exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 123 RSS Feed

Files

Packet Storm New Exploits For 2021
Posted Jan 1, 2022
Authored by Todd J. | Site packetstormsecurity.com

Complete comprehensive archive of all 2,124 exploits added to Packet Storm in 2021.

tags | exploit
SHA-256 | b7f13cb98fb7c8149a410a1b37e37aea6681aa5615e242fa10edd124bd4eceb3
Packet Storm New Exploits For December, 2021
Posted Jan 1, 2022
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 121 exploits added to Packet Storm in December, 2021.

tags | exploit
SHA-256 | 7871fe06c6472609af5db8722cadc21ae86d50b3517d3f9a3b22b06498f8348a
ManageEngine ServiceDesk Plus Remote Code Execution
Posted Dec 28, 2021
Authored by wvu, Y4er | Site metasploit.com

This Metasploit module exploits CVE-2021-44077, an unauthenticated remote code execution vulnerability in ManageEngine ServiceDesk Plus, to upload an EXE (msiexec.exe) and execute it as the SYSTEM account. Note that build 11305 is vulnerable to the authentication bypass but not the file upload. The module will check for an exploitable build.

tags | exploit, remote, code execution, file upload
advisories | CVE-2021-44077
SHA-256 | 244ae2538bc9ec8f90e308561999a95ddf997764203cb31dbd2e32b039b73273
Terramaster F4-210 / F2-210 Remote Code Execution
Posted Dec 28, 2021
Authored by n0tme | Site thatsn0tmy.site

Terramaster F4-210 and F2-210 chained exploit that performs session crafting to achieve escalated privileges that then allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.x are affected.

tags | exploit, code execution
SHA-256 | 280fe87f73ebbd9b65c98174e56a305596930cb8ba4ec478c59ce61cce93ca5f
Backdoor.Win32.FTP.Simpel.12 MVID-2021-0433 Insecure Crypto Implementation
Posted Dec 28, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.FTP.Simpel.12 malware uses MD5 with no salt for password storage.

tags | exploit
systems | windows
SHA-256 | fa0bad4b0d1e6b7e848560c99ab47053d8b73f2a4bcf7e8f3d5dbe9918824375
Windows Explorer Preview Pane HTML File Link Spoofing
Posted Dec 28, 2021
Authored by Eduardo Braun Prado

The Windows Explorer Preview Pane feature allows for spoofing of links contained in an HTML based file because upon moving the mouse over the link nothing happens and it cannot be right-clicked to show the actual target.

tags | exploit, spoof
systems | windows
SHA-256 | 1275b5aeba88545381a682189becb0cad4288ce1bb6d7f8098c04512d9cff739
Backdoor.Win32.FTP.Simpel.12 MVID-2021-0432 Man-In-The-Middle
Posted Dec 28, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.FTP.Simpel.12 malware suffers from a man-in-the-middle vulnerability.

tags | exploit
systems | windows
SHA-256 | 6e5c371fe9d4183ded36eebcaa977f36dc3de85aaea04405823bc486dd893bc3
Backdoor.Win32.Visiotrol.10 MVID-2021-0431 Insecure Password Storage
Posted Dec 28, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Visiotrol.10 malware suffers from an insecure password storage vulnerability.

tags | exploit
systems | windows
SHA-256 | 26006253cbf2950c7d2354800cbbf3814299c513dd0af87e124bf174be43d8bc
Microsoft Windows Explorer Preview Pane Security Bypass
Posted Dec 28, 2021
Authored by Eduardo Braun Prado

Previewing a WMA/WMV media format on Windows Explorer through its Preview Pane causes embedded URLs to be automatically opened in the default browser without displaying any prompt.

tags | exploit
systems | windows
SHA-256 | 98dcb4f9d45ba81e279bbac6bb698eabf35adbe152670fa610b74e3e1a69a142
Accu-Time Systems MAXIMUS 1.0 Buffer Overflow / Denial Of Service
Posted Dec 23, 2021
Authored by Yehia Elghaly

Accu-Time Systems MAXIMUS version 1.0 telnetd buffer overflow exploit that causes a denial of service condition.

tags | exploit, denial of service, overflow
SHA-256 | cb3f083fd9c31138bd2a66a3b9e0bb7a525331fdb5bc662e830c2b1678f2e60c
Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets
Posted Dec 21, 2021
Authored by protostsu

Aver EVC300 firmware version 00.10.16.36 suffers from having multiple hard-coded secrets that can allow for access bypass.

tags | exploit, bypass
SHA-256 | 6c8b58eebefab883a476e7c0e7a31db4a47012aef0195c394bc77695927b4f87
Exponent CMS 2.6 Cross Site Scripting / Brute Force
Posted Dec 21, 2021
Authored by heinjame

Exponent CMS version 2.6 suffers from cross site scripting and brute forcing vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | ea1e4aaf18aef9097d35dcd6da19c02f95fd59f385a7feb1cf9542eeb9afd9e8
phpKF CMS 3.00 Beta y6 Remote Code Execution
Posted Dec 21, 2021
Authored by Halit Akaydin

phpKF CMS version 3.00 Beta y6 unauthenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | f7242ccdc636c8bb776ba9042add92824daf4fdb254368f1fb1e6ed2544a8783
WBCE CMS 1.5.1 Admin Password Reset
Posted Dec 21, 2021
Authored by citril

WBCE CMS versions 1.5.1 and below suffer from an administrative password reset vulnerability.

tags | exploit
advisories | CVE-2021-3817
SHA-256 | 5f7737dbac2310dd0d2fc1d5f0b3bac5f2031d8c66a536c6c1ee2a4b5138f60a
WordPress Popular Posts 5.3.2 Remote Code Execution
Posted Dec 20, 2021
Authored by h00die, Simone Cristofaro, Jerome Bruandet | Site metasploit.com

This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address (192/172/127/10). The server must also respond to a HEAD request for the payload, prior to getting a GET request. This exploit leverages an authenticated improper input validation in WordPress plugin Popular Posts versions 5.3.2 and below. The exploit chain is rather complicated. Authentication is required and gd for PHP is required on the server. Then the Popular Post plugin is reconfigured to allow for an arbitrary URL for the post image in the widget. A post is made, then requests are sent to the post to make it more popular than the previous #1 by 5. Once the post hits the top 5, and after a 60 second server cache refresh (the exploit waits 90 seconds), the homepage widget is loaded which triggers the plugin to download the payload from the server. The payload has a GIF header, and a double extension (.gif.php) allowing for arbitrary PHP code to be executed.

tags | exploit, web, arbitrary, php
advisories | CVE-2021-42362
SHA-256 | 90db5fa8de8fdf34a913230d5320fbeba171c2aac53e75371d7b3d5919bde065
Bazaar Web PHP Social Listings Shell Upload
Posted Dec 20, 2021
Authored by Sohel Yousef

Bazaar Web PHP Social Listings suffers from a remote shell upload vulnerability.

tags | exploit, remote, web, shell, php
SHA-256 | f1629de60b9c1c66f85917fe4e27cf490f6caab55d5182d2047cf1df6cde10ab
Video Sharing Website 1.0 SQL Injection
Posted Dec 20, 2021
Authored by nu11secur1ty

Video Sharing Website version 1.0 appears to suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2784313c95a531246f7199e48b5fedc0ea6d5e52978a87d8aae64cb4c78d0d35
Signup PHP Portal 2.1 Shell Upload
Posted Dec 20, 2021
Authored by Sohel Yousef

Signup PHP Portal version 2.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, php
SHA-256 | 0ffc78db1554cc2312874b940b014bebbe2e06854b885e74b9060727a2e56e98
Alfa Team Shell Tesla 4.1 Remote Code Execution
Posted Dec 20, 2021
Authored by Aryan Chehreghani

Alfa Team Shell Tesla version 4.1 suffers from a remote code execution vulnerability.

tags | exploit, remote, shell, code execution
SHA-256 | 363374659febefa3f6d3f2659c5f5631aa41a3d73f84debd925e4dccbd81a349
Android VM_MAYWRITE Access To Shared Zygote JIT Mapping
Posted Dec 17, 2021
Authored by Jann Horn, Google Security Research

This bug report describes a vulnerability in ART that allows normal applications to insert arbitrary code into unused executable memory in zygote and other applications.

tags | exploit, arbitrary
advisories | CVE-2021-0959
SHA-256 | 0b76a7bc1be55f6a0ca439ea53194142e663f42e1e49261458b945a5c953244c
Backdoor.Win32.Mellpon.b MVID-2021-0430 Information Disclosure
Posted Dec 17, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Mellpon.b malware suffers from an information leakage vulnerability.

tags | exploit
systems | windows
SHA-256 | 761ceb8f508d6adbdde19c1cce59fa938edd0d4afe1594bd485de400ed400385
Backdoor.Win32.BNLite MVID-2021-0429 Buffer Overflow
Posted Dec 17, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.BNLite malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
SHA-256 | 01bbd555cf9dca685c3ed68fd11fa393896d1ba2c6714e8b296fcfdf331a2623
Chrome NavigationPreloadRequest Site Isolation Bypass
Posted Dec 16, 2021
Authored by Google Security Research, Glazvunov

Chrome suffers from a site isolation bypass vulnerability in NavigationPreloadRequest.

tags | exploit, bypass
advisories | CVE-2021-38010
SHA-256 | c9ae23bee94814ab6b61e9a833062d8e293e2578a25f1bb12700b1b43ab9d235
Chrome ThreadedIconLoader::DecodeAndResizeImageOnBackgroundThread Heap Use-After-Free
Posted Dec 16, 2021
Authored by Google Security Research, Glazvunov

Chrome suffers from a heap use-after-free vulnerability in ThreadedIconLoader::DecodeAndResizeImageOnBackgroundThread.

tags | exploit
advisories | CVE-2021-38005
SHA-256 | 71808e6bb0dde08cb3a27713b43d7dc091dfb113ccf137e1c64ebecc641c8d58
Chrome blink::NativeIOFile::DoRead Heap Use-After-Free
Posted Dec 16, 2021
Authored by Google Security Research, Glazvunov

Chrome suffers from a heap use-after-free vulnerability in blink::NativeIOFile::DoRead.

tags | exploit
advisories | CVE-2021-38006
SHA-256 | c59d2ce9fc476860bcf31c9b55f9ea51508a55eab0465bddfe51b527a15f6556
Page 1 of 5
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close