what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files from drone

First Active2012-06-28
Last Active2015-01-09
Ntpdc 4.2.6p3 Buffer Overflow
Posted Jan 9, 2015
Authored by drone

Ntpdc version 4.2.6p3 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
SHA-256 | dfc688a1df19cf25ae360e18efb2e689ec9e974da1249560b0f5d4ea4dcd3424
Railo 4.2.1 Remote File Inclusion
Posted Sep 12, 2014
Authored by drone, Brandon Perry | Site metasploit.com

This Metasploit module exploits a remote file include vulnerability in Railo, tested against version 4.2.1. First, a call using a vulnerable cffile line in thumbnail.cfm allows an attacker to download an arbitrary PNG file. By appending a .cfm, and taking advantage of a directory traversal, an attacker can append cold fusion markup to the PNG file, and have it interpreted by the server. This is used to stage and execute a fully-fledged payload.

tags | exploit, remote, arbitrary
advisories | CVE-2014-5468
SHA-256 | 0bbe174102c9e26fadfffb5af3c7e341a378b56297c9ad11a3b67c73f86ebcd0
DjVuLibre 3.5.25.3 Out Of Bounds Access Violation
Posted Jul 22, 2014
Authored by drone

DjVuLibre versions 3.5.25.3 and below suffer from an out of bounds access violation vulnerability.

tags | exploit
SHA-256 | 70e01af5b62931e1091d6505282299ef6626b2697a0e5fe8fad9b8eabb517c9a
Gitlist Unauthenticated Remote Command Execution
Posted Jul 6, 2014
Authored by drone, Brandon Perry | Site metasploit.com

This Metasploit module exploits an unauthenticated remote command execution vulnerability in version 0.4.0 of Gitlist. The problem exists in the handling of an specially crafted file name when trying to blame it.

tags | exploit, remote
advisories | CVE-2014-4511
SHA-256 | 2d10e7f5052c363ec8a9a489e9f7c7fd6b0f2a333365ccb4fc9fa7413a6b823c
Gitlist 0.4.0 Remote Code Execution
Posted Jun 30, 2014
Authored by drone

Gitlist versions 0.4.0 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2014-4511
SHA-256 | 00b7d366435cf917c8e9dd552a46f3409e889e65dde7d0753735ef2ebe2b6d00
Ganib 2.3 SQL Injection
Posted Mar 4, 2014
Authored by drone

Ganib versions 2.3 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f53669a90a92541ae5ebdad41e56273cd5fd6b51046bd02996f9b2579f3c29e3
Kimai 0.9.2 db_restore.php SQL Injection
Posted Nov 28, 2013
Authored by Brendan Coles, drone | Site metasploit.com

This Metasploit module exploits a SQL injection vulnerability in Kimai version 0.9.2.x. The 'db_restore.php' file allows unauthenticated users to execute arbitrary SQL queries. This Metasploit module writes a PHP payload to disk if the following conditions are met: The PHP configuration must have 'display_errors' enabled, Kimai must be configured to use a MySQL database running on localhost; and the MySQL user must have write permission to the Kimai 'temporary' directory.

tags | exploit, arbitrary, php, sql injection
SHA-256 | 853a61dfd6df69f1dd037fceb6af76d6aa56c0b508cd161484f30988de0f9da7
Dolibarr ERP/CMS 3.4.0 SQL Injection
Posted Oct 16, 2013
Authored by drone

Dolibarr ERP/CMS version 3.4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 17558383b563f3fc59b866cd4454a1c3f1b147cd861e3918baa96316db448057
aMSN 0.98.9 Local File Inclusion / SQL Injection
Posted Oct 14, 2013
Authored by drone

aMSN version 0.98.9 suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
SHA-256 | 139d345468fde77a4b91ccbd0e3b2625bfaeb5e36d34915fa821a8700d4bfe52
OpenEMM-2013 8.10.380.hf13.0.066 Cross Site Scripting / SQL Injection
Posted Jul 29, 2013
Authored by drone

OpenEMM-2013 version 8.10.380.hf13.0.066 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 14456af2c9a5b9e11fb7313fb343d5a731c447e6b28ffc4391db130a2ff55411
ASUS RT56U Remote Command Injection
Posted Jun 7, 2013
Authored by drone

ASUS RT56U versions 3.0.0.4.360 and below suffer from a remote command injection vulnerability.

tags | exploit, remote
SHA-256 | d5ec9bf8cece4256800e07f806a8eeba5ea5018224e988bbddedf118e4b8ca92
PHD Help Desk 2.12 SQL Injection
Posted Jun 4, 2013
Authored by drone

PHD Help Desk version 2.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5bd6713ae091f3a88456a992a6a2c14fd6a5cd823bb577c71eac2b768737e167
Kimai 0.9.2.1306-3 SQL Injection
Posted May 21, 2013
Authored by drone | Site kimai.org

Kimai version 0.9.2.1306-3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
systems | linux, windows
SHA-256 | 0500e2f1f7402ade9a36fb3bbcdf907836374db397c71ed558baeaefcc940edc
OpenDocMan 1.2.6.5 Cross Site Scripting
Posted May 7, 2013
Authored by drone

OpenDocMan version 1.2.6.5 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 09a561eea3e2a4cf7a0b605a95ace0f35855e1d5dc113069e4c7516091aab7e1
Proper Password Hashing
Posted Jun 28, 2012
Authored by bwall, drone | Site ballastsec.blogspot.com

Ballast Security felt the need to write this paper as almost countless services that we trust with our passwords are handling them irresponsibly. This is a good read for anyone who needs to store password hashes.

tags | paper
SHA-256 | 9b72c8fd503ebd25cdbebb177f28dba5b59183730431d92ae584879271c90add
Page 1 of 1
Back1Next

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    13 Files
  • 22
    Mar 22nd
    5 Files
  • 23
    Mar 23rd
    6 Files
  • 24
    Mar 24th
    47 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    50 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close