exploit the possibilities
Showing 1 - 13 of 13 RSS Feed

Files Date: 2015-10-23

Realtyna RPL 8.9.2 CSRF / Cross Site Scripting
Posted Oct 23, 2015
Site zeroscience.mk

The Realtyna RPL application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Multiple cross site scripting vulnerabilities were also discovered. The issue is triggered when input passed via the multiple parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | exploit, web, arbitrary, vulnerability, xss
advisories | CVE-2015-7715
MD5 | eb75419904f01592396a75e477e8d9dd
Safari User-Assisted Applescript Exec Attack
Posted Oct 23, 2015
Authored by joev | Site metasploit.com

In versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by hooking the cmd-key keypress event, a user can be tricked into running arbitrary Applescript code. Gatekeeper should be disabled from Security and Privacy in order to avoid the unidentified Developer prompt.

tags | exploit, arbitrary
systems | apple, osx
advisories | CVE-2015-7007
MD5 | 89e9bb2d3aa0c450f7ded6ee07b500b6
Realtyna RPL 8.9.2 SQL Injection
Posted Oct 23, 2015
Authored by Bikramaditya Guha | Site zeroscience.mk

Realtyna RPL suffers from multiple SQL Injection vulnerabilities. Input passed via multiple POST parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

tags | exploit, arbitrary, vulnerability, sql injection
advisories | CVE-2015-7714
MD5 | eb92dc728e2ecd8a0d2ea55b92c23087
Lime Survey 2.06+ Build 151014 File Download / Code Execution
Posted Oct 23, 2015
Authored by P. Morimoto | Site sec-consult.com

Lime Survey versions 2.05 through 2.06+ Build 151014 suffer from arbitrary file download, database access, and php code execution vulnerabilities.

tags | advisory, arbitrary, php, vulnerability, code execution
MD5 | 7f94c010cda6ca62198b71daf78d3a57
Beckoff CX9020 CPU Model Remote Code Execution
Posted Oct 23, 2015
Authored by Photubias

This proof of concept exploit allows any attack to reboot any CX9020 PLC and add random (Web) users to be configured.

tags | exploit, web, proof of concept
advisories | CVE-2015-4051
MD5 | 7e1cc2c85a3acb1409945fa7a6993562
Bamboo Java Code Execution
Posted Oct 23, 2015
Authored by David Black

Bamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo web interface.

tags | advisory, java, web, arbitrary
advisories | CVE-2015-6576
MD5 | 149dad8c8ed4c9dd11dcf369ac510549
TeamSpeak Client 3.0.18.1 RFI / Traversal / Code Execution
Posted Oct 23, 2015
Authored by Scurippio

TeamSpeak Client versions 3.0.18.1 and below suffer from remote code execution, remote file inclusion, and directory traversal vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
MD5 | 17f291bbc5cec74fcba88bce66838319
Microsoft Compiled HTML Help Remote Code Execution
Posted Oct 23, 2015
Authored by Ehsan Noreddini

Microsoft Compiled HTML Help remote code execution exploit that downloads a malicious file.

tags | exploit, remote, code execution
advisories | CVE-2014-6332
MD5 | 831f60f6ea0b7ae5c07b560bfd1ce7b6
Subrion 3.x.x File Download / Arbitrary Access
Posted Oct 23, 2015
Authored by bRpsd

Subrion version 3.x.x suffers from various access control vulnerabilities.

tags | exploit, vulnerability, bypass
MD5 | 9ef807d5452211a50f3988cc316d76fb
Red Hat Security Advisory 2015-1929-01
Posted Oct 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1929-01 - Ironic provides bare metal provisioning for OpenStack nodes. It was discovered that enabling debug mode in openstack-ironic-discoverd also enables debug mode in the underlying Flask framework. If errors are encountered while Flask is in debug mode, a user experiencing an error may be able to access the debug console. All openstack-ironic-discoverd users are advised to upgrade to these updated packages, which correct this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-5306
MD5 | 8d6ef249003e0006a66ebfc209cd649f
Red Hat Security Advisory 2015-1927-01
Posted Oct 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1927-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-4911
MD5 | a407d4ae847aa03b8120f47b3e67befe
Red Hat Security Advisory 2015-1928-01
Posted Oct 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1928-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4835, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-4911
MD5 | f191a099880eff131732d46aa17e0913
Red Hat Security Advisory 2015-1926-01
Posted Oct 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1926-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4868, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4901, CVE-2015-4902, CVE-2015-4903, CVE-2015-4906, CVE-2015-4908, CVE-2015-4911, CVE-2015-4916
MD5 | ab3420893d84a71636f7ebaa261645de
Page 1 of 1
Back1Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close