all things security
Showing 1 - 25 of 41 RSS Feed

Files Date: 2015-05-07

Adobe Flash Player domainMemory ByteArray Use After Free
Posted May 7, 2015
Authored by juan vazquez, temp66, hdarwin, bilou | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, when forcing a reallocation by copying more contents than the original capacity, but Flash forgets to update the domainMemory pointer, leading to a use-after-free situation when the main worker references the domainMemory again. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 17.0.0.134.

tags | exploit
systems | windows, 7
advisories | CVE-2015-0359
MD5 | 8127f22354b9daaa2681b4e32dbb870d
WordPress RevSlider 3.0.95 File Upload / Execute
Posted May 7, 2015
Authored by Simo Ben Youssef | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload vulnerability in the WordPress ThemePunch Revolution Slider ( revslider ) plugin, version 3.0.95 and prior. The vulnerability allows for arbitrary file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | 156ad3101d1c589747e54bf76d5a0f07
WordPress Ad Buttons 2.3.1 CSRF / Cross Site Scripting
Posted May 7, 2015
Authored by Kaustubh G. Padwad

WordPress Ad Buttons plugin version 2.3.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | e852b9ba527e9d29868c110941c97701
WordPress Freshmail 1.5.8 SQL Injection
Posted May 7, 2015
Authored by Felipe Molina

WordPress Freshmail plugin versions 1.5.8 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | a0c8e159a2f11853051cf2f911ab4867
Google App Engine Java Security Sandbox Bypasses
Posted May 7, 2015
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations released technical details, Google advisories, and new proof of concept code for the Google App Engine sandbox bypass vulnerabilities.

tags | exploit, vulnerability, proof of concept
systems | linux
MD5 | 956d84b58adbd3d0e9b366bb849df648
Yahoo eMarketing Cross Site Scripting
Posted May 7, 2015
Authored by Hadji Samir | Site vulnerability-lab.com

Yahoo eMarketing suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e21a258a8b372c3fcefd528b7eeeda7c
Album Streamer 2.0 Directory Traversal
Posted May 7, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Album Streamer version 2.0 suffers from a directory traversal vulnerability.

tags | exploit
MD5 | 37e1298dfe7b704bd4660dd9baec1bcc
WordPress Ultimate Profile Builder 2.3.3 CSRF / Cross Site Scripting
Posted May 7, 2015
Authored by Kaustubh G. Padwad

WordPress Ultimate Profile Builder plugin version 2.3.3 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | b3f5807199cf9c2264400f6b795a374e
WordPress ClickBank Ads 1.7 CSRF / Cross Site Scripting
Posted May 7, 2015
Authored by Kaustubh G. Padwad

WordPress ClickBank Ads plugin version 1.7 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 854d8aa6e035bc9bb841486fbf2431f7
Faraday 1.0.10
Posted May 7, 2015
Authored by Francisco Amato

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

tags | tool, rootkit
systems | unix
MD5 | a22fa7c7dc3ee49d36da1067a374e720
WordPress Ultimate Product Catalogue 3.1.2 SQL Injection
Posted May 7, 2015
Authored by Felipe Molina

WordPress Ultimate Product Catalogue plugin versions 3.1.2 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 5a4b2e34e5205fddc3c601855b6848a5
BullGuard Antivirus 15.0.297 Authentication Bypass
Posted May 7, 2015
Authored by Matthias Deeg

BullGuard Antivirus version 15.0.297 suffers from an authentication bypass vulnerability.

tags | advisory, bypass
MD5 | f17a6d937cd142efe664265134965554
BullGuard Premium Protection 15.0.297 Authentication Bypass
Posted May 7, 2015
Authored by Matthias Deeg

BullGuard Premium Protection version 15.0.297 suffers from an authentication bypass vulnerability.

tags | advisory, bypass
MD5 | dac220a2f4fcba022ea3e6e6856b1613
BullGuard Internet Security 15.0.297 Authentication Bypass
Posted May 7, 2015
Authored by Matthias Deeg

BullGuard Internet Security version 15.0.297 suffers from an authentication bypass vulnerability.

tags | advisory, bypass
MD5 | cda9840973d28f9360a82ae9b7164180
Koala Framework 3.7 Cross Site Scripting
Posted May 7, 2015
Authored by Provensec

Koala Framework version 3.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 277c429719982b6f1a059d76b14584c9
BigAce CMS 3.0 Cross Site Scripting
Posted May 7, 2015
Authored by Provensec

BigAce CMS version 3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3f6d541379163839c0ecdc35afa4d466
Manage Engine Asset Explorer 6.1.0 Build 6110 CSRF / XSS
Posted May 7, 2015
Authored by Kaustubh G. Padwad

Manage Engine Asset Explorer version 6.10 build 6110 suffers from cross site request forgery and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | a8ea4e7d7e34c2ce795986ac29c3b9dc
IBM WebSphere Portal 7.0 / 6.1.5 / 6.1.0 Cross Site Scripting
Posted May 7, 2015
Authored by Filippo Roncari

IBM WebSphere Portal versions 7.0, 6.1.5, and 6.1.0 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-0910
MD5 | 14a5a911aa04f3ad5e5ff09d71a3698c
Apple Security Advisory 2015-05-06-1
Posted May 7, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-05-06-1 - Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6 are now available and address memory corruption, information compromise, and unauthorized access vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2015-1152, CVE-2015-1153, CVE-2015-1154, CVE-2015-1155, CVE-2015-1156
MD5 | bd74877673a60f36f7b986165bded26e
WordPress Twenty Fifteen 4.2.1 Cross Site Scripting
Posted May 7, 2015
Authored by Onur YILMAZ, Omar Kurt

WordPress Twenty Fifteen theme version 4.2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-3429
MD5 | d9e157b0ae33571fa13c8771c165773d
WordPress WP Symposium 15.1 SQL Injection
Posted May 7, 2015
Authored by Hannes Trunde

WordPress WP Symposium plugin version 15.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-3325
MD5 | 247ff320a0c112cbd3355098a57a011b
gpEasy CMS 4.4 Cross Site Scripting
Posted May 7, 2015
Authored by Provensec

gpEasy CMS version 4.4 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | ef3088f421da384c4cd12b2403222299
WordPress Ad Inserter 1.5.2 CSRF / XSS
Posted May 7, 2015
Authored by Kaustubh G. Padwad

WordPress Ad Inserter plugin version 1.5.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 97567eb9adf2f8df4eb066de7d468e3c
WordPress Embed-Articles 7.0.3 CSRF / XSS
Posted May 7, 2015
Authored by Kaustubh G. Padwad

WordPress Embed-Articles plugin version 7.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | ef1c75d6c95a9725753213ca9c3d7940
TORNADO Computer Trading CMS SQL Injection
Posted May 7, 2015
Authored by kjfido | Site vulnerability-lab.com

TORNADO Computer Trading CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 578f02cfa203ccebade93c429ebefe42
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    5 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close