Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-10-14

Zabbix 2.0.8 SQL Injection / Remote Code Execution
Posted Oct 14, 2013
Authored by Jason Kratzer, Lincoln | Site metasploit.com

This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an active session ID. If an administrator level user is identified, remote code execution can be gained by uploading and executing remote scripts via the 'scripts_exec.php' file.

tags | exploit, remote, php, code execution, sql injection
advisories | CVE-2013-5743
MD5 | 98f252fc2c529733cadab92811ca1757
HP Data Protector Cell Request Service Buffer Overflow
Posted Oct 14, 2013
Authored by juan vazquez, e6af8de8b1d4b2b6d5ba2610cbf9cd38 | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard Data Protector product. The vulnerability, due to the insecure usage of _swprintf, exists at the Cell Request Service (crs.exe) when parsing packets with opcode 211. This Metasploit module has been tested successfully on HP Data Protector 6.20 and 7.00 on Windows XP SP3.

tags | exploit, overflow
systems | windows, xp
advisories | CVE-2013-2333, OSVDB-93867
MD5 | 3abb5139270a83d5caa4e3ed7207ad5e
MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free
Posted Oct 14, 2013
Authored by sinn3r, temp66 | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. It was originally found being exploited in the wild targeting Japanese and Korean IE8 users on Windows XP, around the same time frame as CVE-2013-3893, except this was kept out of the public eye by multiple research companies and the vendor until the October patch release. This issue is a use-after-free vulnerability in CDisplayPointer via the use of a "onpropertychange" event handler. To set up the appropriate buggy conditions, we first craft the DOM tree in a specific order, where a CBlockElement comes after the CTextArea element. If we use a select() function for the CTextArea element, two important things will happen: a CDisplayPointer object will be created for CTextArea, and it will also trigger another event called "onselect". The "onselect" event will allow us to set up for the actual event handler we want to abuse - the "onpropertychange" event. Since the CBlockElement is a child of CTextArea, if we do a node swap of CBlockElement in "onselect", this will trigger "onpropertychange". During "onpropertychange" event handling, a free of the CDisplayPointer object can be forced by using an "Unslect" (other approaches also apply), but a reference of this freed memory will still be kept by CDoc::ScrollPointerIntoView, specifically after the CDoc::GetLineInfo call, because it is still trying to use that to update CDisplayPointer's position. When this invalid reference arrives in QIClassID, a crash finally occurs due to accessing the freed memory. By controlling this freed memory, it is possible to achieve arbitrary code execution under the context of the user.

tags | exploit, arbitrary, code execution
systems | windows, xp
advisories | CVE-2013-3897, OSVDB-98207
MD5 | 7d3da8e36359561e1c8d13165a5408e5
Debian Security Advisory 2779-1
Posted Oct 14, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2779-1 - Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project's XML parser library, which can lead to denial of service issues when handling XML documents that end abruptly.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2013-2877
MD5 | 1ced8c96d72074d6abcc62e4863d41f0
aMSN 0.98.9 Local File Inclusion / SQL Injection
Posted Oct 14, 2013
Authored by drone

aMSN version 0.98.9 suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
MD5 | 799c535c358309c40c005a50d54bffd2
Passwords^13 Call For Submissions
Posted Oct 14, 2013
Authored by Per Thorsheim

The Passwords^13 Call For Submissions has been announced. It will be held December 2nd through the 3rd, 2013.

tags | paper, conference
MD5 | 69c3224aaa10ee3f4e00daa9d3bfb0e9
mp3-player 2.5 Cross Site Scripting / Content Spoofing
Posted Oct 14, 2013
Authored by MustLive

mp3-player versions 2.5 and below suffer from cross site scripting and content spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
MD5 | 566940139a3988e1853c4810914ef54d
PHPFox 3.6.0 Cross Site Scripting
Posted Oct 14, 2013
Authored by BHG Security Center

PHPFox version 3.6.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 3f809c6d313b0f1cdf1b0ef30b006324
Linux Kernel Patches
Posted Oct 14, 2013
Authored by x90c

This is a brief whitepaper that discusses various Linux kernel patches.

tags | paper, kernel
systems | linux
MD5 | 2c3fc5ac34f881418e756971c762ccb0
Beetle Connection Manager SEH Buffer Overflow
Posted Oct 14, 2013
Authored by metacom

Beetel Connection Manager structured exception handler buffer overflow exploit.

tags | exploit, overflow
MD5 | daac716a17fe5fe331066b68fccb1917
Mandos Encrypted File System Unattended Reboot Utility 1.6.1
Posted Oct 14, 2013
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: All client, and mandos-ctl, options for time intervals now also take an RFC 3339 duration. The default key type and length are now RSA and 4096 bit. Bugfixes: handles fast checkers (like ":") correctly. Doesn't print output from checkers when running in the foreground. Handles when a client is removed from clients.conf but saved settings remain. mandos-monitor now displays standout (reverse video). Boolean options work from the config file again. --no-ipv6 works again. The new default GnuTLS priority string is slightly more compatible with older versions of GnuTLS. A bashism in mandos-keygen has been fixed.
tags | tool, remote, root
systems | linux, unix
MD5 | c407bb336a7fd9cf6500bf9f8ae7f20f
Pagelime CMS XSS / Credential Disclosure
Posted Oct 14, 2013
Authored by Juan Carlos Garcia

Pagelime CMS suffers from cross site scripting, unencrypted __VIEWSTATE parameter, credentials being sent in the clear, and various other security issues.

tags | exploit, xss
MD5 | d123c3e4973a1200db2d69991057a96c
ShoreTel ShoreWare Director Denial Of Service
Posted Oct 14, 2013
Authored by Dennis Kelly

ShoreTel ShoreWare Director version 18.61.7500.0 suffers from denial of service and arbitrary file modification vulnerabilities.

tags | advisory, denial of service, arbitrary, vulnerability
MD5 | 9eb51880986d9b8a05df8b3c72f68a32
WordPress Finalist Cross Site Scripting
Posted Oct 14, 2013
Authored by Ashiyane Digital Security Team

WordPress Finalist plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6edc9642d2506f582a7caa56465434dc
Android Zygote Socket Fork Bomb
Posted Oct 14, 2013
Authored by Luca Verderame

Android Zygote socket vulnerability fork bomb attack exploit.

tags | exploit, denial of service
advisories | CVE-2011-3918, OSVDB-86227
MD5 | 30b6d407bfae50c5da6a31c5fcad241f
Page 1 of 1

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    1 Files
  • 22
    Jan 22nd
    15 Files
  • 23
    Jan 23rd
    12 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By