exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2016-02-22

WebSVN 2.3.3 Cross Site Scripting
Posted Feb 22, 2016
Authored by Jakub Palaczynski

WebSVN version 2.3.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-2511
SHA-256 | a7ba5892e78ad95ffdce00b9ef1323a029dbfc66b48c4f38700561660a102d77
Oxwall Forum 1.8.1 Cross Site Scripting
Posted Feb 22, 2016
Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

Oxwall Forum version 1.8.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b6aa613c8ccb42f23d6b700696f06569ae0df89c8101c407d293670c9bf3d89d
Fiyo CMS 2.0.2.1 Cross Site Scripting
Posted Feb 22, 2016
Authored by Sachin Wagh, Himanshu Mehta

Fiyo CMS version 2.0.2.1 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 5732fdfc5011b9dc19c8c8eaf3c4b3828bf0fc3780fe9b88c196adbe676b6107
Apache Tomcat Limited Directory Traversal
Posted Feb 22, 2016
Authored by Mark Thomas | Site tomcat.apache.org

When accessing resources via the ServletContext methods getResource() getResourceAsStream() and getResourcePaths() the paths should be limited to the current web application. The validation was not correct and paths of the form "/.." were not rejected. Note that paths starting with "/../" were correctly rejected. Apache Tomcat versions 6.0.0 through 6.0.44, 7.0.0 through 7.0.64, and 8.0.0.RC1 through 8.0.26.

tags | advisory, web
advisories | CVE-2015-5174
SHA-256 | b1f753e54e5215e5b5e3807834777c09565ba6a20e0a2b3c9fb5433a181e671a
Apache Tomcat CSRF Token Leak
Posted Feb 22, 2016
Authored by Mark Thomas | Site tomcat.apache.org

The index page of the Manager and Host Manager applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to construct a CSRF attack. Apache Tomcat versions 7.0.1 through 7.0.67, 8.0.0.RC1 through 8.0.31, and 9.0.0.M1 are affected.

tags | advisory, web, root
advisories | CVE-2015-5351
SHA-256 | cac499db9a90243eb7e3a3ae64996e75bfc026156676e4f5e2b513a78ec60214
Apache Tomcat Security Manager StatusManagerServlet Bypass
Posted Feb 22, 2016
Authored by Mark Thomas | Site tomcat.apache.org

The StatusManagerServlet could be loaded by a web application when a security manager was configured. This servlet would then provide the web application with a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. This could have exposed sensitive information from other web applications such as session IDs to the web application. Apache Tomcat versions 6.0.0 through 6.0.44, 7.0.0 through 7.0.67, 8.0.0.RC1 through 8.0.30, and 9.0.0.M1 are affected.

tags | advisory, web
advisories | CVE-2016-0706
SHA-256 | 881ae95f3222d34f23b6f66acf5f6fe6bc505df9c7afff2901307b8b3b3a741f
Dell OpenManage Server Administrator 8.2 Authentication Directory Traversal
Posted Feb 22, 2016
Authored by hantwister

Dell OpenManage Server Administrator version 8.2 suffers from an authenticated directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | f79a0b4fd92e8976403bd4b3878b355070b977051c0ec9f4ffe8fe936a2be51d
Apache Tomcat Session Fixation
Posted Feb 22, 2016
Authored by Mark Thomas | Site tomcat.apache.org

When recycling the Request object to use for a new request, the requestedSessionSSL field was not recycled. This meant that a session ID provided in the next request to be processed using the recycled Request object could be used when it should not have been. This gave the client the ability to control the session ID. In theory, this could have been used as part of a session fixation attack but it would have been hard to achieve as the attacker would not have been able to force the victim to use the 'correct' Request object. It was also necessary for at least one web application to be configured to use the SSL session ID as the HTTP session ID. This is not a common configuration. Apache Tomcat versions 7.0.5 through 7.0.65, 8.0.0.RC1 through 8.0.30, and 9.0.0.M1 are affected.

tags | advisory, web
advisories | CVE-2015-5346
SHA-256 | f04a5470641204db89ec17e9b80c496ffce8bd8aae7f2efd4bc0229158a89b21
Apache Tomcat Security Manager Persistence Bypass
Posted Feb 22, 2016
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat provides several session persistence mechanisms. The StandardManager persists session over a restart. The PersistentManager is able to persist sessions to files, a database or a custom Store. The Cluster implementation persists sessions to one or more additional nodes in the cluster. All of these mechanisms could be exploited to bypass a security manager. Session persistence is performed by Tomcat code with the permissions assigned to Tomcat internal code. By placing a carefully crafted object into a session, a malicious web application could trigger the execution of arbitrary code. Apache Tomcat versions 6.0.0 through 6.0.44, 7.0.0 through 7.0.67, 8.0.0.RC1 through 8.0.30, and 9.0.0.M1 are affected.

tags | advisory, web, arbitrary
advisories | CVE-2016-0714
SHA-256 | d8b973e72649ee49a60e92929010021e4dfc8736401a1288bdb928d8309d8597
ManageEngine Firewall Analyzer 8.5 SQL Injection
Posted Feb 22, 2016
Authored by Sachin Wagh

ManageEngine Firewall Analyzer version 8.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 203b6cdf8a8826ec7dc6dc08b58ffe98cd59dcd74b8ded9ec3ce4969545c2a02
PLANET IP ICA-5350V LFI / XSS / CSRF / Bypass
Posted Feb 22, 2016
Authored by GT.Omaz

PLANET IP surveillance camera model ICA-5350V suffers from authentication bypass, cross site request forgery, cross site scripting, arbitrary file read, hardcoded credential, and local file inclusion vulnerabilities.

tags | exploit, arbitrary, local, vulnerability, xss, bypass, file inclusion, csrf
SHA-256 | 9760b0ddcfb05af2b4f17976ad5b7b98e7d7ce2e5fee368b40236d57d5e5a7b7
SOLIDserver 5.0.4 Local File Inclusion
Posted Feb 22, 2016
Authored by Saeed reza Zamanian

SOLIDserver versions 5.0.4 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 01fe2fec29a6447d363278aed3981ba0efe470dabc0e35b81ca17d0daae55ab6
SamenBlog Weblog Service Cross Site Request Forgery / Cross Site Scripting
Posted Feb 22, 2016
Authored by Ehsan Hosseini

SamenBlog Weblog Service suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 68b5084457f76fb3532f45c3afce9726fa50bde054a8ae2bf5a8047cfa6d3a81
E-Cidade Directory Traversal
Posted Feb 22, 2016
Authored by vesp3r

E-Cidade suffers from a path traversal vulnerability.

tags | exploit
SHA-256 | 627a5e737562ff52b9fcd20e8d27159fb5a876854f062d1aa3897b98a610fd5a
Thru Managed File Transfer Portal 9.0.2 Insecure Direct Object Reference
Posted Feb 22, 2016
Authored by Dr. Erlijn van Genuchten

Thru Managed File Transfer Portal version 9.0.2 suffers from an insecure direct object reference vulnerability in the contacts list functionality.

tags | exploit
SHA-256 | 04bf2eec97770c7bbdcc28f9522714c4b0542d404957116ca9741cfcd118f04a
Thru Managed File Transfer Portal 9.0.2 Insecure Direct Object Reference
Posted Feb 22, 2016
Authored by Dr. Erlijn van Genuchten

Thru Managed File Transfer Portal version 9.0.2 suffers from an insecure direct object reference vulnerability in the upload functionality.

tags | exploit
SHA-256 | f0fc879814ce1f79dd42f81a3bfde9648a14d4d21f9c544a934eff7660ae4c39
Thru Managed File Transfer Portal 9.0.2 Missing Security Check
Posted Feb 22, 2016
Authored by Dr. Erlijn van Genuchten

The Thru Managed File Transfer application version 9.0.2 allows both unauthenticated and authenticated users to upload files, including viruses.

tags | advisory
SHA-256 | 178fc60f24aa280af3d976a9ac3ef913d89f1c7872bc906e522d80c60a97306b
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close