Exploit the possiblities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-08-09

D-Link Devices Unauthenticated Remote Command Execution
Posted Aug 9, 2013
Authored by Michael Messner, juan vazquez | Site metasploit.com

Different D-Link Routers are vulnerable to OS command injection via the web interface. The vulnerability exists in command.php, which is accessible without authentication. This Metasploit module has been tested with the versions DIR-600 2.14b01, DIR-300 rev B 2.13. Two target are included, the first one starts a telnetd service and establish a session over it, the second one runs commands via the CMD target. There is no wget or tftp client to upload an elf backdoor easily. According to the vulnerability discoverer, more D-Link devices may affected.

tags | exploit, web, php
advisories | OSVDB-89861
MD5 | e2926242e296222d9f55b90114f6a9e5
OpenX Backdoor PHP Code Execution
Posted Aug 9, 2013
Authored by egypt, temp66 | Site metasploit.com

OpenX Ad Server version 2.8.10 was shipped with an obfuscated backdoor since at least November 2012 through August 2013. Exploitation is simple, requiring only a single request with a rot13'd and reversed payload.

tags | exploit
advisories | CVE-2013-4211
MD5 | 07a2914e7ca11b4362efa9fc31da14e1
Squash YAML Code Execution
Posted Aug 9, 2013
Authored by Charlie Eriksen | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in the YAML request processor of the Squash application.

tags | exploit, remote, code execution
advisories | CVE-2013-5036, OSVDB-95992
MD5 | ec74f5c91b4c1f9162265c1a1817656d
sXid 4.20130802
Posted Aug 9, 2013
Authored by Ben Collins

sXid is an all-in-one suid/sgid monitoring program designed to be run from cron on a regular basis. It tracks any changes in your s[ug]id files and folders. If there are any new ones, ones that are not set any more, or they have changed bits or other modes, it reports the changes in an easy to read format via email or on the command line.

Changes: sXid now uses a SHA-256 hash function to track files. autoconf settings was updated to version 2.69. automake 1.13.3 is used to generate Makefiles. A --version option was added. /media and /sys directories were added to the EXCLUDE option. Man pages were converted to an mdoc macro. The README was converted to Markdown format. There were minor code improvements and miscellaneous bugfixes.
tags | tool, intrusion detection
systems | unix
MD5 | 0c57c61531ee5f702333644186ce4948
Tribq CMS 5.2.7 Cross Site Request Forgery
Posted Aug 9, 2013
Authored by Yashar shahinzadeh

Tribq CMS version 5.2.7 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | b8d8df70176d384ca1231992c71626c3
WordPress HMS Testimonials 2.0.10 XSS / CSRF
Posted Aug 9, 2013
Authored by RogueCoder

WordPress HMS Testimonials plugin version 2.0.10 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 3314041b978eb0c91618cd3fb0d15f2d
Taint Analysis And Pattern Matching With Pin
Posted Aug 9, 2013
Authored by Jonathan Salwan

This is a whitepaper called Taint analysis and pattern matching with Pin. All examples in this document are considered a proof of concept and are meant to give others ideas.

tags | paper, proof of concept
MD5 | c5ef0ac5a3d4879f18e7d2cc93faa32f
HP Security Bulletin HPSBHF02912
Posted Aug 9, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02912 - Potential security vulnerabilities have been identified with HP Networking Products including 3COM and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and denial of service. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2013-4806
MD5 | 8798c1b668b27a69c4a922d044b6653f
Joomla redSHOP 1.2 SQL Injection
Posted Aug 9, 2013
Authored by Matias Fontanini

Joomla redSHOP component version 1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e3af959d2b5a8bb67557165b8ead87ce
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Aug 9, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 5b98d476551c8cce51f4e344ffbfcef1
Slackware Security Advisory - seamonkey Updates
Posted Aug 9, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 5f1592541cce02fb30bcecba4063c0fb
Slackware Security Advisory - mozilla-firefox Updates
Posted Aug 9, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 3e0e1be6a01d3047f624163e88d9efb6
Red Hat Security Advisory 2013-1147-01
Posted Aug 9, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1147-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA Platform 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2012-5783, CVE-2013-0269, CVE-2013-1821
MD5 | 2ade666a3670d7fe745fd01ec7a57f18
NetworkMiner 1.4.1 DLL Hijacking / Directory Traversal
Posted Aug 9, 2013
Authored by Erik Hjelmvik

NetworkMiner versions 1.4.1 and below suffer from DLL hijacking and directory traversal vulnerabilities.

tags | advisory, vulnerability
systems | windows
MD5 | 1a256a06b2ffa96f61898cf3641a2d83
Open Real Estate CMS 1.5.1 CSRF / Path Disclosure / SQL Injection
Posted Aug 9, 2013
Authored by Yashar shahinzadeh

Open Real Estate CMS version 1.5.1 suffers from cross site request forgery, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file inclusion, info disclosure, csrf
MD5 | 6142349d9cb8ffa006a00ddabe31bc43
ZZN SQL Injection / XSS / Credential Disclosure
Posted Aug 9, 2013
Authored by Juan Carlos Garcia

ZZN (Web Hosting and Free email accounts) suffers from cross site scripting, remote blind SQL injection, and credential disclosure vulnerabilities.

tags | exploit, remote, web, vulnerability, xss, sql injection, info disclosure
MD5 | 5dbbc60e5281ad835fa94281c2895be6
Exact Audio Copy 1.0 Beta 3 Vulnerable Components
Posted Aug 9, 2013
Authored by Stefan Kanthak

Exact Audio Copy version 1.0 beta 3 ship with outdated, unsupported, and vulnerable third party components.

tags | advisory
MD5 | c38eaa10e75ddd23f96194ead5e2a1b5
PHPFox 3.4.1 Cross Site Scripting
Posted Aug 9, 2013
Authored by Mehdi Dadkhah

PHPFox version 3.4.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | f24e52f90457e06e3779af844916d445
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close