exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files Date: 2015-10-23

Realtyna RPL 8.9.2 CSRF / Cross Site Scripting
Posted Oct 23, 2015
Site zeroscience.mk

The Realtyna RPL application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Multiple cross site scripting vulnerabilities were also discovered. The issue is triggered when input passed via the multiple parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | exploit, web, arbitrary, vulnerability, xss
advisories | CVE-2015-7715
SHA-256 | 047a0c2fea9daff58d424e91c2902c98b106fa3fb893e43fbb2aa3fcf6462fb1
Safari User-Assisted Applescript Exec Attack
Posted Oct 23, 2015
Authored by joev | Site metasploit.com

In versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by hooking the cmd-key keypress event, a user can be tricked into running arbitrary Applescript code. Gatekeeper should be disabled from Security and Privacy in order to avoid the unidentified Developer prompt.

tags | exploit, arbitrary
systems | apple, osx
advisories | CVE-2015-7007
SHA-256 | 9ce25e64b927af84c807e90aff34d53a6d9d3e37334d7f8087944eb2e190924f
Realtyna RPL 8.9.2 SQL Injection
Posted Oct 23, 2015
Authored by Bikramaditya Guha | Site zeroscience.mk

Realtyna RPL suffers from multiple SQL Injection vulnerabilities. Input passed via multiple POST parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

tags | exploit, arbitrary, vulnerability, sql injection
advisories | CVE-2015-7714
SHA-256 | 711cc873d9f03c97d0b1aff0b9423799ea4457bd355199d1d787cb915373136c
Lime Survey 2.06+ Build 151014 File Download / Code Execution
Posted Oct 23, 2015
Authored by P. Morimoto | Site sec-consult.com

Lime Survey versions 2.05 through 2.06+ Build 151014 suffer from arbitrary file download, database access, and php code execution vulnerabilities.

tags | advisory, arbitrary, php, vulnerability, code execution
SHA-256 | e64f7d819aa7dc537c606c5a35ab89341148e290c54c9d62321a5507095816c5
Beckoff CX9020 CPU Model Remote Code Execution
Posted Oct 23, 2015
Authored by Photubias

This proof of concept exploit allows any attack to reboot any CX9020 PLC and add random (Web) users to be configured.

tags | exploit, web, proof of concept
advisories | CVE-2015-4051
SHA-256 | e9c12da930af4ff1905dfad1e33339cdaf3ba7a5fbb4f3b0eb58ec445d1ad02b
Bamboo Java Code Execution
Posted Oct 23, 2015
Authored by David Black

Bamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo web interface.

tags | advisory, java, web, arbitrary
advisories | CVE-2015-6576
SHA-256 | d92d7a7741f8085d106c9c636c2d5147d69c3234f902a1eccb57a0203ec89b96
TeamSpeak Client 3.0.18.1 RFI / Traversal / Code Execution
Posted Oct 23, 2015
Authored by Scurippio

TeamSpeak Client versions 3.0.18.1 and below suffer from remote code execution, remote file inclusion, and directory traversal vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | 0f1f28ec7d178ae2c06e6cef9201c86e88856619c37624414d85b53ac8c1c798
Microsoft Compiled HTML Help Remote Code Execution
Posted Oct 23, 2015
Authored by Ehsan Noreddini

Microsoft Compiled HTML Help remote code execution exploit that downloads a malicious file.

tags | exploit, remote, code execution
advisories | CVE-2014-6332
SHA-256 | f4dc71da21f607ff9cc2c465a0b85603953ff83391f6e202d6235c9186f0f389
Subrion 3.x.x File Download / Arbitrary Access
Posted Oct 23, 2015
Authored by bRpsd

Subrion version 3.x.x suffers from various access control vulnerabilities.

tags | exploit, vulnerability, bypass
SHA-256 | 62768949a23bcb01a340e14b69cadd8ee0b7efefabc11cccce4ab1fb165617b6
Red Hat Security Advisory 2015-1929-01
Posted Oct 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1929-01 - Ironic provides bare metal provisioning for OpenStack nodes. It was discovered that enabling debug mode in openstack-ironic-discoverd also enables debug mode in the underlying Flask framework. If errors are encountered while Flask is in debug mode, a user experiencing an error may be able to access the debug console. All openstack-ironic-discoverd users are advised to upgrade to these updated packages, which correct this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-5306
SHA-256 | d840b1f47da288f143473ad18550a3aab494bf1a340c40dda738b33147db375b
Red Hat Security Advisory 2015-1927-01
Posted Oct 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1927-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-4911
SHA-256 | 15536e37a3a34104a1bc1c3bf040fa32fcdb55519d6a55370937d6830cf6d00b
Red Hat Security Advisory 2015-1928-01
Posted Oct 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1928-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4835, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-4911
SHA-256 | 8630214eb4aef914d44073d8014ed234523b2760c2a6ebdda2d771bd3c1fadce
Red Hat Security Advisory 2015-1926-01
Posted Oct 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1926-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4868, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4901, CVE-2015-4902, CVE-2015-4903, CVE-2015-4906, CVE-2015-4908, CVE-2015-4911, CVE-2015-4916
SHA-256 | f8dd846665906a188878d41b7ab5af8500459fa5211f249dc609397075c5644e
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close