ignore security and it'll go away
Showing 1 - 23 of 23 RSS Feed

Files Date: 2015-07-14

WordPress Image Export 1.1 Arbitrary File Download
Posted Jul 14, 2015
Authored by Larry W. Cashdollar

WordPress Image Export plugin version 1.1 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
MD5 | d7a5b1bed9400532c365455bee9cb242
Joomla Docman Path Disclosure / Local File Inclusion
Posted Jul 14, 2015
Authored by Hugo Santiago dos Santos

Joomla Docman suffers from full path disclosure and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, info disclosure
MD5 | e8e06f4cafc5ef9b40bce736d8210826
Kaseya Virtual System Administrator File Download / Open Redirect
Posted Jul 14, 2015
Authored by Pedro Ribeiro

Kaseya Virtual System Administrator suffers from arbitrary file download open redirection vulnerabilities.

tags | exploit, arbitrary, vulnerability
MD5 | f09ecb1305712aebae36fcd9c0b8ffd3
PFSense 2.2.2 Cross Site Scripting
Posted Jul 14, 2015
Authored by William Costa

PFSense version 2.2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3481f5a759faa072f642cbe2b075aa2e
ArticleFR 3.0.6 Cross Site Request Forgery
Posted Jul 14, 2015
Authored by LiquidWorm | Site zeroscience.mk

ArticleFR version 3.0.6 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
MD5 | 5b3ef44882431e5a4a0a7d3b7e9bcb04
ArticleFR 3.0.6 Cross Site Scripting
Posted Jul 14, 2015
Authored by LiquidWorm | Site zeroscience.mk

ArticleFR suffers from multiple stored cross site scripting vulnerabilities. The issues are triggered when input passed via the POST parameter 'name' in Categories, POST parameters 'title' and 'rel' in Links and GET parameter 'url' in PingServers module is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.6 is affected.

tags | exploit, arbitrary, vulnerability, xss
MD5 | 2427f2ad5e86938503f1ef9cc0167976
Panda Security 1.0.0.13 Arbitrary Code Execution
Posted Jul 14, 2015
Authored by Kyriakos Economou | Site portcullis-security.com

Panda Kernel Memory Access Driver does not validate the size of data to be copied to both an allocated kernel paged pool buffer and to an allocated non-paged pool buffer. Furthermore, the attacker has control over the start-to-copy index regarding the non-paged pool buffer which allows an attacker to corrupt a kernel object with more precision, and control the EIP via a hijacked function pointer.

tags | advisory, kernel
advisories | CVE-2015-1438
MD5 | ca41952973e33863bbff5456e8d6c432
SAP Afaria XeService.exe 7.0.6398.0 Weak File Permissions
Posted Jul 14, 2015
Authored by Russ Spooner | Site portcullis-security.com

The SAP Afaria Windows client software installs with weak default permissions that grant read and write permissions to the Everyone group to the install folder. Versions 7.0.6398.0 is affected.

tags | advisory
systems | windows
advisories | CVE-2015-3449
MD5 | fe5d4b2253606eefb749dd2e83322641
SAP ECC Privilege Escalation
Posted Jul 14, 2015
Authored by Tim Brown | Site portcullis-security.com

SAP ECC uses binaries that are executed with elevated privileges (SetGID and SetUID programs) that have been compiled in manner that means they searched for libraries in insecure locations.

tags | advisory
advisories | CVE-2015-3621
MD5 | 07567e01576d9b80a7b495235b1c2a95
WordPress Plotly 1.0.2 Cross Site Scripting
Posted Jul 14, 2015
Authored by Tom Adams

WordPress Plotly plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-5484
MD5 | 30f0e5e9aeba6893f4a72b90b721c08b
Pimcore CMS Build 3450 SQL Injection
Posted Jul 14, 2015
Authored by Josh Foote

Pimcore CMS build 3450 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-4426
MD5 | 8c9ae247700beaab1e84cc4bd9a20871
phpVibe 4.0 Arbitrary File Disclosure
Posted Jul 14, 2015
Authored by ali ahmady

phpVibe version 4.0 suffers from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | 2e6fd8269eaaa4e95cd7efddcf734f5b
Pimcore CMS Build 3450 Directory Traversal
Posted Jul 14, 2015
Authored by Josh Foote

Pimcore CMS build 3450 suffers from an issues where it is possible for an administrative user with the 'assets' permission to overwrite system configuration files via exploiting a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2015-4425
MD5 | 02dcc90d48a955c8bf191b993bbdfa45
Privilege Escalation Via Client Management Software Part 2
Posted Jul 14, 2015
Authored by Matthias Deeg

This whitepaper deals with local privilege escalation attacks via exploiting vulnerabilities in the client management software Empirum.

tags | paper, local, vulnerability
MD5 | a4a539ed8eaf700c2a49415c1750a7f5
The Events Calender: Eventbrite Tickets 3.9.6 Cross Site Scripting
Posted Jul 14, 2015
Authored by Tom Adams

The WordPress Eventbrite Tickets plugin from The Events Calendar version 3.9.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-5485
MD5 | 5a52733cae4df72c79599ca25204559c
AjaxControlToolkit File Upload Directory Traversal
Posted Jul 14, 2015
Authored by Brian Cardinale

The AjaxControlToolkit prior to version 15.1 has a file upload directory traversal vulnerability which on a poorly configured web server can lead to remote code execution.

tags | advisory, remote, web, code execution, file upload
advisories | CVE-2015-4670
MD5 | 59f45e703f5fbb90b27270107d19932b
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Jul 14, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 41d3084da2daad75c512c96f51e05aa4
FreiChat 9.6 SQL Injection
Posted Jul 14, 2015
Authored by Kacper Szurek

FreiChat version 9.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d99307cd0ee4d201553feac0c557241a
sysPass 1.0.9 SQL Injection
Posted Jul 14, 2015
Authored by Daniele Salaris

sysPass versions 1.0.9 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 03107da806f10e9c95d95462a4d03574
WordPress WP-PowerPlayGallery 3.3 File Upload / SQL Injection
Posted Jul 14, 2015
Authored by Larry W. Cashdollar

WordPress WP-PowerPlayGallery plugin version 3.3 suffers from remote file upload and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file upload
MD5 | 1144fa45fbb8e9bc98c05f2a6c450935
WordPress Floating Social Bar 1.1.5 Cross Site Scripting
Posted Jul 14, 2015
Authored by Kacper Szurek

WordPress Floating Social Bar version 1.1.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9cec60067438c6ce289cd11391cd65a6
Privilege Escalation Via Client Management Software Part 1
Posted Jul 14, 2015
Authored by Matthias Deeg

This whitepaper deals with local privilege escalation attacks via exploiting vulnerabilities in the client management software FrontRange DSM.

tags | paper, local, vulnerability
MD5 | c4857aadc3171182697bcaff28bbaff5
Full Player 8.2.1 Memory Corruption
Posted Jul 14, 2015
Authored by Sathish Arthar

Full Player version 8.2.1 memory corruption proof of concept exploit.

tags | exploit, proof of concept
MD5 | 04defcfde21302c87184991bcabcca73
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    11 Files
  • 19
    Oct 19th
    3 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close