b862cf1ca97a94b
Kerberos Security Feature Bypass
Posted Sep 23, 2016
Authored by Nabeel Ahmed

Kerberos in Microsoft Windows suffers from a security feature bypass vulnerability.

tags | exploit, bypass
systems | windows
advisories | CVE-2016-3237
SHA-256 | 5ed55cfd547222a50eb5c366ea69653cf9d3890f0d64f8ea97af4f06b1d3167c
Wise Care 365 4.27 / Wise Disk Cleaner 9.29 Privilege Escalation
Posted Sep 23, 2016
Authored by Tulpa

Wise Care 365 version 4.27 and Wise Disk Cleaner version 9.29 suffer from an unquoted service path privilege escalation vulnerability.

tags | exploit
SHA-256 | ca77baa00797001a47e00b898909c3f175cfe93eda9298934ef62bb33f3afd29
Adobe Flash Memory Freeing Crash
Posted Sep 23, 2016
Authored by Google Security Research, natashenka

There is a crash when the AVC decoder in Adobe Flash attempts to free memory, likely indicating memory corruption.

tags | exploit
advisories | CVE-2016-4275
SHA-256 | 06f1eb077ee1f466f06c46622473b0779c4d14ab7e40da39791e487f6e4b64d7
Microsoft Windows NtLoadKeyEx User Hive Attachment Point Privilege Elevation
Posted Sep 23, 2016
Authored by Google Security Research, forshaw

The NtLoadKeyEx system call allows an unprivileged user to load registry hives outside of the \Registry\A hidden attachment point which can be used to elevate privileges.

tags | exploit, registry
advisories | CVE-2016-3371
SHA-256 | 8d30ef721f9061806e06019063b62bba9b734dca044a593c1486cd66752e5a4c
3GP Player 4.7.0 DLL Hijacking
Posted Sep 23, 2016
Authored by Vulnerability Laboratory, ZwX | Site vulnerability-lab.com

3GP Player version 4.7.0 suffers from a dll hijacking vulnerability.

tags | exploit
SHA-256 | cd1e5b25c4b560a8aa1e6f52c36a9d7966d409e46b740534aaed94d96856a7bd
TeemIp 2.0.2 Cross Site Scripting
Posted Sep 23, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

TeemIp version 2.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e9651cc9a994c941160fe4eff7d441d0d4b078f225fe55d5bb574d51f3d043a7
Microsoft Windows RegLoadAppKey Privilege Elevation
Posted Sep 23, 2016
Authored by Google Security Research, forshaw

RegLoadAppKey is documented to load keys in a location which can't be enumerated and also non-guessable. However it's possible to enumerate loaded hives and find ones which can be written to which might lead to elevation of privilege.

tags | exploit
advisories | CVE-2016-3373
SHA-256 | 50c93d6edf7373f14720ed5465ad2648ccee020f4b5cd9cc0c2668913eeff08c
AnyDesk 2.5.0 Privilege Escalation
Posted Sep 23, 2016
Authored by Tulpa

AnyDesk version 2.5.0 unquoted service path suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 92ad5e6b35cf13236db03284b2ac821f2900ea60be7fe80dc8fd0506ae549709
Microix Timesheet Module SQL Injection
Posted Sep 23, 2016
Authored by Anthony Cole

Microix Timesheet module suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e9681cf5b3fb25defe0b1327e394183a1e9c20555cedb572657238be031bb98d
Matrimonial Website Script 1.0.2 SQL Injection
Posted Sep 23, 2016
Authored by Cyber Warrior

Matrimonial Website Script version 1.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bed563ed172429e088c80895a58e2ac102e7a092b19a36090a306aba262750bc
Page 2 of 8
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close