exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 283 RSS Feed

Files

Packet Storm New Exploits For May, 2018
Posted Jun 4, 2018
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 282 exploits added to Packet Storm in May, 2018.

tags | exploit
SHA-256 | 04933a411b50a008b68e42c5b64c7618d95389f005dc2bd14803fe6400d304d7
Download | Favorite | View
Quest KACE System Management Appliance 8.0 (Build 8.0.318) XSS / Traversal / Code Execution / SQL Injection
Posted May 31, 2018
Authored by Core Security Technologies, Leandro Barragan, Guido Leo | Site coresecurity.com

Quest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection
advisories | CVE-2018-11132, CVE-2018-11133, CVE-2018-11134, CVE-2018-11135, CVE-2018-11136, CVE-2018-11137, CVE-2018-11138, CVE-2018-11139, CVE-2018-11140, CVE-2018-11141, CVE-2018-11142
SHA-256 | fd18c79b0364edc307ae0073788f224ea5fd016ba9223e6018267eb9911d3f41
Download | Favorite | View
Windows UAC Protection Bypass (Via Slui File Handler Hijack)
Posted May 31, 2018
Authored by bytecode-77, gushmazuko | Site metasploit.com

This Metasploit module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. When we run slui.exe with changed Registry key (HKCU:\Software\Classes\exefile\shell\open\command), it will run our custom command as Admin instead of slui.exe. The module modifies the registry in order for this exploit to work. The modification is reverted once the exploitation attempt has finished. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting the payload in a different process.

tags | exploit, shell, registry
systems | windows
SHA-256 | 52eae7699fd217998bd9f71d972ca94c711fbd59761cf10ee7f2ba42b345263e
Download | Favorite | View
Quest DR Series Disk Backup Software 4.0.3 Code Execution
Posted May 31, 2018
Authored by Core Security Technologies, Maximiliano Vidal | Site coresecurity.com

Quest DR Series Disk Backup Software version 4.0.3 suffers from multiple code execution vulnerabilities.

tags | exploit, vulnerability, code execution
advisories | CVE-2018-11143, CVE-2018-11144, CVE-2018-11145, CVE-2018-11146, CVE-2018-11147, CVE-2018-11148, CVE-2018-11149, CVE-2018-11150, CVE-2018-11151, CVE-2018-11152, CVE-2018-11153, CVE-2018-11154, CVE-2018-11155, CVE-2018-11156, CVE-2018-11157, CVE-2018-11158, CVE-2018-11159, CVE-2018-11160, CVE-2018-11161, CVE-2018-11162, CVE-2018-11163, CVE-2018-11164, CVE-2018-11165, CVE-2018-11166, CVE-2018-11167, CVE-2018-11168
SHA-256 | e313c1bcf4d85337e78155dc912283a22293cddaadd03f8b4acb51929c7e6e8c
Download | Favorite | View
PageKit CMS 1.0.13 Cross Site Scripting
Posted May 31, 2018
Authored by Jason Perry

PageKit CMS version 1.0.13 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-11564
SHA-256 | 159b4f9b84d35d3f6a1f5d3bf55f4ab55a5d7c9402cba628709a4c7655460b17
Download | Favorite | View
TAC Xenta 511 / 911 Credential Disclosure
Posted May 31, 2018
Authored by Marek Cybul

TAC Xenta 511 and 911 suffer from a credential disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 90952fc563068e757f870ef57c9c2fb11c036d0d9a431a036bcc222061093dcc
Download | Favorite | View
New STAR 2.1 Cross Site Scripting / SQL Injection
Posted May 31, 2018
Authored by Kagan Capar

New STAR version 2.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 942f181d2cef121670ac4505bb620b06890b8ed43bc51798794f718651dabde2
Download | Favorite | View
PHP Dashboards NEW 5.5 SQL Injection
Posted May 31, 2018
Authored by Kagan Capar

PHP Dashboards NEW version 5.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 3a0a42771f077f731c8acfd860f24ce43b9da0dd368e67e85cd17bf005c119b5
Download | Favorite | View
CSV Import And Export 1.1.0 Cross Site Scripting / SQL Injection
Posted May 31, 2018
Authored by Kagan Capar

CSV Import and Export version 1.1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 08bf99e3c3d9f328e9bffab76058387d5d908cb206308aad51b9c5313e0d68f3
Download | Favorite | View
Grid Pro Big Data 1.0 SQL Injection
Posted May 31, 2018
Authored by Kagan Capar

Grid Pro Big Data version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b1a5b6b5ec54dcb35948fe2e94789131e2272e1fcfa3162ded64b1df27330a98
Download | Favorite | View
Chitasoft 3.6.2 SQL Injection
Posted May 31, 2018
Authored by Hesam Bazvand

Chitasoft version 3.6.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b8e6ee3398abdd19039b38944eaffefcc4f40997b47c4b627b90f1c62624af70
Download | Favorite | View
Brother HL-L2340D / HL-L2380DW Cross Site Scripting
Posted May 31, 2018
Authored by Huy Kha

Brother HL-L2340D and HL-L2380DW suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 619bdaaa6484db813096e9f60d0936c2648c7b469e6a7525ec8533294ee85f8a
Download | Favorite | View
AXON PBX 2.02 Cross Site Scripting
Posted May 31, 2018
Authored by Himanshu Mehta

AXON PBX version 2.02 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-11552
SHA-256 | 04a666c41333b5f3a6da50e9ea1dbdebeff05424793da848b007b56096f2c465
Download | Favorite | View
AXON PBX 2.02 DLL Hijacking
Posted May 31, 2018
Authored by Himanshu Mehta

AXON PBX version 2.02 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2018-11551
SHA-256 | c680c40bb9644184c45d660a62e2391edc86949192449483678e312f79d2cc46
Download | Favorite | View
Microsoft Edge Chakra EntrySimpleObjectSlotGetter Type Confusion
Posted May 31, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an issue where EntrySimpleObjectSlotGetter can have side effects that cause a type confusion vulnerability.

tags | exploit
advisories | CVE-2018-8133
SHA-256 | dac02c231e7c37da88c204ab8918570d1df7d88c3ea07b2805f9d5afd9081f44
Download | Favorite | View
Yosoro 1.0.4 Remote Code Execution
Posted May 30, 2018
Authored by Carlo Pelliccioni

Yosoro version 1.0.4 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-11522
SHA-256 | 7ebfcb5f927d2791d4ad3186d92053dff609b0e0eae2397210d02318bce6c105
Download | Favorite | View
GNU Barcode 0.99 Memory Leak
Posted May 30, 2018
Authored by LiquidWorm | Site zeroscience.mk

GNU Barcode version 0.99 suffers from a memory leak vulnerability.

tags | exploit, memory leak
SHA-256 | 9168ddd45efc4cc42aff07ec7a49258b7cb156acba0d7c06c76bf35c9ae2d1bc
Download | Favorite | View
Siemens SIMATIC S7-300 CPU Denial Of Service
Posted May 30, 2018
Authored by t4rkd3vilz

Siemens SIMATIC S7-300 CPU suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2015-2177
SHA-256 | afae74f6c927aaed832e67208dcc0484a377f93c907966f4d2b1a577e4eb09d5
Download | Favorite | View
SearchBlox 8.6.6 Cross Site Request Forgery
Posted May 30, 2018
Authored by Canberk BOLAT, Ahmet Gurel

SearchBlox version 8.6.6 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2018-11538
SHA-256 | 25278c33e75a22e31d96f8b4e5718da4dbacdb00597fb469fef40a4f0f09c1d9
Download | Favorite | View
IBM QRadar SIEM Code Execution / Authentication Bypass
Posted May 29, 2018
Authored by Pedro Ribeiro

IBM QRadar SIEM versions prior to 7.3.1 Patch 3 or 7.2.8 Patch 28 suffer from authentication bypass, code execution, and privilege escalation vulnerabilities.

tags | exploit, vulnerability, code execution
advisories | CVE-2018-1418
SHA-256 | 09d2ce6f6bb5af6c230e14fb58055683cecf02e7b8d5fa6519e44d12f4118a15
Download | Favorite | View
GNU Barcode 0.99 Buffer Overflow
Posted May 29, 2018
Authored by LiquidWorm | Site zeroscience.mk

GNU Barcode version 0.99 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | fbe0caf709c2a729a4f377d31d01707a6ff4588d473c3a49a7b628fb46d5df69
Download | Favorite | View
Vgate iCar2 WiFi OBD2 Dongle Inadequate Access Protections
Posted May 29, 2018
Authored by T. Weber | Site sec-consult.com

Vgate iCar2 WiFi OBD2 dongles suffer from having unprotected wifi access and unencrypted data transfer mechanisms alongside unauthenticated access to on-board diagnostics.

tags | exploit
advisories | CVE-2018-11476, CVE-2018-11477, CVE-2018-11478
SHA-256 | bd3bbe4b860b8670cff9df02a11d912d9ac2b5fc349324356a7837a8af5e447b
Download | Favorite | View
Facebook Clone Script 1.0.5 SQL Injection
Posted May 29, 2018
Authored by Borna Nematzadeh

Facebook Clone Script version 1.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ff6ad977b79f5bc8eace2a2ced9ade0801422fd985e70ee4e78b1a0a47435eef
Download | Favorite | View
foilChat Sign Up Email PIN Confirmation Bypass
Posted May 29, 2018
Authored by Harry Sintonen

The foilChat backend fails to prevent brute force attempts of the PIN code. An attacker can attempt all 10000 different PIN codes until the correct one is found, and then use the correct PIN to complete the registration.

tags | exploit, bypass
SHA-256 | a7b76e238cdcac06ca5048bc7322bc06668b0a3e78ef4545e1699f1b0c8f632f
Download | Favorite | View
Pivotal Spring Java Framework 5.0.x Remote Code Execution
Posted May 29, 2018
Authored by Jameel Nabbo

Pivotal Spring Java Framework versions 5.0.x and below suffer from a remote code execution vulnerability.

tags | exploit, java, remote, code execution
advisories | CVE-2018-1270
SHA-256 | 087734b5669bd630cd35fdbf2949d5549fe449eabe22b9c19c3956d3e1cd2462
Download | Favorite | View
Page 1 of 12
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Google Patches Critical Chrome Vulnerability
Posted Apr 24, 2024

tags | headline, flaw, google, patch, chrome
Favorite | View
Hackers Are Using Developing Countries For Ransomware Practice
Posted Apr 24, 2024

tags | headline, hacker, malware, cybercrime, fraud, cryptography
Favorite | View
Authorities Investigate LabHost Users After Phishing Service Shutdown
Posted Apr 23, 2024

tags | headline, cybercrime, fraud, phish
Favorite | View
Windows Vulnerability Reported By The NSA Exploited To Install Russian Malware
Posted Apr 23, 2024

tags | headline, government, microsoft, usa, russia, flaw, cyberwar, spyware, nsa
Favorite | View
UnitedHealth Admits Breach Could Cover Substantial Proportion Of People In America
Posted Apr 23, 2024

tags | headline, hacker, privacy, data loss
Favorite | View
Microsoft DRM Hack Could Allow Movie Downloads From Streaming
Posted Apr 23, 2024

tags | headline, microsoft, flaw, pirate
Favorite | View
Over A Million Neighbourhood Watch Members Exposed
Posted Apr 23, 2024

tags | headline, privacy, britain, data loss
Favorite | View
MITRE Hacked By State Sponsored Group Via Ivanti Zero Days
Posted Apr 23, 2024

tags | headline, hacker, government
Favorite | View
Russia's Sandworm APT Linked To Attack On Texas Water Plant
Posted Apr 18, 2024

tags | headline, malware, usa, russia, cyberwar, scada
Favorite | View
EU Tells Meta It Can't Paywall Privacy
Posted Apr 18, 2024

tags | headline, government, privacy, facebook, social
Favorite | View
View More News →
packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close