seeing is believing
Showing 1 - 25 of 29 RSS Feed

Files from DefenseCode

Email addressdefensecode at defensecode.com
First Active2012-11-13
Last Active2017-08-07
WordPress Podlove Podcast Publisher 2.5.3 SQL Injection
Posted Aug 7, 2017
Authored by DefenseCode, Neven Biruski

WordPress Podlove Podcast Publisher plugin versions 2.5.3 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7644c1e718ad96e70260bb88694784a8
WordPress PressForward 4.3.0 Cross Site Scripting
Posted Aug 7, 2017
Authored by DefenseCode, Neven Biruski

WordPress PressForward plugin versions 4.3.0 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c1bc43011a404f94f827c88a862b2af5
WordPress Easy Modal 2.0.17 SQL Injection
Posted Aug 7, 2017
Authored by DefenseCode, Neven Biruski

WordPress Easy Modal plugin versions 2.0.17 and below suffer multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 542c9307580448eb3f35d4186895bd12
IBM Informix 12.10 DB-Access Buffer Overflow
Posted Jul 12, 2017
Authored by Leon Juranic, DefenseCode, Bosko Stankovic

IBM Informix DB-Access utility is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. The vulnerability is triggered by providing an overly long file parameter value inside a LOAD statement, which is used to insert data from an operating-system file into an existing table or view. Version 12.10 is affected.

tags | exploit, overflow, arbitrary
MD5 | a6b494ac98eda0f50077d89e22e9c8cf
IBM DB2 Command Line Processor Buffer Overflow
Posted Jun 26, 2017
Authored by Leon Juranic, DefenseCode

IBM DB2 versions 9.7, 10.1, 10.5, and 11.1 suffer from a command line process buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2017-1297
MD5 | 5d5fdc9afef069a12acc4631e4723b9a
WordPress No External Links 3.5.17 Cross Site Scripting
Posted Jun 2, 2017
Authored by DefenseCode, Neven Biruski

WordPress No External Links plugin versions 3.5.17 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | ee7fddf32f860d0d45b3a0bffdf6d2e6
WordPress Tribulant Newsletters 4.6.4.2 XSS / File Disclosure
Posted Jun 2, 2017
Authored by DefenseCode, Neven Biruski

WordPress Tribulant Newsletters plugin versions 4.6.4.2 and below suffer from cross site scripting and file disclosure vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | b670de76da3bd53baa8500a2963d55cf
WordPress Simple Slideshow Manager 2.2 Cross Site Scripting
Posted May 31, 2017
Authored by DefenseCode, Neven Biruski

WordPress Simple Slideshow Manager plugin versions 2.2 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 6cafb010fb20043a5898706c8f032a6d
WordPress AffiliateWP 2.0.8 Cross Site Scripting
Posted May 27, 2017
Authored by DefenseCode, Neven Biruski

WordPress AffiliateWP plugin versions 2.0.8 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | c6a3f59b74239220d0fd9a314f2789bb
WordPress Huge-IT Video Gallery 2.0.4 SQL Injection
Posted May 27, 2017
Authored by DefenseCode, Neven Biruski

WordPress Huge-IT Video Gallery plugin version 2.0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7336919c380a0e84f16a4d0d5f7ce533
WordPress All In One Schema.org Rich Snippets 1.4.1 XSS
Posted May 27, 2017
Authored by DefenseCode, Neven Biruski

WordPress All In One Schema.org Rich Snippets plugin versions 1.4.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9483a5c6080370a01f53f222fa918972
Google API PHP Client 2.1.3 Cross Site Scripting
Posted May 12, 2017
Authored by Leon Juranic, DefenseCode

google-api-php-client versions 2.1.3 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
MD5 | 01570bb024997801f85e3290dadda5ef
WordPress User Access Manager 1.2.14 Cross Site Scripting
Posted May 11, 2017
Authored by DefenseCode, Neven Biruski

WordPress User Access Manager plugin versions 1.2.14 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4a21b4350764ab31170566267c4ac18b
WordPress Tracking Code Manager 1.11.1 XSS / DoS
Posted May 11, 2017
Authored by DefenseCode, Neven Biruski

WordPress Tracking Code Manager plugin versions 1.11.1 and below suffer from cross site scripting and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
MD5 | d3ef28a36eeaf037536c1dd1e0a8b4b8
WordPress WebDorado Gallery 1.3.29 SQL Injection
Posted May 5, 2017
Authored by DefenseCode, Neven Biruski

WordPress WebDorado Gallery plugin versions 1.3.29 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0e0eefadee755b444571e29ec3efdbcf
WordPress Spider Event Calendar 1.5.49 SQL Injection
Posted May 5, 2017
Authored by DefenseCode, Neven Biruski

WordPress Spider Event Calendar plugin versions 1.5.49 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 6173b28ce5d393ee0b49909e4b50ce45
WordPress Facebook 1.0.13 SQL Injection
Posted May 5, 2017
Authored by DefenseCode, Neven Biruski

WordPress Facebook plugin versions 1.0.13 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 48750895bceff41e1f56dec35cc34df9
WordPress AccessPress Social Icons 1.6.6 SQL Injection
Posted Apr 21, 2017
Authored by DefenseCode, Neven Biruski

WordPress AccessPress Social Icons plugin versions 1.6.6 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 9d14bcc50dc1e82357572a79e09e747e
WordPress Ultimate Form Builder Cross Site Scripting
Posted Apr 19, 2017
Authored by DefenseCode, Neven Biruski

WordPress Ultimate Form Builder plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b73d6d904bedc435f3d2dff13d9d57eb
Magento 2.1.6 Shell Upload / Cross Site Request Forgery
Posted Apr 13, 2017
Authored by DefenseCode, Bosko Stankovic

Magento versions 2.1.6 and below suffers from cross site request forgery and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, csrf
MD5 | 7eac7c985713b9e6f32be4da1b6565bb
WordPress BestWebSoft XSS / CSRF
Posted Apr 13, 2017
Authored by DefenseCode, Neven Biruski

53+ WordPress plugins by BestWebSoft suffer from cross site scripting and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 265031dbb6abada51eb891db78c25fcd
WordPress Tribulant Slideshow Gallery 1.6.5 Cross Site Scripting
Posted Apr 10, 2017
Authored by DefenseCode, Neven Biruski

WordPress Tribulant Slideshow Gallery plugin versions 1.6.4 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 5741ae5fa8e37ddb93b6ee5632cf37d8
Apache Tomcat 7.0.76 Directory Traversal
Posted Apr 6, 2017
Authored by DefenseCode

Apache Tomcat version 7.0.76 suffers from a directory traversal vulnerability.

tags | exploit
MD5 | 1e538bcf61ae8964acad592471f749a1
UPnP Issue Affects Many Routers
Posted Feb 6, 2013
Authored by H D Moore, Leon Juranic, DefenseCode

A few weeks ago, DefenseCode announced the remote pre-auth root access exploit for Cisco Linksys. During further research, they have discovered that other router manufacturers are also vulnerable to the same vulnerability, since the vulnerable Broadcom UPnP stack is used across multiple router vendors. Rapid7 has produced some scary numbers surrounding how many routers are affected on the Internet.

tags | advisory, remote, root
systems | cisco
MD5 | 3b0a8f2514d231023a2e7212b1720304
Broadcom UPnP Remote Preauth Root Code Execution
Posted Jan 31, 2013
Authored by Leon Juranic, DefenseCode, Vedran Kajic

A critical security vulnerability that allows a remote unauthenticated attacker to remotely execute arbitrary code under root privileges has been discovered in Broadcom's UPnP software.

tags | exploit, remote, arbitrary, root
MD5 | 20f62f4fa05f9c94bab90345f785c0cf
Page 1 of 2
Back12Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    12 Files
  • 23
    Sep 23rd
    2 Files
  • 24
    Sep 24th
    2 Files
  • 25
    Sep 25th
    11 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close