Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-03-24

SnappingTurtle: A Web Exploitation Tool
Posted Mar 24, 2016
Authored by John Leitch

This is a cross platform web exploitation tool written in Aphid and compiled into Python. Currently supports exploitation of PHP local file inclusion and SQL injection with more on the way.

tags | tool, web, local, php, sql injection, python, file inclusion
systems | unix
MD5 | 3c787629c70598ece396bcbe1b3e750d
innovaphone IP222 11r2 sr9 Brute Force
Posted Mar 24, 2016
Authored by Sven Freund

The innovaphone IP222 provides a password protected administration interface, which can be accessed via a web browser. Although the basic authentication was disabled and instead the digest authentication is used, it is still possible to perform brute-force attacks against the password authentication process.

tags | exploit, web
MD5 | e5488a05f98ad76cc4e1c2aa52baf97d
innovaphone IP222 11r2 sr9 Download Denial Of Service
Posted Mar 24, 2016
Authored by Sven Freund

At startup the innovaphone IP222 sends an HTTP request for a special PNG file to the involved server system. After the download has finished, the image is displayed on the phone by selecting the receiver screen in the menu. Providing a large image file (6.9 MB) within the download process and selecting the receiver screen on the phone will lead to a crash of the application and cause a denial of service condition. Remote code execution via this security vulnerability may also be possible, but was not confirmed by the SySS GmbH.

tags | exploit, remote, web, denial of service, code execution
MD5 | badbdfb0296507727dfaf5488f0ac0fe
innovaphone IP222 UDP Denial Of Service
Posted Mar 24, 2016
Authored by Sven Freund

The innovaphone IP222 offers different protocols, like H.323 or SIP, to fulfil the various requirements. The discovered vulnerability was found in the protocol SIP/UDP. Therefore a specially crafted SIP request to the open 5060/UDP port causes a denial of service condition by crashing the innovaphone IP222 phone immediately. Remote code execution via this security vulnerability may also be possible, but was not confirmed by the SySS GmbH.

tags | exploit, remote, denial of service, udp, code execution, protocol
MD5 | 6a5aaadbf8b51db5d4dc5583cbfbfa1c
WordPress WP External Links 1.80 Cross Site Scripting
Posted Mar 24, 2016
Authored by Cr4sh.0x | Site vulnerability-lab.com

WordPress WP External Links plugin version 1.80 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7e739d73a08837eb3ddc36449e55c9dc
Fortigate Backdoor Password Calculator
Posted Mar 24, 2016
Authored by Rishabh Dangwal

Simple python exploit that can be used to calculate the Fortigate backdoor password.

tags | exploit, python
MD5 | 14cbed01c741cedd301f5304e7b425c5
Red Hat Security Advisory 2016-0505-01
Posted Mar 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0505-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2016-2512, CVE-2016-2513
MD5 | 1a56f3ca3fef375e922ce5b38c84a5a4
Red Hat Security Advisory 2016-0504-01
Posted Mar 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0504-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2016-2512, CVE-2016-2513
MD5 | 9c22d20743acb817877401173d9fadaa
Red Hat Security Advisory 2016-0503-01
Posted Mar 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0503-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2016-2512, CVE-2016-2513
MD5 | 052700df92125e75c51290d5ca8da758
Red Hat Security Advisory 2016-0506-01
Posted Mar 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0506-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2016-2512, CVE-2016-2513
MD5 | 5ae39742b015b291f8fba96077a61cc1
Ubuntu Security Notice USN-2941-1
Posted Mar 24, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2941-1 - Kostya Kortchinsky discovered that Quagga incorrectly handled certain route data when configured with BGP peers enabled for VPNv4. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Quagga incorrectly handled messages with a large LSA when used in certain configurations. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-2236, CVE-2016-2342
MD5 | 695721c68ce127c7bb20cdc23c9aa960
Debian Security Advisory 3527-1
Posted Mar 24, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3527-1 - It was discovered that inspircd, an IRC daemon, incorrectly handled PTR lookups of connecting users. This flaw allowed a remote attacker to crash the application by setting up malformed DNS records, thus causing a denial-of-service.

tags | advisory, remote
systems | linux, debian
advisories | CVE-2015-8702
MD5 | fa9b49572c6d87a13a440dcd948fd3d3
Red Hat Security Advisory 2016-0502-01
Posted Mar 24, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0502-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2016-2512, CVE-2016-2513
MD5 | aa5838d0be7d78891a67c08d35ead275
Lithium Social CRM Cross Site Scripting
Posted Mar 24, 2016
Authored by Imran Khan

Lithium Social CRM suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | d193737b5f6c9f0fd262cdbfea72bec6
Linux x86 / x64 execve(/bin/sh) Shellcode
Posted Mar 24, 2016
Authored by Ajith KP

26 bytes small Linux x86 / x64 execve(/bin/sh) shellcode.

tags | x86, shellcode
systems | linux
MD5 | 42fc268a7ee3ac09e6cec8aaa22135de
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close