Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-08-22

up.time 7.5.0 Arbitrary File Disclose / Delete
Posted Aug 22, 2015
Authored by LiquidWorm | Site zeroscience.mk

Input passed to the 'file_name' parameter in 'get2post.php' script is not properly sanitised before being used to get the contents of a resource and delete files. This can be exploited to read and delete arbitrary data from local resources with the permissions of the web server using a proxy tool.

tags | exploit, web, arbitrary, local, php
MD5 | 1628a1d7ceadea0813a69014b57c72ab
up.time 7.5.0 Superadmin Privilege Escalation
Posted Aug 22, 2015
Authored by LiquidWorm | Site zeroscience.mk

up.time suffers from a privilege escalation issue. A normal user can elevate his/her privileges by sending a POST request setting the parameter 'userroleid' to 1. Cross site request forgery can be used to exploit this attack.

tags | exploit, csrf
MD5 | 210650d9d69e81705a1d1910960a4abd
up.time 7.5.0 Upload / Execute File
Posted Aug 22, 2015
Authored by LiquidWorm | Site zeroscience.mk

up.time suffers from arbitrary command execution. Attackers can exploit this issue using the monitor service feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF, privilege escalation, arbitrary text file creation, and renaming that file to php you can execute system commands with SYSTEM privileges.

tags | exploit, arbitrary, php
MD5 | 7a39441237e6a8fbee2b22e6b94882b4
up.time 7.5.0 Cross Site Request Forgery / Cross Site Scripting
Posted Aug 22, 2015
Authored by LiquidWorm | Site zeroscience.mk

up.time version 7.5.0 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Multiple cross site scripting vulnerabilities were also discovered. The issue is triggered when input passed via the multiple parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | exploit, web, arbitrary, vulnerability, xss
MD5 | eb8b93df9fb69079d50f4f5c27e178fd
Apache Flex BlazeDS 4.7.0 XML Entity Expansion
Posted Aug 22, 2015
Authored by Matthias Kaiser

When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations allows expanding of entities to local resources. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected.

tags | advisory, local
advisories | CVE-2015-3269
MD5 | c712a6a20b6791fd80403326c7724d49
SiteFactory CMS 5.5.9 Directory Traversal
Posted Aug 22, 2015
Authored by Guillermo Garcia Marcos

SiteFactory CMS version 5.5.9 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 2d4f3e170609c8d2ffbed92b1a3492cd
EMC Documentum D2 Fail Open
Posted Aug 22, 2015
Site emc.com

EMC Documentum D2 contains fail open vulnerability that could be exploited by malicious users to compromise D2. Versions 4.2 and below are affected.

tags | advisory
advisories | CVE-2015-4537
MD5 | 7a5dd9e9e80ced424bea573066ec497f
Microsoft HTA (HTML Application) Remote Code Execution
Posted Aug 22, 2015
Authored by Mohammad Reza Espargham | Site vulnerability-lab.com

Microsoft HTA (HTML Application) suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2014-6332
MD5 | 9729081b7d2a129b62aac06bde45b139
Vifi Radio 1 Cross Site Request Forgery
Posted Aug 22, 2015
Authored by KnocKout

Vifi Radio version 1 suffers from a cross site request forgery vulnerability. Exploit to add administrator included.

tags | exploit, csrf
MD5 | 781b73a10e9a693cb98eedb997daa93a
Vifi Radio 1 Shell Upload / CSRF
Posted Aug 22, 2015
Authored by KnocKout

Vifi Radio version 1 suffers from a cross site request forgery vulnerability. Exploit to upload a shell included.

tags | exploit, shell, csrf
MD5 | ec1d817ad52c88c7a8aa0954945faa08
PDF Shaper 3.5 Remote Buffer Overflow
Posted Aug 22, 2015
Authored by metacom | Site vulnerability-lab.com

PDF Shaper version 3.5 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | b65255b59887ba5df41922f6aea91271
WebSolutions India Design CMS SQL Injection
Posted Aug 22, 2015
Authored by wild.soldier | Site vulnerability-lab.com

WebSolutions India Design CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 62008fe81eaad2976425111dbabcf625
ChiefPDF Buffer Overflow
Posted Aug 22, 2015
Authored by metacom

Multiple ChiefPDF software such as PDF to Image Converter and PDF to Tiff Converter suffer from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 3d0f3ed1e55df074b0d97d60fa1fb1b2
UBNT Client-Side Cross Site Scripting
Posted Aug 22, 2015
Authored by Hadji Samir | Site vulnerability-lab.com

Ubiquiti Networks suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 0b66e6a0e588aa2e84e3fc11d5e7bd06
MySQL Error Based SQL Injection Using EXP
Posted Aug 22, 2015
Authored by Osanda Malith

This paper discusses an overflow in the DOUBLE data type in MySQL.

tags | paper, overflow
MD5 | 6719c22c4e76623f9156b543969a0c83
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close