Twenty Year Anniversary
Showing 1 - 15 of 15 RSS Feed

Files from drone

First Active2012-06-28
Last Active2015-01-09
Ntpdc 4.2.6p3 Buffer Overflow
Posted Jan 9, 2015
Authored by drone

Ntpdc version 4.2.6p3 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
MD5 | 88d7b0cb49729812c8fda28923df10c3
Railo 4.2.1 Remote File Inclusion
Posted Sep 12, 2014
Authored by drone, Brandon Perry | Site metasploit.com

This Metasploit module exploits a remote file include vulnerability in Railo, tested against version 4.2.1. First, a call using a vulnerable cffile line in thumbnail.cfm allows an attacker to download an arbitrary PNG file. By appending a .cfm, and taking advantage of a directory traversal, an attacker can append cold fusion markup to the PNG file, and have it interpreted by the server. This is used to stage and execute a fully-fledged payload.

tags | exploit, remote, arbitrary
advisories | CVE-2014-5468
MD5 | 2287ef968db5103fca3148412e85213b
DjVuLibre 3.5.25.3 Out Of Bounds Access Violation
Posted Jul 22, 2014
Authored by drone

DjVuLibre versions 3.5.25.3 and below suffer from an out of bounds access violation vulnerability.

tags | exploit
MD5 | 2fc2f05de190584d3fb754e225e0b64d
Gitlist Unauthenticated Remote Command Execution
Posted Jul 6, 2014
Authored by drone, Brandon Perry | Site metasploit.com

This Metasploit module exploits an unauthenticated remote command execution vulnerability in version 0.4.0 of Gitlist. The problem exists in the handling of an specially crafted file name when trying to blame it.

tags | exploit, remote
advisories | CVE-2014-4511
MD5 | 8f79ebcf3c681e3fdd8995606de782d1
Gitlist 0.4.0 Remote Code Execution
Posted Jun 30, 2014
Authored by drone

Gitlist versions 0.4.0 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2014-4511
MD5 | ee46caf85f37abd2c3b0838eea3b25ad
Ganib 2.3 SQL Injection
Posted Mar 4, 2014
Authored by drone

Ganib versions 2.3 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8f69b07b2fc8cb3184db23c82befcb70
Kimai 0.9.2 db_restore.php SQL Injection
Posted Nov 28, 2013
Authored by Brendan Coles, drone | Site metasploit.com

This Metasploit module exploits a SQL injection vulnerability in Kimai version 0.9.2.x. The 'db_restore.php' file allows unauthenticated users to execute arbitrary SQL queries. This Metasploit module writes a PHP payload to disk if the following conditions are met: The PHP configuration must have 'display_errors' enabled, Kimai must be configured to use a MySQL database running on localhost; and the MySQL user must have write permission to the Kimai 'temporary' directory.

tags | exploit, arbitrary, php, sql injection
MD5 | aec9a8141849e97ce005dc4486ce99e3
Dolibarr ERP/CMS 3.4.0 SQL Injection
Posted Oct 16, 2013
Authored by drone

Dolibarr ERP/CMS version 3.4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2b984835498a9ffbac99c39ab995547a
aMSN 0.98.9 Local File Inclusion / SQL Injection
Posted Oct 14, 2013
Authored by drone

aMSN version 0.98.9 suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
MD5 | 799c535c358309c40c005a50d54bffd2
OpenEMM-2013 8.10.380.hf13.0.066 Cross Site Scripting / SQL Injection
Posted Jul 29, 2013
Authored by drone

OpenEMM-2013 version 8.10.380.hf13.0.066 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 0dc344af5b5ec5d81c3857ccb8f0728f
ASUS RT56U Remote Command Injection
Posted Jun 7, 2013
Authored by drone

ASUS RT56U versions 3.0.0.4.360 and below suffer from a remote command injection vulnerability.

tags | exploit, remote
MD5 | 2c5192f474b5bbfca2e912fa585f1827
PHD Help Desk 2.12 SQL Injection
Posted Jun 4, 2013
Authored by drone

PHD Help Desk version 2.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8a47292cb45d78061617db6d3fffe2f8
Kimai 0.9.2.1306-3 SQL Injection
Posted May 21, 2013
Authored by drone | Site kimai.org

Kimai version 0.9.2.1306-3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
systems | linux, windows
MD5 | ab547448d5e955197b1fe4c76b7432ea
OpenDocMan 1.2.6.5 Cross Site Scripting
Posted May 7, 2013
Authored by drone

OpenDocMan version 1.2.6.5 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 64d27b831258808f2aa8fe67b0010d03
Proper Password Hashing
Posted Jun 28, 2012
Authored by bwall, drone | Site ballastsec.blogspot.com

Ballast Security felt the need to write this paper as almost countless services that we trust with our passwords are handling them irresponsibly. This is a good read for anyone who needs to store password hashes.

tags | paper
MD5 | 6df883bde172ed66055c7172fa4ff6ba
Page 1 of 1
Back1Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close