Impacket is a collection of Python classes for working with network protocols. Impacket is mostly focused on providing low-level programmatic access to the packets, however some protocols (for instance NMB and SMB) are implemented in a higher level as a foundation for other protocols. Packets can be constructed from scratch, as well as parsed from raw data, and the object oriented API makes it simple to work with deep hierarchies of protocols. Impacket is most useful when used together with a packet capture utility or package such as Pcapy, an object oriented Python extension for capturing network packets.
31d51acda423889fe498a3c81256269620780c2af6378509def695e4e69c58df
KAPDA advisory #46: Nukedit v4.9.6 and prior - Unauthorized Admin Add vulnerability
a51adc1b52850ac1a7814d4ea83edd6b2a14cecc02787a12fc206f9ca8174d73
WikiNi 0.4.2 and below suffer from many XSS vectors.
230968c56c45c213bee5243bb454aa497a22046c9bce1630fb385c66a98ca5d5
Foing Remote File Inclusion exploit
8adf654ddfa4b83fb8ae69dce42667b1db02ee59d1a04c55067c99c741d74c5b
The XSS vulnerabilities reported for UBBThreads 5.x,6.x will allow you to inject javascript and steal MD5 Hashes.
ea438861e9a77db23c4228e3e4e7186021706986c8938a24662f2f7508af5bdd
KAPDA #45: geeklog-1.4.0sr2 and prior versions suffer from Path Disclosure, XSS, SQL Injection vulnerabilities.
6b09738702a9e181800066e1ac01c9be8d1600e54090d79447b053ffedcf227b
Photoalbum B&W v1.3 suffers from XSS
e385c2855de0b358a5a38995f34d4b9d0e91aae65bf377a57caa92e601011f58
Variomat CMS suffers from multiple SQL injection vulnerabilities.
9cf28c26ea590954e6b822a8484381835d5fd3f9c414eed9bc013d877938b180
It is possible to DOS Java Apache Mail Enterprise Server (a.k.a. Apache James) by sending it a long SMTP argument. POC included.
cc3c20662b0fb8e4281f134d233ad98aa520497d76563802964f2c8ccd5e4b28
EzUpload Pro v2.10 suffers from multiple remote file inclusion vulnerabilities.
d2a95cf5390c4ea2c1527008b3f7efa69b8246ec41d87a7a9e1701ae49382dff
vCard 2.9 suffers from multiple XSS vulnerabilities.
d5033ecb3845a2fa8ef14f42569d39067ea42c534f7025a3e555703db22b80c7
Multiple XSS vulnerabilities have been discovered in coolphp magazine.
a91d0e39a7dd45e96ee4f8ec06bd6010c8ce466f14ed72e225830fa24b7310ac
Ubuntu Security Notice 288-1: postgresql-7.4/-8.0, postgresql, psycopg, python-pgsql vulnerabilities
9a506340043a3f542a00ae29e9117b73ceef922392f9234115347f088b9b5279
Ubuntu Security Notice 287-1: The nagios CGI scripts did not sufficiently check the validity of the HTTP Content-Length attribute. By sending a specially crafted HTTP request with an invalidly large Content-Length value to the Nagios server, a remote attacker could exploit this to execute arbitrary code with web server privileges.
5e9eb73c9f438b4ecefd6e012aa971dade80f066d3fc35d41cedded74a6c9539
Debian Security Advisory 1082-1: Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
b2c2ec10a7f438c348a95d77fa8aa09d897af538b1d2250b260bc7c2283a5dc5
Debian Security Advisory 1081-1: Luigi Auriemma discovered a buffer overflow in the processing of ASF files in libextractor, a library to extract arbitrary meta-data from files., which can lead to the execution of arbitrary code.
b63bda0e6f0bee9216c35e85b9e84d03272ea93f7fbb2854ca9f397799c3dae1
Debian Security Advisory 1080-1: A problem has been discovered in the IMAP component of Dovecot, a secure mail server that supports mbox and maildir mailboxes, which can lead to information disclosure via directory traversal by authenticated users.
27fad67d0b9f97104f55ecba2ad0a241d17c74ba358d35ed0ea75f0d15529bbe
The reporting function in Jiwa Financials 6.4.14 allows execution of arbitrary reports as SQL user with full SELECT, INSERT, UPDATE, DELETE SQL permissions.
ffe8d4a8b44066cc603685aa27447d14660b26131db8ab89620c95ae20d898cf
The Blend Portal for phpBB 2.x versions 1.2.0 and prior suffer from a remote file inclusion vulnerability in blend_data/blend_common.php.
26043a75c8ca03f053ab536808ac441b94295cc9ec102915ca11921fcab71565
UBBThreads 5.x and 6.x suffer from multiple remote file inclusion vulnerabilities.
5750dd11ea621c8d492d5d53c12ed32c350b7b8fa50d38fe19c0fb5bb5f8afb1
ASPSitem 2.0 and prior suffer from SQL injection in Anket.asp
8f53283f2325c0986b8c5ac47d3c5c776f310532f8afe0f0ef8746c54d14c7e5
the Activity MOD Plus for phpBB 2.x suffers from a remote file inclusion vulnerability.
f6c704381020d028b6f30cbe59577a467aef3318dc375db14bb6852eed6ec5cc
phpBB 2.x suffers from a remote file inclusion vulnerability in admin/admin_hacks_list.php.
fd7b5cd3fa1a5cb3e5341c0f01035e5db29142536f8360a53b33ce5688efd45d
Eggblog versions less than or equal to 3.x suffer from multiple SQL injection vulnerabilities.
de9b10bb7ba99c00efc9c0d8777a52e92b506c14966fc7129efe55f07fbe2dc5
F@cile Interactive Web versions less than or equal to 0.8x suffer from multiple file inclusion vulnerabilities.
9b30e47e8e859e8257da24878a4ee9f5921c5a006df0e3aa62a1b879c095353d