exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2016-02-22

WebSVN 2.3.3 Cross Site Scripting
Posted Feb 22, 2016
Authored by Jakub Palaczynski

WebSVN version 2.3.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-2511
MD5 | 1535c280076d01c4d53124517ea8fc1c
Oxwall Forum 1.8.1 Cross Site Scripting
Posted Feb 22, 2016
Authored by Lawrence Amer | Site vulnerability-lab.com

Oxwall Forum version 1.8.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | a5654057f3b48414d153801b0ad2874c
Fiyo CMS 2.0.2.1 Cross Site Scripting
Posted Feb 22, 2016
Authored by Sachin Wagh, Himanshu Mehta

Fiyo CMS version 2.0.2.1 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 7b69fce4de5fd126783e1054d9b2bc14
Apache Tomcat Limited Directory Traversal
Posted Feb 22, 2016
Authored by Mark Thomas | Site tomcat.apache.org

When accessing resources via the ServletContext methods getResource() getResourceAsStream() and getResourcePaths() the paths should be limited to the current web application. The validation was not correct and paths of the form "/.." were not rejected. Note that paths starting with "/../" were correctly rejected. Apache Tomcat versions 6.0.0 through 6.0.44, 7.0.0 through 7.0.64, and 8.0.0.RC1 through 8.0.26.

tags | advisory, web
advisories | CVE-2015-5174
MD5 | b46639530618df68a6b54c22e31d30a7
Apache Tomcat CSRF Token Leak
Posted Feb 22, 2016
Authored by Mark Thomas | Site tomcat.apache.org

The index page of the Manager and Host Manager applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to construct a CSRF attack. Apache Tomcat versions 7.0.1 through 7.0.67, 8.0.0.RC1 through 8.0.31, and 9.0.0.M1 are affected.

tags | advisory, web, root
advisories | CVE-2015-5351
MD5 | 13d06389e7723e26a16ec716117e92fb
Apache Tomcat Security Manager StatusManagerServlet Bypass
Posted Feb 22, 2016
Authored by Mark Thomas | Site tomcat.apache.org

The StatusManagerServlet could be loaded by a web application when a security manager was configured. This servlet would then provide the web application with a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. This could have exposed sensitive information from other web applications such as session IDs to the web application. Apache Tomcat versions 6.0.0 through 6.0.44, 7.0.0 through 7.0.67, 8.0.0.RC1 through 8.0.30, and 9.0.0.M1 are affected.

tags | advisory, web
advisories | CVE-2016-0706
MD5 | 11b7b49d8b9c8b774f372a62458eb542
Dell OpenManage Server Administrator 8.2 Authentication Directory Traversal
Posted Feb 22, 2016
Authored by hantwister

Dell OpenManage Server Administrator version 8.2 suffers from an authenticated directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | d0de6bd4641ae2a771e0b2ece4c71182
Apache Tomcat Session Fixation
Posted Feb 22, 2016
Authored by Mark Thomas | Site tomcat.apache.org

When recycling the Request object to use for a new request, the requestedSessionSSL field was not recycled. This meant that a session ID provided in the next request to be processed using the recycled Request object could be used when it should not have been. This gave the client the ability to control the session ID. In theory, this could have been used as part of a session fixation attack but it would have been hard to achieve as the attacker would not have been able to force the victim to use the 'correct' Request object. It was also necessary for at least one web application to be configured to use the SSL session ID as the HTTP session ID. This is not a common configuration. Apache Tomcat versions 7.0.5 through 7.0.65, 8.0.0.RC1 through 8.0.30, and 9.0.0.M1 are affected.

tags | advisory, web
advisories | CVE-2015-5346
MD5 | 4c28624d20682b4c548e0c8ee7d33a5c
Apache Tomcat Security Manager Persistence Bypass
Posted Feb 22, 2016
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat provides several session persistence mechanisms. The StandardManager persists session over a restart. The PersistentManager is able to persist sessions to files, a database or a custom Store. The Cluster implementation persists sessions to one or more additional nodes in the cluster. All of these mechanisms could be exploited to bypass a security manager. Session persistence is performed by Tomcat code with the permissions assigned to Tomcat internal code. By placing a carefully crafted object into a session, a malicious web application could trigger the execution of arbitrary code. Apache Tomcat versions 6.0.0 through 6.0.44, 7.0.0 through 7.0.67, 8.0.0.RC1 through 8.0.30, and 9.0.0.M1 are affected.

tags | advisory, web, arbitrary
advisories | CVE-2016-0714
MD5 | 0161201165f0e16b92a808ed998fb0e6
ManageEngine Firewall Analyzer 8.5 SQL Injection
Posted Feb 22, 2016
Authored by Sachin Wagh

ManageEngine Firewall Analyzer version 8.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ac5794a29552de103cde683923dd7bf7
PLANET IP ICA-5350V LFI / XSS / CSRF / Bypass
Posted Feb 22, 2016
Authored by GT.Omaz

PLANET IP surveillance camera model ICA-5350V suffers from authentication bypass, cross site request forgery, cross site scripting, arbitrary file read, hardcoded credential, and local file inclusion vulnerabilities.

tags | exploit, arbitrary, local, vulnerability, xss, bypass, file inclusion, csrf
MD5 | 76e8b5db9cf6d4afdc542b0bb117b7b3
SOLIDserver 5.0.4 Local File Inclusion
Posted Feb 22, 2016
Authored by Saeed reza Zamanian

SOLIDserver versions 5.0.4 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 79382c2dda242f569f4134037830bf20
SamenBlog Weblog Service Cross Site Request Forgery / Cross Site Scripting
Posted Feb 22, 2016
Authored by Ehsan Hosseini

SamenBlog Weblog Service suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 947963a213a487d26dda5ef2326e1b2e
E-Cidade Directory Traversal
Posted Feb 22, 2016
Authored by vesp3r

E-Cidade suffers from a path traversal vulnerability.

tags | exploit
MD5 | 7c1cbff0c4eaa9470363214cdca23427
Thru Managed File Transfer Portal 9.0.2 Insecure Direct Object Reference
Posted Feb 22, 2016
Authored by Dr. Erlijn van Genuchten

Thru Managed File Transfer Portal version 9.0.2 suffers from an insecure direct object reference vulnerability in the contacts list functionality.

tags | exploit
MD5 | 0359c7bcfb5f26ae08d45bc52e2355cd
Thru Managed File Transfer Portal 9.0.2 Insecure Direct Object Reference
Posted Feb 22, 2016
Authored by Dr. Erlijn van Genuchten

Thru Managed File Transfer Portal version 9.0.2 suffers from an insecure direct object reference vulnerability in the upload functionality.

tags | exploit
MD5 | ea88f860f37fc2b253ba3d845334f5aa
Thru Managed File Transfer Portal 9.0.2 Missing Security Check
Posted Feb 22, 2016
Authored by Dr. Erlijn van Genuchten

The Thru Managed File Transfer application version 9.0.2 allows both unauthenticated and authenticated users to upload files, including viruses.

tags | advisory
MD5 | 55196aa26e56539d6b47d39345b7787f
Page 1 of 1
Back1Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    12 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    16 Files
  • 22
    May 22nd
    13 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close