Exploit the possiblities
Showing 1 - 25 of 259 RSS Feed

Files

Packet Storm New Exploits For April, 2017
Posted May 1, 2017
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 258 exploits added to Packet Storm in April, 2017.

tags | exploit
MD5 | b50dd431b2fa066bd00f3da2874f4a5c
Emby MediaServer 3.2.5 Directory Traversal
Posted Apr 30, 2017
Authored by LiquidWorm | Site zeroscience.mk

Emby MediaServer version 3.2.5 suffers from a directory traversal vulnerability that allows for arbitrary file disclosure.

tags | exploit, arbitrary
MD5 | d0e77200f0f0e8207eb440954f30658f
Emby MediaServer 3.2.5 Reflected Cross Site Scripting
Posted Apr 30, 2017
Authored by LiquidWorm | Site zeroscience.mk

Emby MediaServer version 3.2.5 suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the URL path filename when handling 'not found' errors. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

tags | exploit, arbitrary
MD5 | de3ade950678067a800aa9e801f9765d
Emby MediaServer 3.2.5 Password Reset
Posted Apr 30, 2017
Authored by LiquidWorm | Site zeroscience.mk

Emby MediaServer version 3.2.5 suffers from a password reset vulnerability.

tags | exploit
MD5 | 6893ef995ae09d29119938b846edec45
Emby MediaServer 3.2.5 Boolean-based Blind SQL Injection
Posted Apr 30, 2017
Authored by LiquidWorm | Site zeroscience.mk

Emby MediaServer version 3.2.5 suffers from a blind SQL injection vulnerability. Input passed via the GET parameter 'MediaTypes' is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

tags | exploit, arbitrary, sql injection
MD5 | fcd05f4cb126399421ca66c317e2927d
HideMyAss Pro VPN Client 3.3.0.3 Privilege Escalation
Posted Apr 30, 2017
Authored by Han Sahin

HideMyAss Pro VPN client version 3.3.0.3 for OS X suffers from a helper binary (com.privax.hmaprovpn.helper) local privilege escalation vulnerability.

tags | exploit, local
systems | apple, osx
MD5 | dbab384b2c2cf9076d625633efca65ab
HideMyAss Pro VPN Client 2.2.7.0 Privilege Escalation
Posted Apr 29, 2017
Authored by Han Sahin

HideMyAss Pro VPN client version 2.2.7.0 for OS X suffers from a helper binary (HMAHelper) local privilege escalation vulnerability.

tags | exploit, local
systems | apple, osx
MD5 | 4e9c69f81809b928fa5fb9a01e6fd6c7
SyntaxHighlight 2.0 MediaWiki 1.28.0 Stored Cross Site Scripting
Posted Apr 29, 2017
Authored by Yorick Koster, Securify B.V.

A vulnerability was found in the SyntaxHighlight MediaWiki extension. Using this vulnerability it is possible for an anonymous attacker to pass arbitrary options to the Pygments library. By specifying specially crafted options, it is possible for an attacker to trigger a (stored) cross site scripting condition. In addition, it allows the creating of arbitrary files containing user-controllable data. Depending on the server configuration, this can be used by an anonymous attacker to execute arbitrary PHP code. This issue was tested on SyntaxHighlight version 2.0 as bundled with MediaWiki version 1.28.0.

tags | exploit, arbitrary, php, xss
advisories | CVE-2017-0372
MD5 | c2f465d0fafdbcf4b9a63fb413f084f5
Tuleap 9.6.99.86 Command Injection
Posted Apr 29, 2017
Authored by Ben N

Tuleap versions between 8.3 and 9.6.99.86 suffer from a remote command injection vulnerability.

tags | exploit, remote
advisories | CVE-2017-7981
MD5 | 20d23fc7b97753cd5df0992bb805d536
Panda Cloud Antivirus Free 18.0 Denial Of Service
Posted Apr 29, 2017
Authored by Peter Baris

Panda Cloud Antivirus Free version 18.0 suffers from a PSKMAD.sys denial of service vulnerability.

tags | exploit, denial of service
MD5 | d950ffc02fa4db2f7b281b9cf8a32709
IrfanView 4.44 Denial Of Service
Posted Apr 29, 2017
Authored by Dreivan Orprecio

IrfanView version 4.44 suffers from an overflow vulnerability.

tags | exploit, denial of service, overflow
MD5 | 24111c1a84f0548efeb3626dc4e44716
Live Helper Chat 2.58v Cross Site Scripting
Posted Apr 27, 2017
Authored by Sylvain Heiniger

Live Helper Chat versions 2.06v through 2.58v suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | eac74b8c82e6af650a63fda1f1be2590
Alerton Webtalk 2.5 / 3.3 Hash Disclosure / CSRF / Command Injection
Posted Apr 27, 2017
Authored by David Tomaschik

Alerton Webtalk versions 2.5 and 3.3 suffer from cross site request forgery, password hash disclosure, command injection, and login flow vulnerabilities.

tags | exploit, vulnerability, file inclusion, info disclosure, csrf
MD5 | 6e847214fd97cdfd1149ec741c350114
Microsoft Internet Explorer CStyleSheetArray::BuildListOfMatchedRules Memory Corruption
Posted Apr 27, 2017
Authored by Ivan Fratric, Google Security Research

There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability was confirmed on version 11.576.14393.0 (update version 11.0.38) running on Windows 10 64-bit with page heap enabled for iexplore.exe process.

tags | exploit
systems | windows
advisories | CVE-2017-0202
MD5 | c84b10c1134ad272ca9b6c3a6c0ca2ff
Simple File Uploader Arbitrary File Download
Posted Apr 27, 2017
Authored by Daniel Godoy

Simple File Uploader suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 713425749a6e6dd4ceeeabcae05ad404
Easy File Uploader Remote Shell Upload
Posted Apr 27, 2017
Authored by Daniel Godoy

Easy File Uploader suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | 8ac3610167d2a6610763fae78f9e7f29
TYPO3 News Module SQL Injection
Posted Apr 27, 2017
Authored by Charles FOL

The TYPO3 News module suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c228a9bf723e2701aa1a67c101072d81
Mercurial Custom hg-ssh Wrapper Remote Code Execution
Posted Apr 26, 2017
Authored by claudijd | Site metasploit.com

This Metasploit module takes advantage of custom hg-ssh wrapper implementations that don't adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution.

tags | exploit, arbitrary, code execution, python
MD5 | 84d44fdb3c43165b047bb08d12580e29
LightDM (Ubuntu 16.04/16.10) Privilege Escalation
Posted Apr 26, 2017
Authored by G. Geshev

This advisory describes a local privilege escalation via guest-account in LightDM found in Ubuntu versions 16.10 / 16.04 LTS.

tags | exploit, local
systems | linux, ubuntu
advisories | CVE-2017-7358
MD5 | b35987d1c375a794afa81e4d246b7833
Revive Ad Server 4.0.1 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 26, 2017
Authored by Cyril Vallicari

Revive Ad Server version 4.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 6c840719116c4524856ae14367977595
WordPress KittyCatfish 2.2 SQL Injection
Posted Apr 26, 2017
Authored by TAD GROUP

WordPress KittyCatfish plugin version 2.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ee349d5626e65bb67f72226960c29ec0
WordPress Car Rental System 2.5 SQL Injection
Posted Apr 26, 2017
Authored by TAD GROUP

WordPress Car Rental System plugin version 2.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 410c8655e6260bbdbbfe46359f415cb9
WordPress Wow Viral Signups 2.1 SQL Injection
Posted Apr 26, 2017
Authored by TAD GROUP

WordPress Wow Viral Signups plugin version 2.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8f9939f78c5d524472687755af0b5e6a
Joomla jDBexport 3.2.10 Cross Site Scripting / Path Disclosure
Posted Apr 26, 2017
Authored by Mojtaba MobhaM

Joomla jDBexport component version 3.2.10 suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | 2723a152193a0bca3bebed06e7adad35
WordPress Wow Forms 2.1 SQL Injection
Posted Apr 26, 2017
Authored by TAD GROUP

WordPress Wow Forms plugin version 2.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0e2deca3be8f08e52ee6a0c7adde4439
Page 1 of 11
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
PlexCoin Scam Founder Sentenced To Jail And Fined $10k
Posted Dec 10, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, cybercrime, fraud, scam, cryptography
Google Lifts Lid On FBI Data Requests: Now You Can Read Actual Letters Online
Posted Dec 9, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, government, privacy, usa, google, fbi
Android Flaw Lets Attack Code Slip Into Signed Apps
Posted Dec 9, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, malware, phone, flaw, google
Millions Stolen In NiceHash Bitcoin Heist
Posted Dec 9, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, hacker, cybercrime, fraud, cryptography
Apple HomeKit Flaw Left Smart Gadgets Vulnerable
Posted Dec 9, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, flaw, apple
Intel Management Engine Pwned By Buffer Overflow
Posted Dec 7, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, hacker, flaw, conference, intel
Google Steps Up Browser Rivalry With Site Isolation Security
Posted Dec 7, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, google, chrome
Ajit Pai Falsely Claims Killing Net Neutrality Helps The Sick
Posted Dec 7, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, government, usa, fraud
Bitcoin Breaks Through The $15,000 Mark
Posted Dec 7, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, cryptography
CryptoKitties Craze Slows Down Transactions On Ethereum
Posted Dec 6, 2017

This is an article straight from the wires, you can read the full story here.

tags | headline, denial of service, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close