exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2015-03-17

Spybot Search And Destroy 1.6.2 Privilege Escalation
Posted Mar 17, 2015
Authored by Aljaz Ceru | Site zeroscience.mk

The Spybot Search and Destroy application suffers from an unquoted search path issue impacting the service 'SBSDWSCService' for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

tags | exploit, arbitrary, local, root
systems | windows
SHA-256 | ddb6e92cb002970c9f6e6241ac58abf4997bbcfc0d0b442eb9e244618053668d
Moodle 2.5.9 / 2.6.8 / 2.7.5 / 2.8.3 Cross Site Scripting
Posted Mar 17, 2015
Authored by LiquidWorm | Site zeroscience.mk

Moodle suffers from persistent cross site scripting vulnerabilities. Input passed to the POST parameters 'config_title' and 'title' thru index.php, are not properly sanitized allowing the attacker to execute HTML or JS code into user's browser session on the affected site. Affected components: Blocks, Glossary, RSS and Tags.

tags | exploit, php, vulnerability, xss
advisories | CVE-2015-2269
SHA-256 | 3a879d762267aeaca9fc89ee912f160275d978f39e1f6f838032b7e55569749c
Google App Engine Java Security Sandbox Bypasses
Posted Mar 17, 2015
Authored by Adam Gowdiak | Site security-explorations.com

Full materials and proof of concept code has been released for the Security Explorations discovery of various Google app engine java security sandbox bypasses.

tags | exploit, java, proof of concept
systems | linux
SHA-256 | bd960af7763ba59085745caf406af8ad984dad196a7d5aaccd9db363dd96eb1a
Metasploit Project Cross Site Request Forgery
Posted Mar 17, 2015
Authored by Mohamed A. Baset

Metasploit Project versions prior to 4.11.1 suffered from a cross site request forgery vulnerability in the initial user creation functionality.

tags | exploit, csrf
SHA-256 | 77d856bfa456219b7064e2fb95ed37a80ef361d7340f805df55bf4a938533ffb
Wonder CMS 0.6 Cross Site Scripting
Posted Mar 17, 2015
Authored by Provensec

Wonder CMS version 0.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e90d859deee2e927ca6d1ae889ffe024e9021ad1f1e0d1137ecf15199f95c850
Applicure Dotdefender WAF 5.13-13282 Cross Site Scripting
Posted Mar 17, 2015
Authored by Akastep

Applicure Dotdefender WAF versions 5.13-13282 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d05822677796f7d42a5885b32d014b3e46f07144db1a28c4abd29b4ef4b5fb85
724CMS 5.01 / 4.59 / 4.01 / 3.01 Cross Site Scripting
Posted Mar 17, 2015
Authored by Wang Jing

724CMS versions 5.01, 4.59, 4.01, and 3.01 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ab019ff802627e97149ae0b3963cf84ed5d69814d1a2622737a1242c6b457523
724CMS 5.01 / 4.59 / 4.01 / 3.01 SQL Injection
Posted Mar 17, 2015
Authored by Wang Jing

724CMS versions 5.01, 4.59, 4.01, and 3.01 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a6672aaedd9e9354c968805b5f990cfa2885ffeef4a4ab9559cb189a87693c39
Intel Network Adapter Diagnostic Driver IOCTL DoS
Posted Mar 17, 2015
Authored by Glafkos Charalambous

A vulnerability in iqvw32.sys and iqvw64e.sys drivers has been discovered in the Intel Network Adapter Driver. The vulnerability exists due to insufficient input buffer validation when the driver processes IOCTL codes 0x80862013, 0x8086200B, 0x8086200F, 0x80862007 using METHOD_NEITHER and due to insecure permissions allowing everyone read and write access to privileged use only functionality. Attackers can exploit this issue to cause a Denial of Service or possibly execute arbitrary code in kernel space.

tags | exploit, denial of service, arbitrary, kernel
advisories | CVE-2015-2291
SHA-256 | 2aaae5882cd70b23fb6de73c08c10c9b3a2580d689f599c18245a6496dc7c1ca
Mambo 4.6.5 Cross Site Request Forgery / SQL Injection
Posted Mar 17, 2015
Authored by Provensec

Mambo version 4.6.5 suffers from a cross site request forgery vulnerability that allows for remote SQL injection.

tags | exploit, remote, sql injection, csrf
SHA-256 | 04bf9a99d0420b97a030af4f2b626076b0e55a0fa14e06697a069a826e3585ce
DNS Spider Multithreaded Bruteforcer 0.6
Posted Mar 17, 2015
Authored by noptrix | Site nullsecurity.net

DNS Spider is a multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.

Changes: Upgraded default wordlist. Replaced optionparser with argparse. Add version output option. Fixed typo.
tags | tool, scanner
systems | unix
SHA-256 | ab05f4446447485d9e01006db792d8ceff3738d1799373c3c8b484e2a5bdd401
UliCMS 8.0.1 Cross Site Request Forgery
Posted Mar 17, 2015
Authored by Provensec

UliCMS version 8.0.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 9b42b7b4b12fd9108033bbc04bd7fa32db25cdc43e93fe2f55e9ff51410b41ca
Linux/x86 ROT13 Encoded execve("/bin/sh") Shellcode
Posted Mar 17, 2015
Authored by xmgv

68 bytes small Linux/x86 rot 13 encoded execve("/bin/sh") shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | d5c53f68b3271754dd33f9b9b3fce23cc492b3410d1677a1cdebc0367665c996
Linux/x86 chmod 0777 /etc/shadow Shellcode
Posted Mar 17, 2015
Authored by xmgv

84 bytes small obfuscated Linux/x86 shellcode that performs chmod 0777 /etc/shadow.

tags | x86, shellcode
systems | linux
SHA-256 | 86599ae981137ac35644a9a76fff0131fb83ddab86a4da180a26b684314311a4
Linux/x86 Google.com Remap Shellcode
Posted Mar 17, 2015
Authored by xmgv

98 bytes small obfuscated Linux/x86 shellcode that maps google.com to 127.1.1.1.

tags | x86, shellcode
systems | linux
SHA-256 | 5e2f47bde231bcc4252b85f5bb7dec35d14ae3da0008b9e96d251474d15e793e
Windows Diagnostic Troubleshooting Wizard Buffer Overflow
Posted Mar 17, 2015
Authored by Nick Prowse

Microsoft Windows Diagnostic Troubleshooting Wizard suffers from buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | windows
SHA-256 | 4cece5e320932e7702b7eabfa2aaeb0ad115b1cfa29142b0be78a1372ac31ad7
.NetFramework 4.03 Buffer Overflows
Posted Mar 17, 2015
Authored by Nick Prowse

NetFramework version 4.03 suffers from buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
SHA-256 | b3060378025fd371ff54d57225de65a0e37ad829f6e3c1e608cf2af10bbab183
Linux/x86 Obfuscated execve("/bin/sh") Shellcode
Posted Mar 17, 2015
Authored by xmgv

40 bytes small Linux/x86 obfuscated execve("/bin/sh") shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 6bc72d166eab16b210ccb20f51b7dd79c511d39d99c8520c5c27fe2d5420016c
Protecting IIS With Apache Mod Proxy And Dotdefender WAF
Posted Mar 17, 2015
Authored by Akastep

This is a whitepaper discussing using Apache with mod_proxy and Dotdefender to protect IIS installs. Written in Azerbaijani.

tags | paper
SHA-256 | d05d7429ea70363cecca14474d2edcf047db67733e981e02c510f7d4967caf65
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close