exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

Files Date: 2012-12-08

MyBB Kingchat Cross Site Scripting
Posted Dec 8, 2012
Authored by VipVince

MyBB Kingchat plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f94936996d8bbc5aab405f1a278b3a60ca5bd96993d1d961b16d7ab401fe2618
vBulletin 3.x / 4.x AjaxReg SQL Injection
Posted Dec 8, 2012
Authored by Cold z3ro

vBulletin versions 3.x and 4.x suffer from an AjaxReg remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ba1d7d1f1438618fb4cca970000c2c7a3b406383099377a97eb9a8f42042b758
Site Builder RumahWeb File Disclosure
Posted Dec 8, 2012
Authored by X-Cisadane, xevil

Site Builder RumahWeb suffers from an arbitrary configuration file disclosure vulnerability.

tags | exploit, arbitrary, info disclosure
SHA-256 | 352ce885151eeb10f83fdaf153f611f686de4e94c4fc6ffc44044477b598a574
FreeFloat FTP Server Arbitrary File Upload
Posted Dec 8, 2012
Authored by sinn3r, juan vazquez | Site metasploit.com

This Metasploit module abuses multiple issues in FreeFloat: 1. No credential is actually needed to login; 2. User's default path is in C:\, and this cannot be changed; 3. User can write to anywhere on the server's file system. As a result of these poor implementations, a malicious user can just log in and then upload files, and let WMI (Management Instrumentation service) to execute the payload uploaded.

tags | exploit
SHA-256 | 7e4b33e6e72bc7067803b531d78ed6fe17a2b9daf5dacfbff469915388c07408
Centrify Deployment Manager 2.1.0.283 Local Root
Posted Dec 8, 2012
Authored by Larry W. Cashdollar

Centrify Deployment Manager version 2.1.0.283 suffers from a race condition in /tmp that allows for local root privilege escalation.

tags | exploit, local, root
SHA-256 | 7571d7bb4780c1d99a2465c7ff79b8660346fa719c99eca6d189b83896c08490
Maxthon3 about:history XCS Trusted Zone Code Execution
Posted Dec 8, 2012
Authored by Roberto Suggi Liverani, sinn3r, juan vazquez | Site metasploit.com

Cross Context Scripting (XCS) is possible in the Maxthon about:history page. Injection in such privileged/trusted browser zone can be used to modify configuration settings and execute arbitrary commands. Please note this module only works against specific versions of XCS. Currently, we've only successfully tested on Maxthon 3.1.7 build 600 up to 3.2.2 build 1000.

tags | exploit, arbitrary
SHA-256 | edfb695d586066cbef9515fde0393bb119c669cea54c3475dc93bb3dcdbc8c10
Splunk 5.0 Custom App Remote Code Execution
Posted Dec 8, 2012
Authored by sinn3r, juan vazquez, [at]marcwickenden | Site metasploit.com

This Metasploit module exploits a feature of Splunk whereby a custom application can be uploaded through the web based interface. Through the 'script' search command a user can call commands defined in their custom application which includes arbitrary perl or python code. To abuse this behavior, a valid Splunk user with the admin role is required. By default, this module uses the credential of "admin:changeme", the default Administrator credential for Splunk. Note that the Splunk web interface runs as SYSTEM on Windows, or as root on Linux by default. This Metasploit module has only been tested successfully against Splunk 5.0.

tags | exploit, web, arbitrary, root, perl, python
systems | linux, windows
SHA-256 | 638c1ea3c9f99886762f0c13cc824ca25fe4fd419cf32123b703084f0680888f
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close