exploit the possibilities
Showing 1 - 23 of 23 RSS Feed

Files Date: 2015-07-14

WordPress Image Export 1.1 Arbitrary File Download
Posted Jul 14, 2015
Authored by Larry W. Cashdollar

WordPress Image Export plugin version 1.1 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | f5dbd9b328b410e55ced6b1b19e5fa2738b42682e045d966972cc9e7585402e1
Joomla Docman Path Disclosure / Local File Inclusion
Posted Jul 14, 2015
Authored by Hugo Santiago dos Santos

Joomla Docman suffers from full path disclosure and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, info disclosure
SHA-256 | 2035df9be9103e5e7731bca557187aa16e61e414a6b55770d4e589c8c6d8cbbf
Kaseya Virtual System Administrator File Download / Open Redirect
Posted Jul 14, 2015
Authored by Pedro Ribeiro

Kaseya Virtual System Administrator suffers from arbitrary file download open redirection vulnerabilities.

tags | exploit, arbitrary, vulnerability
SHA-256 | 8f81d492c8f92ef800d091dc7a9b9b4e65c6a0776aa789f26d9207772f0843d5
PFSense 2.2.2 Cross Site Scripting
Posted Jul 14, 2015
Authored by William Costa

PFSense version 2.2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b41b9c68576f0be0722976059ed088c83310cca21a4d01f12703068087ad1bcc
ArticleFR 3.0.6 Cross Site Request Forgery
Posted Jul 14, 2015
Authored by LiquidWorm | Site zeroscience.mk

ArticleFR version 3.0.6 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
SHA-256 | fc4cceecf98e26b34c3709337914564c092fc67141584a9307de989d67ef1162
ArticleFR 3.0.6 Cross Site Scripting
Posted Jul 14, 2015
Authored by LiquidWorm | Site zeroscience.mk

ArticleFR suffers from multiple stored cross site scripting vulnerabilities. The issues are triggered when input passed via the POST parameter 'name' in Categories, POST parameters 'title' and 'rel' in Links and GET parameter 'url' in PingServers module is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.6 is affected.

tags | exploit, arbitrary, vulnerability, xss
SHA-256 | 97577b9ace469f43b13d8ce2548ca3144fe75dccb6067e8bf74ca67d2b2dbe4f
Panda Security 1.0.0.13 Arbitrary Code Execution
Posted Jul 14, 2015
Authored by Kyriakos Economou | Site portcullis-security.com

Panda Kernel Memory Access Driver does not validate the size of data to be copied to both an allocated kernel paged pool buffer and to an allocated non-paged pool buffer. Furthermore, the attacker has control over the start-to-copy index regarding the non-paged pool buffer which allows an attacker to corrupt a kernel object with more precision, and control the EIP via a hijacked function pointer.

tags | advisory, kernel
advisories | CVE-2015-1438
SHA-256 | 017a81162eb94fe7a9a71b19ac47e7b58ea849b57dcaba936c68c4e615a3aa90
SAP Afaria XeService.exe 7.0.6398.0 Weak File Permissions
Posted Jul 14, 2015
Authored by Russ Spooner | Site portcullis-security.com

The SAP Afaria Windows client software installs with weak default permissions that grant read and write permissions to the Everyone group to the install folder. Versions 7.0.6398.0 is affected.

tags | advisory
systems | windows
advisories | CVE-2015-3449
SHA-256 | f55a7dc136213d822d2d50e86eefeb0e200654f4242fdea8ec5a678e31edaa9e
SAP ECC Privilege Escalation
Posted Jul 14, 2015
Authored by Tim Brown | Site portcullis-security.com

SAP ECC uses binaries that are executed with elevated privileges (SetGID and SetUID programs) that have been compiled in manner that means they searched for libraries in insecure locations.

tags | advisory
advisories | CVE-2015-3621
SHA-256 | dda76ea46a15e7f7868621a6ca1e393d8ba4ac5999ea0d317aec6164f94be550
WordPress Plotly 1.0.2 Cross Site Scripting
Posted Jul 14, 2015
Authored by Tom Adams

WordPress Plotly plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-5484
SHA-256 | 8c8ecc962a319c7bfa3171c85e8bd93531f424c4f1101eaddd89bbe50f29c468
Pimcore CMS Build 3450 SQL Injection
Posted Jul 14, 2015
Authored by Josh Foote

Pimcore CMS build 3450 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-4426
SHA-256 | f7b0a644408b713c75a3b2b6813d047888f1cc7dda004eb2ff27ab376715fb66
phpVibe 4.0 Arbitrary File Disclosure
Posted Jul 14, 2015
Authored by ali ahmady

phpVibe version 4.0 suffers from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary, info disclosure
SHA-256 | 872cb632d10ee1d392d46059c45f959ef8b2d1c387db7d3980d10e5df1f17249
Pimcore CMS Build 3450 Directory Traversal
Posted Jul 14, 2015
Authored by Josh Foote

Pimcore CMS build 3450 suffers from an issues where it is possible for an administrative user with the 'assets' permission to overwrite system configuration files via exploiting a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2015-4425
SHA-256 | ab88a54c96cee261f04972545556b484aa577fdfae39c4f1a28989afe29b7997
Privilege Escalation Via Client Management Software Part 2
Posted Jul 14, 2015
Authored by Matthias Deeg

This whitepaper deals with local privilege escalation attacks via exploiting vulnerabilities in the client management software Empirum.

tags | paper, local, vulnerability
SHA-256 | 976d9cf9503cd3beaddb146f9507ee3529d1b82a6712b2cdc7b7ce1b67ac583a
The Events Calender: Eventbrite Tickets 3.9.6 Cross Site Scripting
Posted Jul 14, 2015
Authored by Tom Adams

The WordPress Eventbrite Tickets plugin from The Events Calendar version 3.9.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-5485
SHA-256 | 9d007e52a0aca85109b108602e13c60f95a5b63d24894f873375bcaaa6a3c02f
AjaxControlToolkit File Upload Directory Traversal
Posted Jul 14, 2015
Authored by Brian Cardinale

The AjaxControlToolkit prior to version 15.1 has a file upload directory traversal vulnerability which on a poorly configured web server can lead to remote code execution.

tags | advisory, remote, web, code execution, file upload
advisories | CVE-2015-4670
SHA-256 | 3ecb8a9a5021d70b1e7c79052e7ca74b09b23fe34ddae56eae4bc7ed860ab73e
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Jul 14, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 7314c7a33e39371cd2b97e6ad6effe66cd46811ce446554bda0d310bfd83be12
FreiChat 9.6 SQL Injection
Posted Jul 14, 2015
Authored by Kacper Szurek

FreiChat version 9.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 340c717fd761abf304ec7c246e204eb9f11ad8a6f4c06aabb383e69a76994e3a
sysPass 1.0.9 SQL Injection
Posted Jul 14, 2015
Authored by Daniele Salaris

sysPass versions 1.0.9 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6b3b7dbe62538e63e5bf0114ba91c34d647ba966aa039a58a9ad1fad1a067add
WordPress WP-PowerPlayGallery 3.3 File Upload / SQL Injection
Posted Jul 14, 2015
Authored by Larry W. Cashdollar

WordPress WP-PowerPlayGallery plugin version 3.3 suffers from remote file upload and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file upload
SHA-256 | 9f8d10108d02ae3286eb0f5ff0f4e6c51b291455c43a4e920c4dd937fcc5c9a4
WordPress Floating Social Bar 1.1.5 Cross Site Scripting
Posted Jul 14, 2015
Authored by Kacper Szurek

WordPress Floating Social Bar version 1.1.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e3d25f5373a83dae455e18baf666848ac55bb72a48e1200252f0f83bc659910d
Privilege Escalation Via Client Management Software Part 1
Posted Jul 14, 2015
Authored by Matthias Deeg

This whitepaper deals with local privilege escalation attacks via exploiting vulnerabilities in the client management software FrontRange DSM.

tags | paper, local, vulnerability
SHA-256 | 08ece3edf3aa93e1fde88c8522d035bcfa58b66f09c695d34999e853118ef852
Full Player 8.2.1 Memory Corruption
Posted Jul 14, 2015
Authored by Sathish Arthar

Full Player version 8.2.1 memory corruption proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | c07c5de0d2f58a49ab68f2ed72732c09a5adb03c0074d5688bb13c2ad8c5fe3b
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close