what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-03-28

Fitnesse Wiki Remote Command Execution
Posted Mar 28, 2014
Authored by Veerendra G.G, Jerzy Kramarz | Site metasploit.com

This Metasploit module exploits a vulnerability found in Fitnesse Wiki, version 20140201 and earlier.

tags | exploit
advisories | CVE-2014-1216
SHA-256 | ea5185af9eacbf5f8ba32b49f0b348feaf5aeb8b06d576421ac1861e3bd61b62
SePortal 2.5 SQL Injection / Remote Code Execution
Posted Mar 28, 2014
Authored by xistence, jsass | Site metasploit.com

This Metasploit module exploits a vulnerability found in SePortal version 2.5. When logging in as any non-admin user, it's possible to retrieve the admin session from the database through SQL injection. The SQL injection vulnerability exists in the "staticpages.php" page. This hash can be used to take over the admin user session. After logging in, the "/admin/downloads.php" page will be used to upload arbitrary code.

tags | exploit, arbitrary, php, sql injection
advisories | CVE-2008-5191, OSVDB-46567
SHA-256 | 523ae89437abd95ee2b8adbfe4b6eb79e71f45e8218d4bcec51f35af6aab99d6
Debian Security Advisory 2889-1
Posted Mar 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2889-1 - An SQL injection vulnerability was discovered in postfixadmin, a web administration interface for the Postfix Mail Transport Agent, which allowed authenticated users to make arbitrary manipulations to the database.

tags | advisory, web, arbitrary, sql injection
systems | linux, debian
advisories | CVE-2014-2655
SHA-256 | 6c98896315477340680db98e02791077026f5bb90eef2f49e4ff280754b1c63a
Debian Security Advisory 2888-1
Posted Mar 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2888-1 - Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service vulnerabilities in Ruby Actionpack.

tags | advisory, denial of service, vulnerability, xss, ruby
systems | linux, debian
advisories | CVE-2013-4389, CVE-2013-4491, CVE-2013-6414, CVE-2013-6415, CVE-2013-6417
SHA-256 | 423a0919621086aaccc30b1f280aaa8df27b793c92b30df5b3341a89bb7b74d0
Symantec LiveUpdate Administrator 2.3.2.99 Password Reset / SQL Injection
Posted Mar 28, 2014
Authored by S. Viehbock | Site sec-consult.com

Symantec LiveUpdate Administrator versions 2.3.2.99 and below suffer from password reset and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, sql injection
advisories | CVE-2014-1644, CVE-2014-1645
SHA-256 | 11f001616a25bdfdf4be738bd0ef7f77bf985f9f7a0f5c873331ffa8305ed340
LibYAML 0.1.5 Buffer Overflow
Posted Mar 28, 2014
Authored by Andrea Barisani, Open Source CERT

LibYAML versions 0.1.5 and below are affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for the string passed to the yaml_parser_scan_uri_escapes() function. A specially crafted YAML file, with a long sequence of percent-encoded characters in a URL, can be used to trigger the overflow.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2014-2525
SHA-256 | 801017e1ff1d3bdeae05eeef0c85d7625a0088eef454bd42667d1a259ef47ff8
Ajax Pagination 1.1 Local File Inclusion
Posted Mar 28, 2014
Authored by Glyn Wintle

Ajax Pagination version 1.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 69e08cc5d2ea4848004a83b725d70d5539504575928edebeba5a13590e8b2878
HP Security Bulletin HPSBST02968 2
Posted Mar 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02968 2 - A potential security vulnerability has been identified with certain HP StoreOnce appliances. This vulnerability could be exploited to allow remote unauthorized access to the appliance. Revision 2 of this advisory.

tags | advisory, remote
advisories | CVE-2013-6211
SHA-256 | 381ca615d8d8fface93b274db6423d82a2e18741438d20d4c269d5e2cb2270f8
Debian Security Advisory 2887-1
Posted Mar 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2887-1 - Aaron Neyer discovered that missing input sanitizing in the logging component of Ruby Actionmailer could result in denial of service through a malformed e-mail message.

tags | advisory, denial of service, ruby
systems | linux, debian
advisories | CVE-2013-4389
SHA-256 | a3b48a31da8b85333d9e14e6c946b5b226635072b357a1c97013b03a850b0350
iStArtApp FileXChange 6.2 Command Injection / LFI / File Upload
Posted Mar 28, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

iStArtApp FileXChange version 6.2 for iOS suffers from command injection, local file inclusion, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion
systems | ios
SHA-256 | 8b098835b2928b1e01d165f8e8bde1efd4aab6d93048b1a9c54783e43ca561bf
WordPress HTML Sitemap 1.2 Cross Site Request Forgery
Posted Mar 28, 2014
Authored by Tom Adams

WordPress HTML Sitemap version 1.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 201994735e80fa917f6e5059cc2ed56952c108819c09e3f473ea49a528417d57
GD Star Rating 1.9.22 XSS / CSRF / SQL Injection
Posted Mar 28, 2014
Authored by Tom Adams

GD Star Rating version 1.9.22 suffers from cross site request forgery, cross site scripting, and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
SHA-256 | 796f545fbb705c4802204cc3c44a1363749e626b8c4b713647a53112da55d889
Canon PIXMA MX722 Printer Wireless Password Disclosure
Posted Mar 28, 2014
Authored by Taylor Hornby

Canon PIXMA MX722 printer suffers from a WiFi password disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 053f0b5c3da36eac0eb319318f27ed23717cee605d73853ff649d554743a60d9
WordPress Business Intelligence 1.0.6 Shell Upload
Posted Mar 28, 2014
Authored by Manish Tanwar

WordPress wp-business-intelligence plugin version 1.0.6 suffers from a remote shell upload vulnerability due to including ofc_upload_image.php.

tags | exploit, remote, shell, php
SHA-256 | cfc6ca57ddaae7ce436b3f1dd3b109d8d363bf14d5bbb4a97697b3c2cec8fbff
ASP-Nuke 2.0.7 Open Redirect
Posted Mar 28, 2014
Authored by Felipe Andrian Peixoto

ASP-Nuke version 2.0.7 suffers from an open redirect vulnerability.

tags | exploit, asp
SHA-256 | 902da011bf746423d5b241e17da52bd86559dbc0d84acce478a7761e2d717453
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close