what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-08-22

up.time 7.5.0 Arbitrary File Disclose / Delete
Posted Aug 22, 2015
Authored by LiquidWorm | Site zeroscience.mk

Input passed to the 'file_name' parameter in 'get2post.php' script is not properly sanitised before being used to get the contents of a resource and delete files. This can be exploited to read and delete arbitrary data from local resources with the permissions of the web server using a proxy tool.

tags | exploit, web, arbitrary, local, php
SHA-256 | b34289732116b4bcb2f1cc6baf7009b19a2cf9b4141f05c2872a8413c0e3056e
up.time 7.5.0 Superadmin Privilege Escalation
Posted Aug 22, 2015
Authored by LiquidWorm | Site zeroscience.mk

up.time suffers from a privilege escalation issue. A normal user can elevate his/her privileges by sending a POST request setting the parameter 'userroleid' to 1. Cross site request forgery can be used to exploit this attack.

tags | exploit, csrf
SHA-256 | 7d8991bd1c8571696c4d5bc0528881855899add84755aee81553925cb1fb5cd5
up.time 7.5.0 Upload / Execute File
Posted Aug 22, 2015
Authored by LiquidWorm | Site zeroscience.mk

up.time suffers from arbitrary command execution. Attackers can exploit this issue using the monitor service feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF, privilege escalation, arbitrary text file creation, and renaming that file to php you can execute system commands with SYSTEM privileges.

tags | exploit, arbitrary, php
SHA-256 | 949580b449c0517f641c161c6b8c3484aee9aca17ee184db120e309739d67e3f
up.time 7.5.0 Cross Site Request Forgery / Cross Site Scripting
Posted Aug 22, 2015
Authored by LiquidWorm | Site zeroscience.mk

up.time version 7.5.0 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Multiple cross site scripting vulnerabilities were also discovered. The issue is triggered when input passed via the multiple parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | exploit, web, arbitrary, vulnerability, xss
SHA-256 | 90f994cc5cd98108a1348a7bdc9bb5646926787ce5ab51d82604ccd07d720675
Apache Flex BlazeDS 4.7.0 XML Entity Expansion
Posted Aug 22, 2015
Authored by Matthias Kaiser

When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations allows expanding of entities to local resources. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected.

tags | advisory, local
advisories | CVE-2015-3269
SHA-256 | 69d5afa3639558f66a8f98807a33cbb05547e69350539f5291a75ad6c03267b4
SiteFactory CMS 5.5.9 Directory Traversal
Posted Aug 22, 2015
Authored by Guillermo Garcia Marcos

SiteFactory CMS version 5.5.9 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | e4ab1c3da31d5df71707d83aff72277e904feb00d2b2303509770774c51338d3
EMC Documentum D2 Fail Open
Posted Aug 22, 2015
Site emc.com

EMC Documentum D2 contains fail open vulnerability that could be exploited by malicious users to compromise D2. Versions 4.2 and below are affected.

tags | advisory
advisories | CVE-2015-4537
SHA-256 | 899364e37cd67e01c0b2c948e748dbe613d041f7c0075d1ef3d101ee28ab4074
Microsoft HTA (HTML Application) Remote Code Execution
Posted Aug 22, 2015
Authored by Vulnerability Laboratory, Mohammad Reza Espargham | Site vulnerability-lab.com

Microsoft HTA (HTML Application) suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2014-6332
SHA-256 | bbdb1ff7a0240544683ac43328710d675b6ca6730cc5f656f38cbceae8da9dd3
Vifi Radio 1 Cross Site Request Forgery
Posted Aug 22, 2015
Authored by KnocKout

Vifi Radio version 1 suffers from a cross site request forgery vulnerability. Exploit to add administrator included.

tags | exploit, csrf
SHA-256 | 11d68726482c4931dd8bc7f9412e5b40a7a7002254633c42a4116b2ca2be56fb
Vifi Radio 1 Shell Upload / CSRF
Posted Aug 22, 2015
Authored by KnocKout

Vifi Radio version 1 suffers from a cross site request forgery vulnerability. Exploit to upload a shell included.

tags | exploit, shell, csrf
SHA-256 | 6e4d34f2dea11cbb4c459268cca16e9324f4452dfcc3d0ee46d37ee3d7f0c2d1
PDF Shaper 3.5 Remote Buffer Overflow
Posted Aug 22, 2015
Authored by metacom, Vulnerability Laboratory | Site vulnerability-lab.com

PDF Shaper version 3.5 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 1a862bd6f348439cf319bf9e523b76685ab407b894d14f0f8869b6561ddf0418
WebSolutions India Design CMS SQL Injection
Posted Aug 22, 2015
Authored by Vulnerability Laboratory, wild.soldier | Site vulnerability-lab.com

WebSolutions India Design CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c061545b9e430bd03eedcdc7c87c3bb0051c3de84e39af7ff0c47318939c2ae9
ChiefPDF Buffer Overflow
Posted Aug 22, 2015
Authored by metacom

Multiple ChiefPDF software such as PDF to Image Converter and PDF to Tiff Converter suffer from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | ffed99b419802af6605e6b28fb1865cc96f61850767f2496d2612b3364bc82e0
UBNT Client-Side Cross Site Scripting
Posted Aug 22, 2015
Authored by Hadji Samir, Vulnerability Laboratory | Site vulnerability-lab.com

Ubiquiti Networks suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a50cae4abbdd6321e36ece3542888a733c6cff6b46e247e0ef2451a3ed1e3697
MySQL Error Based SQL Injection Using EXP
Posted Aug 22, 2015
Authored by Osanda Malith

This paper discusses an overflow in the DOUBLE data type in MySQL.

tags | paper, overflow
SHA-256 | 994da41348fedec81430a33635725f5ef5bf21eaded32a286053dfd2938cf982
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close