exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files Date: 2016-10-13

Thatware 0.4.6 SQL Injection
Posted Oct 13, 2016
Authored by Besim

Thatware version 0.4.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b0e3574efe847d4e2f332f5438f958dbc0e42c3ad315c23ea82f30298ead5324
Ruby on Rails Dynamic Render File Upload Remote Code Execution
Posted Oct 13, 2016
Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in the explicit render method when leveraging user parameters. This Metasploit module has been tested across multiple versions of Ruby on Rails. The technique used by this module requires the specified endpoint to be using dynamic render paths. Also, the vulnerable target will need a POST endpoint for the TempFile upload, this can literally be any endpoint. This Metasploit module does not use the log inclusion method of exploitation due to it not being universal enough. Instead, a new code injection technique was found and used whereby an attacker can upload temporary image files against any POST endpoint and use them for the inclusion attack. Finally, you only get one shot at this if you are testing with the builtin rails server, use caution.

tags | exploit, remote, code execution, file upload, ruby
advisories | CVE-2016-0752
SHA-256 | 2fbf26de370b698bb74efc1d6c0140ccae69af739b14f4d4a7e3f03d0f400ca5
Ubuntu Security Notice USN-3103-1
Posted Oct 13, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3103-1 - It was discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. Hanno Boeck discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9906, CVE-2015-8949, CVE-2016-1246
SHA-256 | da5e68e57b7fabe8ed110134570d5b604edd24d7d2aea42f4cda4995b2d7cf88
Ubuntu Security Notice USN-3102-1
Posted Oct 13, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3102-1 - It was discovered that Quagga incorrectly handled dumping data. A remote attacker could possibly use a large BGP packet to cause Quagga to crash, resulting in a denial of service. It was discovered that the Quagga package incorrectly set permissions on the configuration directory. A local user could use this issue to possibly obtain sensitive information.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2016-4036, CVE-2016-4049
SHA-256 | 791bc0d8fd5a75d438e274cb9cd9cbde77f7f714f6d26ae6110b82c92af7c080
WordPress Newsletter 4.6.0 Cross Site Request Forgery / Cross Site Scripting
Posted Oct 13, 2016
Authored by Keith Lee

WordPress Newsletter plugin version 4.6.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 9cb12cdbcaf17c9df0d53118baf5921f395e74d64b4f4850784c04d99754e56d
Simple Blog PHP 2.0 SQL Injection
Posted Oct 13, 2016
Authored by Ehsan Hosseini

Simple Blog PHP version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 21f6a6aadaa0bf85ea8a973078fa5124f005f4d29b8c7202c26b3a8ef746f0d7
Simple Blog PHP 2.0 Cross Site Request Forgery / Cross Site Scripting
Posted Oct 13, 2016
Authored by Ehsan Hosseini

Simple Blog PHP version 2.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss, csrf
SHA-256 | dbf0d102e9f3e34c16c2fd12e85ad25a57d67bd13cb65d598b28cd2cc1650b4f
InsOnSrv Asus InstantOn 2.3.1.1 Privilege Escalation
Posted Oct 13, 2016
Authored by Cyril Vallicari

InsOnSrv Asus InstantOn version 2.3.1.1 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
SHA-256 | e59ff17712ec1640abfc4946a392fbd3a55062654f935ab2b9aeebe202e643f4
ASLDRService ATK Hotkey 1.0.69.0 Privilege Escalation
Posted Oct 13, 2016
Authored by Cyril Vallicari

ASLDRService ATK Hotkey version 1.0.69.0 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
SHA-256 | f0169ae282a3777b8217770b45aa25a852cf2282021f467c94f3cba60ac24249
Colorful Blog Cross Site Request Forgery
Posted Oct 13, 2016
Authored by Besim

Colorful Blog suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 43fdeb5945dd3e2484942f144c3cb8525379481e3213c23b70c389c0f92b58d1
ATKGFNEXSrv ATKGFNEX 1.0.11.1 Privilege Escalation
Posted Oct 13, 2016
Authored by Cyril Vallicari

ATKGFNEXSrv ATKGFNEX version 1.0.11.1 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
SHA-256 | ac750d062ae11ff566fbcf5f5b8c2b7366b11612c94aca1e19b888265ff1d8f1
Colorful Blog Cross Site Scripting
Posted Oct 13, 2016
Authored by Besim

Colorful Blog suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4089f29aef88d38dcf421597427d4775437dca96743c0b464ff9d00a016e93d4
Hotspot Shield 6.0.3 Privilege Escalation
Posted Oct 13, 2016
Authored by Amir.ght

Hotspot Shield version 6.0.3 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
SHA-256 | 711e67e425ec3861788f113f36618c50d4ca9bed727595d279f41e1f555726a1
VOX Music Player 2.8.8 Denial Of Service
Posted Oct 13, 2016
Authored by Antonio Z

VOX Music Player version 2.8.8 denial of service exploit that leverages a malicious .pls file.

tags | exploit, denial of service
SHA-256 | ee0d523d5fcdff0a4288a8fbd459143d65dfdd19b916cc65827f364273e2c463
IObit Malware Fighter 4.3.1 Privilege Escalation
Posted Oct 13, 2016
Authored by Amir.ght

IObit Malware Fighter version 4.3.1 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
SHA-256 | 5ed9a4756f6448d31e1fd73ddfb706aac5ac52971a8ff8c4709cd5031fe46170
Cisco Webex Player T29.10 Use-After-Free Memory Corruption
Posted Oct 13, 2016
Authored by Francis Provencher

Cisco Webex Player version T29.10 suffers from a .wrf use-after-free memory corruption vulnerability.

tags | exploit
systems | cisco
advisories | CVE-2016-1464
SHA-256 | e0ff7bc989af814b4c67fc1a215c0c9c5b753220fb884757fa81ba1faab1c1c4
Cisco Webex Player T29.10 Out-Of-Bounds Memory Corruption
Posted Oct 13, 2016
Authored by Francis Provencher

Cisco Webex Player version T29.10 suffers from a .arf out-of-bounds memory corruption vulnerability.

tags | exploit
systems | cisco
advisories | CVE-2016-1415
SHA-256 | a011619db8c6fd4ad93cbef076bea08ee8225e2099c8f79385d859e2926070b0
Subversion 1.6.6 / 1.6.12 Code Execution
Posted Oct 13, 2016
Authored by GlacierZ0ne

Subversion versions 1.6.6 and 1.6.12 suffers from a code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2013-2088
SHA-256 | 48d11ae6c6eb0352e1e86df10e86921c48bc13c065d2995bdebf8dce47e3ac0f
NetBilleterie 2.8 SQL Injection / Information Disclosure
Posted Oct 13, 2016
Authored by Wadeek

NetBilleterie version 2.8 suffers from remote SQL injection and information disclosure vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | 67eb1173e9a47959be8afd57a92575f29b7bf96962b2ffe0ca8cac0b6a650b6a
Bettercap 1.5.8
Posted Oct 13, 2016
Authored by evilsocket | Site bettercap.org

BetterCAP is a powerful, flexible, and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.

Changes: New --log-http-response, --html-file, and --full-duplex options. Various fixes.
tags | tool, web, sniffer, tcp
systems | unix
SHA-256 | d847391d5e920645692ad869afa0bbff270b11e26e73e839557fb9693c3513a6
ApPHP MicroBlog 1.0.2 Cross Site Scripting
Posted Oct 13, 2016
Authored by Besim

ApPHP MicroBlog version 1.0.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 54f9a6408d7424239c925526926536e2bfbb7e2c80a0aa8a513e71814f9a3a60
phpEnter 4.2.7 Cross Site Request Forgery
Posted Oct 13, 2016
Authored by Besim

phpEnter version 4.2.7 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 49bb885ad666d6da962ec53c3f444aa37daa752444043ddd36b6825d30d1d904
ApPHP MicroBlog 1.0.2 Cross Site Request Forgery
Posted Oct 13, 2016
Authored by Besim

ApPHP MicroBlog version 1.0.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | faf4a4d612af6d00bbccdd90bb42758a9277cf14a23bd894d5b0a724197d1e22
ApPHP MicroCMS 3.9.5 Cross Site Scripting
Posted Oct 13, 2016
Authored by Besim

ApPHP MicroCMS version 3.9.5 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d1a235d5a1dc75162006146885d6250531498ba9dab147982ea073d8fbe25694
BirdBlog 1.4.0 Cross Site Request Forgery
Posted Oct 13, 2016
Authored by Besim

BirdBlog version 1.4.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 992746b4cfb02ebc0196c376ff384f61170a822fc140f6ce4edf5a6fc4ac0025
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close