exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files Date: 2015-03-17

Spybot Search And Destroy 1.6.2 Privilege Escalation
Posted Mar 17, 2015
Authored by Aljaz Ceru | Site zeroscience.mk

The Spybot Search and Destroy application suffers from an unquoted search path issue impacting the service 'SBSDWSCService' for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

tags | exploit, arbitrary, local, root
systems | windows
MD5 | d64faf59cc103857211995ccd24e74c4
Moodle 2.5.9 / 2.6.8 / 2.7.5 / 2.8.3 Cross Site Scripting
Posted Mar 17, 2015
Authored by LiquidWorm | Site zeroscience.mk

Moodle suffers from persistent cross site scripting vulnerabilities. Input passed to the POST parameters 'config_title' and 'title' thru index.php, are not properly sanitized allowing the attacker to execute HTML or JS code into user's browser session on the affected site. Affected components: Blocks, Glossary, RSS and Tags.

tags | exploit, php, vulnerability, xss
advisories | CVE-2015-2269
MD5 | 279da107a7b2a1b1cadb6d5342d50149
Google App Engine Java Security Sandbox Bypasses
Posted Mar 17, 2015
Authored by Adam Gowdiak | Site security-explorations.com

Full materials and proof of concept code has been released for the Security Explorations discovery of various Google app engine java security sandbox bypasses.

tags | exploit, java, proof of concept
systems | linux
MD5 | e18212db596c59c0198cd2c6b8801c6f
Metasploit Project Cross Site Request Forgery
Posted Mar 17, 2015
Authored by Mohamed A. Baset

Metasploit Project versions prior to 4.11.1 suffered from a cross site request forgery vulnerability in the initial user creation functionality.

tags | exploit, csrf
MD5 | 75c6726d333f41f282f85f076baac6cd
Wonder CMS 0.6 Cross Site Scripting
Posted Mar 17, 2015
Authored by Provensec

Wonder CMS version 0.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1f80c89a9f31662e814c80f996dd5ee6
Applicure Dotdefender WAF 5.13-13282 Cross Site Scripting
Posted Mar 17, 2015
Authored by Akastep

Applicure Dotdefender WAF versions 5.13-13282 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | a9f92655da6950f9d0df2f27d09f42aa
724CMS 5.01 / 4.59 / 4.01 / 3.01 Cross Site Scripting
Posted Mar 17, 2015
Authored by Wang Jing

724CMS versions 5.01, 4.59, 4.01, and 3.01 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9f3ad539e8e021802cb1de225073a637
724CMS 5.01 / 4.59 / 4.01 / 3.01 SQL Injection
Posted Mar 17, 2015
Authored by Wang Jing

724CMS versions 5.01, 4.59, 4.01, and 3.01 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 21b598dca7bad0167c3f81fa5701b8a0
Intel Network Adapter Diagnostic Driver IOCTL DoS
Posted Mar 17, 2015
Authored by Glafkos Charalambous

A vulnerability in iqvw32.sys and iqvw64e.sys drivers has been discovered in the Intel Network Adapter Driver. The vulnerability exists due to insufficient input buffer validation when the driver processes IOCTL codes 0x80862013, 0x8086200B, 0x8086200F, 0x80862007 using METHOD_NEITHER and due to insecure permissions allowing everyone read and write access to privileged use only functionality. Attackers can exploit this issue to cause a Denial of Service or possibly execute arbitrary code in kernel space.

tags | exploit, denial of service, arbitrary, kernel
advisories | CVE-2015-2291
MD5 | 63ed8a86b8a3dfefbbaaa1c89ef15f46
Mambo 4.6.5 Cross Site Request Forgery / SQL Injection
Posted Mar 17, 2015
Authored by Provensec

Mambo version 4.6.5 suffers from a cross site request forgery vulnerability that allows for remote SQL injection.

tags | exploit, remote, sql injection, csrf
MD5 | 0880e6f914ef159e861b7b93c1a10ca6
DNS Spider Multithreaded Bruteforcer 0.6
Posted Mar 17, 2015
Authored by noptrix | Site noptrix.net

DNS Spider is a multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.

Changes: Upgraded default wordlist. Replaced optionparser with argparse. Add version output option. Fixed typo.
tags | tool, scanner
systems | unix
MD5 | 80226a77961fba6e79af313425daf906
UliCMS 8.0.1 Cross Site Request Forgery
Posted Mar 17, 2015
Authored by Provensec

UliCMS version 8.0.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | e4992bd4d13040220f8815ed0072ca80
Linux/x86 ROT13 Encoded execve("/bin/sh") Shellcode
Posted Mar 17, 2015
Authored by xmgv

68 bytes small Linux/x86 rot 13 encoded execve("/bin/sh") shellcode.

tags | x86, shellcode
systems | linux
MD5 | b093b61bcc78d33dbbcd59973c2f0f69
Linux/x86 chmod 0777 /etc/shadow Shellcode
Posted Mar 17, 2015
Authored by xmgv

84 bytes small obfuscated Linux/x86 shellcode that performs chmod 0777 /etc/shadow.

tags | x86, shellcode
systems | linux
MD5 | e8c9ca4e524cb47c9e913082034822b1
Linux/x86 Google.com Remap Shellcode
Posted Mar 17, 2015
Authored by xmgv

98 bytes small obfuscated Linux/x86 shellcode that maps google.com to 127.1.1.1.

tags | x86, shellcode
systems | linux
MD5 | eef2317c003fef1cfab341c4d6f2e8e2
Windows Diagnostic Troubleshooting Wizard Buffer Overflow
Posted Mar 17, 2015
Authored by Nick Prowse

Microsoft Windows Diagnostic Troubleshooting Wizard suffers from buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | windows
MD5 | 960ffb7de4dd4eb2f201d86813f0dce8
.NetFramework 4.03 Buffer Overflows
Posted Mar 17, 2015
Authored by Nick Prowse

NetFramework version 4.03 suffers from buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
MD5 | 5c7a014e6d985e60b511a0bccd1545f9
Linux/x86 Obfuscated execve("/bin/sh") Shellcode
Posted Mar 17, 2015
Authored by xmgv

40 bytes small Linux/x86 obfuscated execve("/bin/sh") shellcode.

tags | x86, shellcode
systems | linux
MD5 | 889bbb0a3f5d952bb9c5a80714dd6303
Protecting IIS With Apache Mod Proxy And Dotdefender WAF
Posted Mar 17, 2015
Authored by Akastep

This is a whitepaper discussing using Apache with mod_proxy and Dotdefender to protect IIS installs. Written in Azerbaijani.

tags | paper
MD5 | d52a48cac7f353140489e0ea242197fc
Page 1 of 1
Back1Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close