exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News Services About Contact Add New

Showing 1 - 17 of 17

Files Date: 2013-03-29

mRemote 1.50 Update Spoofing

Posted Mar 29, 2013

Authored by Janek Vind aka waraxe | Site waraxe.us

mRemote version 1.50 suffers from an update spoofing vulnerability.

tags | exploit, spoof

MD5 | 5f0a05105f4eac25a94fcdac8802592f

Download | Favorite | View

Royal TS 2.1.5 Update Spoofing

Posted Mar 29, 2013

Authored by Janek Vind aka waraxe | Site waraxe.us

Royal TS version 2.1.5 suffers from an update spoofing vulnerability.

tags | exploit, spoof

MD5 | 716632b0b203b43be35e845638c4c9b1

Download | Favorite | View

Daddy's File Hosting Cross Site Scripting

Posted Mar 29, 2013

Authored by Mr.0c3aN

Daddy's File Hosting version 2 suffers from a cross site scripting vulnerability.

tags | exploit, xss

MD5 | 0db64aecf4510c5ed6ebf7a988ddd54c

Download | Favorite | View

Parsing Binary File Formats With PowerShell

Posted Mar 29, 2013

Authored by Matt Graeber | Site exploit-monday.com

This archive includes a presentation and code samples. The presentation is called Parsing Binary File Formats with PowerShell.

tags | paper

systems | linux

MD5 | 11fae6f510557858aa55bb3d3098365d

Download | Favorite | View

STUNSHELL Web Shell PHP Eval

Posted Mar 29, 2013

Authored by bwall | Site metasploit.com

This Metasploit module exploits unauthenticated versions of the "STUNSHELL" web shell. This Metasploit module works when safe mode is enabled on the web server. This shell is widely used in automated RFI payloads.

tags | exploit, web, shell

MD5 | 14fe20dbc0bd59c275dc99df677548aa

Download | Favorite | View

STUNSHELL Web Shell Remote Code Execution

Posted Mar 29, 2013

Authored by bwall | Site metasploit.com

This Metasploit module exploits unauthenticated versions of the "STUNSHELL" web shell. This Metasploit module works when safe mode is disabled on the web server. This shell is widely used in automated RFI payloads.

tags | exploit, web, shell

MD5 | f26790bb1fd499aae352a4ad6c8754a0

Download | Favorite | View

WordPress podPress 8.8.10.13 Cross Site Scripting

Posted Mar 29, 2013

Authored by hip

WordPress podPress third party plugin version 8.8.10.13 suffers from a cross site scripting vulnerability via 1pixelout_player.swf.

tags | exploit, xss

advisories | CVE-2013-2714

MD5 | 23b3c8ff0f431cb3accef9a7a1caf12d

Download | Favorite | View

MailOrderWorks 5.907 Cross Site Scripting

Posted Mar 29, 2013

Authored by Ibrahim El-Sayed | Site vulnerability-lab.com

MailOrderWorks version 5.907 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

MD5 | 0416fc31d9a84249488a44c0f31e36f6

Download | Favorite | View

PayPal GP+ Cross Site Scripting

Posted Mar 29, 2013

Authored by Ibrahim El-Sayed | Site vulnerability-lab.com

The PayPal GP+ service application for analyzing websites suffered from a persistent cross site scripting vulnerability.

tags | exploit, xss

MD5 | 8b9b0ec34469b618d47df0ad6b1a69ef

Download | Favorite | View

PayPal Sellers CMS Cross Site Scripting

Posted Mar 29, 2013

Authored by Ibrahim El-Sayed | Site vulnerability-lab.com

The PayPal content manager system for sellers suffered from a persistent cross site scripting vulnerability.

tags | exploit, xss

MD5 | 5c3a52b8fea4e5a703b7d4fcd32502f4

Download | Favorite | View

ALLMediaServer 0.94 Buffer Overflow

Posted Mar 29, 2013

Authored by metacom | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in ALLMediaServer version 0.94. The vulnerability is caused due to a boundary error within the handling of an HTTP request.

tags | exploit, web, overflow

MD5 | b3294c5e0ea33e94dc0aab374786f72e

Download | Favorite | View

Debian Security Advisory 2655-1

Posted Mar 29, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2655-1 - Several cross-site-scripting and denial of service vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development.

tags | advisory, web, denial of service, vulnerability, ruby

systems | linux, debian

advisories | CVE-2011-2932, CVE-2012-3464, CVE-2012-3465, CVE-2013-1854, CVE-2013-1855, CVE-2013-1857

MD5 | 6e9a4c36a5c842bbc63f38cb0b1539e7

Download | Favorite | View

Red Hat Security Advisory 2013-0689-01

Posted Mar 29, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0689-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. Note: This update disables the syntax checking of NAPTR resource records.

tags | advisory, remote, denial of service, protocol

systems | linux, redhat

advisories | CVE-2013-2266

MD5 | cf7e62f486d152619cd602cc94117fab

Download | Favorite | View

Red Hat Security Advisory 2013-0691-01

Posted Mar 29, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0691-01 - Red Hat Storage is a software only, scale-out storage solution that provides flexible and agile unstructured data storage for the enterprise. A flaw was found in the way the Swift component used Python pickle. This could lead to arbitrary code execution. With this update, the JSON format is used. Multiple insecure temporary file creation flaws were found in Red Hat Storage. A local user on the Red Hat Storage server could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack.

tags | advisory, arbitrary, local, root, code execution, python

systems | linux, redhat

advisories | CVE-2012-4406, CVE-2012-5635, CVE-2012-5638

MD5 | 1dcd3fbb4f13f36f971ca73d88fd152c

Download | Favorite | View

Red Hat Security Advisory 2013-0690-01

Posted Mar 29, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0690-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. Note: This update disables the syntax checking of NAPTR resource records.

tags | advisory, remote, denial of service, protocol

systems | linux, redhat

advisories | CVE-2013-2266

MD5 | fce351f8b68afdcd0216c43bbe76c25b

Download | Favorite | View

Red Hat Security Advisory 2013-0688-01

Posted Mar 29, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0688-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.3 will be retired on March 31, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.3 AMC after that date.

tags | advisory

systems | linux, redhat

MD5 | d12d9b8cbe0651ec8215ee84714a89c9

Download | Favorite | View

Voila CMS Cross Site Scripting

Posted Mar 29, 2013

Authored by Darksnipper, Dr.v!ru$

Sites designed by Voila Syria suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss

MD5 | b87a2b1bc52c077fc56354268fe2bdd3

Download | Favorite | View