exploit the possibilities
Showing 1 - 8 of 8 RSS Feed

Files Date: 2016-04-09

DotCMS 3.5 Beta Cross Site Scripting
Posted Apr 9, 2016
Authored by Piaox Xiong

DotCMS version 3.5 Beta suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 50386f30837ec7b4648f8f918fd0242e
DotCMS 3.5 Beta Directory Traversal
Posted Apr 9, 2016
Authored by Piaox Xiong

DotCMS version 3.5 Beta suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 76d97ec3f16133075cd60a3bb87edfc0
ExaGrid Known SSH Key / Default Password
Posted Apr 9, 2016
Authored by egypt | Site metasploit.com

ExaGrid ships a public/private key pair on their backup appliances to allow passwordless authentication to other ExaGrid appliances. Since the private key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. Additionally, this module will attempt to use the default password for root, 'inflection'.

tags | exploit, remote, root
advisories | CVE-2016-1560, CVE-2016-1561
MD5 | 3fbd7e79c9e739bd3384bf1e8d1cadf6
PostgreSQL CREATE LANGUAGE Execution
Posted Apr 9, 2016
Authored by Micheal Cottingham, midnitesnake, Nixawk | Site metasploit.com

Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To execute system commands, loading the "untrusted" version of the language is necessary. This requires a superuser. This is usually postgres. The execution should be platform-agnostic, and has been tested on OS X, Windows, and Linux. This Metasploit module attempts to load Perl or Python to execute system commands. As this dynamically loads a scripting language to execute commands, it is not necessary to drop a file on the filesystem. Only Postgres 8 and up are supported.

tags | exploit, perl, python
systems | linux, windows, apple, osx
MD5 | 3c81d94f69a7a70e2c856b1c3cb07ab0
Android IOMX getConfig/getParameter Information Disclosure
Posted Apr 9, 2016
Authored by Google Security Research, forshaw

The GET_CONFIG and GET_PARAMETER calls on IOMX are vulnerable to an information disclosure of uninitialized heap memory. This could be used by an attacker to break ASLR in the media server process by reading out heap memory which contains useful address information.

tags | exploit, info disclosure
systems | linux
advisories | CVE-2016-2417
MD5 | 66e59acf2d705f1b7f2bf56ae18ab2a5
Android IMemory Native Interface Insecure IPC Use
Posted Apr 9, 2016
Authored by Google Security Research, forshaw

The IMemory interface in frameworks/native/libs/binder/IMemory.cpp, used primarily by the media services can be tricked to return arbitrary memory locations leading to information disclosure or memory corruption.

tags | exploit, arbitrary, info disclosure
systems | linux
advisories | CVE-2016-0846
MD5 | ec093c2a518746cb8fe96c41275efde3
Hikvision Digital Video Recorder Cross Site Request Forgery
Posted Apr 9, 2016
Authored by LiquidWorm | Site zeroscience.mk

Hikvision Digital Video Recorder versions LV-D2104CS, DS-7316HFI-ST, DS-7216HVI-SV/A, DS-7208HVI-SH, and DS-7204HVI-SH suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | ca3b7aec5d618bd60ac4bc8866bce554
JAWS 13 Privilege Escalation
Posted Apr 9, 2016
Authored by Gregory Heimbuecher

A local privilege escalation vulnerability has been identified in the JTVNCProxy Windows service in JAWS version 13.0 and earlier. When installed, this service allows Read/Write access to any user, meaning any user can modify the location of the binary executed by the service with SYSTEM privileges. It should be noted that this vulnerability is not present in versions of JAWS from version 14 onwards.

tags | advisory, local
systems | windows
MD5 | 81d8b05d70ef8e08d2b3a76c9f5ff3e2
Page 1 of 1
Back1Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    11 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    17 Files
  • 22
    Aug 22nd
    9 Files
  • 23
    Aug 23rd
    3 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close