accept no compromises
Showing 1 - 25 of 25 RSS Feed

Files Date: 2015-09-28

Centreon 2.6.1 Command Injection
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Centreon version 2.6.1 suffers from a command injection vulnerability. The POST parameter 'persistant' which serves for making a new service run in the background is not properly sanitized before being used to execute commands. This can be exploited to inject and execute arbitrary shell commands as well as using cross site request forgery attacks.

tags | exploit, arbitrary, shell, csrf
MD5 | ed1afc21672db6e6d5419984ecce247e
IconLover 5.4.5 Stack Buffer Overflow
Posted Sep 28, 2015
Authored by ZwX | Site vulnerability-lab.com

IconLover version 5.4.5 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
MD5 | c8aff1275f7c8500204bd91e66859a60
Photos In Wifi 1.0.1 File Upload
Posted Sep 28, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Photos in Wifi version 1.0.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | e6195c0d80ab8f6fafbf4b9d6160ace0
Centreon 2.6.1 Add Administrator Cross Site Request Forgery
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Centreon version 2.6.1 add administrator cross site request forgery exploit.

tags | exploit, csrf
MD5 | 1138e1cb51c1767b3a1796a2e6c23530
Flash Failing Checks On uint Capacity Field
Posted Sep 28, 2015
Authored by Google Security Research, forshaw

The latest version of the Vector.primitive length check in Flash 18,0,0,232 is not robust against memory corruptions such as heap overflows. While it is no longer possible to obviously bypass the length check there is still unguarded data in the object which could be corrupted to serve as a useful primitive.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-5568
MD5 | d8d63f278bfaf7212db84743a736c353
BisonWare BisonFTP 3.5 Directory Traversal
Posted Sep 28, 2015
Authored by Jay Turla

BisonWare BisonFTP version 3.5 suffers from a directory traversal vulnerability.

tags | exploit
MD5 | eceff934180525af8de9af76168dbd0f
ManageEngine EventLog Analyzer Remote Code Execution
Posted Sep 28, 2015
Authored by xistence | Site metasploit.com

This Metasploit module exploits a SQL query functionality in ManageEngine EventLog Analyzer v10.6 build 10060 and previous versions. Every authenticated user, including the default "guest" account can execute SQL queries directly on the underlying Postgres database server. The queries are executed as the "postgres" user which has full privileges and thus is able to write files to disk. This way a JSP payload can be uploaded and executed with SYSTEM privileges on the web server. This Metasploit module has been tested successfully on ManageEngine EventLog Analyzer 10.0 (build 10003) over Windows 7 SP1.

tags | exploit, web
systems | windows, 7
MD5 | 8aa69f01509e92e3e8de9b7ce3fbd570
Rowhammer Linux Kernel Privilege Escalation Proof Of Concept
Posted Sep 28, 2015
Authored by Google Security Research, mseaborn

Proof of concept exploit code for the Linux Rowhammer DRAM privilege escalation vulnerability.

tags | exploit, proof of concept
systems | linux
MD5 | 2a3a58b2b7cb030ce8a4bc92628f308e
Centreon 2.6.1 Shell Upload
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Centreon version 2.6.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 71a4b274917f301d9cf6e59ae074de13
WordPress Appointment Booking Calendar 1.1.7 XSS
Posted Sep 28, 2015
Authored by Iberia Medeiros

WordPress Appointment Booking Calendar plugin version 1.1.7 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-7320
MD5 | 88b7530045412c37df11b752add627f4
ProjeQtor 4.5.2 Shell Upload
Posted Sep 28, 2015
Authored by Arturo Rodriguez

ProjeQtor version 4.5.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 88889431648b2b18a9911d0ca38873bb
DNS Spider Multithreaded Bruteforcer 0.7
Posted Sep 28, 2015
Authored by noptrix | Site noptrix.net

DNS Spider is a multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.

Changes: Upgraded built-in wordlist. Removed annoying timeout warnings and color output when logging to file.
tags | tool, scanner
systems | unix
MD5 | ef9cdeedc0db5421662f3b68685fcf5f
Ubuntu Security Notice USN-2747-1
Posted Sep 28, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2747-1 - Dario Weisser discovered that the NVIDIA graphics drivers incorrectly handled certain IOCTL writes. A local attacker could use this issue to possibly gain root privileges.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2015-5950
MD5 | a061c1b205c49949ca797430d7dcd429
Open Source Point Of Sale 2.3.1 Cross Site Scripting
Posted Sep 28, 2015
Authored by Arturo Rodriguez

Open Source Point of Sale version 2.3.1 suffers from a persistent cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2015-0299
MD5 | c7aa2f74011dff159d1a2d9d4e7182d2
Collabtive 2.0 Shell Upload
Posted Sep 28, 2015
Authored by Arturo Rodriguez

Collabtive version 2.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2015-0258
MD5 | 9c6a8438c3abf888bb1b897c4d3d293e
Mango Automation 2.6.0 File Upload / Code Execution CSRF
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Mango Automation version 2.6.0 file upload and arbitrary JSP code execution cross site request forgery exploit.

tags | exploit, arbitrary, code execution, file upload, csrf
MD5 | 320696d72a2c027da67ab2d5e323901a
Mango Automation 2.6.0 Command Execution Cross Site Request Forgery
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Mango Automation version 2.6.0 arbitrary command execution cross site request forgery exploit.

tags | exploit, arbitrary, csrf
MD5 | 4c424619c43451bce85dc22cdcf34e38
Mango Automation 2.6.0 Unprotected Debug Log View
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Mango Automation version 2.6.0 suffers from an information disclosure vulnerability because it contains default configuration for debugging enabled in the '/WEB-INF./web.xml' file (debug=true). An attacker can entice a logged-in user to visit a specially crafted URL which will produce a system exception with stack trace on the Jetty server. When this error occurs, the debug option generates a status page with all the information from the visitor, meaning that the attacker is able to see usernames, password hashes, e-mails and of course, Cookie sessions). Using the generated error, the attacker can easily perform session hijacking and take over the system using previously discovered vulnerabilities by just visiting the status page non-authenticated.

tags | exploit, web, vulnerability, info disclosure
MD5 | 79ee3cee23eb127e9c44dd66054f1149
Mango Automation 2.6.0 SQL Query Cross Site Request Forgery
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Mango Automation version 2.6.0 arbitrary SQL query execution cross site request forgery exploit.

tags | exploit, arbitrary, csrf
MD5 | 907b130bc43a6988c4842c75b39db550
Mango Automation 2.6.0 Add Admin Cross Site Request Forgery
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Mango Automation version 2.6.0 add administrator cross site request forgery exploit.

tags | exploit, csrf
MD5 | 7cda52b28cf782b6acd4343eb9acad1f
OrangeHRM 3.3.1 Unauthorized Data Manipulation
Posted Sep 28, 2015
Authored by vishnu raju

OrangeHRM versions 3.3.1 and below suffer from an unauthorized data manipulation vulnerability.

tags | advisory
MD5 | ed41ef73c5f10033dcc90d8dfe0073f9
HP Security Bulletin HPSBHF03513
Posted Sep 28, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03513 - Potential security vulnerabilities have been identified with certain HP PCs and workstations with Windows and Linux running the NVidia Graphics Driver. The vulnerabilities could be locally exploited resulting in Denial of Service (DoS) and elevation of privilege. Note: This issue is present on Windows and Linux operating systems and affects all currently supported NVIDIA driver releases and all GPUs. This issue does not affect Android based NVIDIA Tegra products. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2015-5950
MD5 | 3573dd94a4876ad198b7f125dd6a48a1
My.WiFi USB Drive 1.0 File Inclusion
Posted Sep 28, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

My.WiFi USB Drive version 1.0 suffers from a file inclusion vulnerability.

tags | exploit, file inclusion
MD5 | 2c6d9335861abf7d44ecd9a9b70fa4ee
Flowdock API Script Insertion
Posted Sep 28, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Flowdock API suffers from a malicious script insertion vulnerability.

tags | exploit
MD5 | 24fd42c0d7eb3d853f802cc4ac8e99bd
NodeBB 0.8.2 Cross Site Scripting
Posted Sep 28, 2015
Authored by Mikica Ivosevic | Site vulnerability-lab.com

NodeBB version 0.8.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4f30d32ce2b6dd6d5d2d0703c68f225c
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    11 Files
  • 19
    Oct 19th
    3 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close