Exploit the possiblities
Showing 1 - 25 of 30 RSS Feed

Files Date: 2016-10-13

Thatware 0.4.6 SQL Injection
Posted Oct 13, 2016
Authored by Besim

Thatware version 0.4.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f502cad57e372dbb1fbe2c11c3d8f6c6
Ruby on Rails Dynamic Render File Upload Remote Code Execution
Posted Oct 13, 2016
Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in the explicit render method when leveraging user parameters. This Metasploit module has been tested across multiple versions of Ruby on Rails. The technique used by this module requires the specified endpoint to be using dynamic render paths. Also, the vulnerable target will need a POST endpoint for the TempFile upload, this can literally be any endpoint. This Metasploit module does not use the log inclusion method of exploitation due to it not being universal enough. Instead, a new code injection technique was found and used whereby an attacker can upload temporary image files against any POST endpoint and use them for the inclusion attack. Finally, you only get one shot at this if you are testing with the builtin rails server, use caution.

tags | exploit, remote, code execution, file upload, ruby
advisories | CVE-2016-0752
MD5 | 330df82eae0981c2ca7cc8777a63a53c
Ubuntu Security Notice USN-3103-1
Posted Oct 13, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3103-1 - It was discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. Hanno Boeck discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9906, CVE-2015-8949, CVE-2016-1246
MD5 | e23d7a1582a5b74698d8a445b3a1fd9e
Ubuntu Security Notice USN-3102-1
Posted Oct 13, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3102-1 - It was discovered that Quagga incorrectly handled dumping data. A remote attacker could possibly use a large BGP packet to cause Quagga to crash, resulting in a denial of service. It was discovered that the Quagga package incorrectly set permissions on the configuration directory. A local user could use this issue to possibly obtain sensitive information.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2016-4036, CVE-2016-4049
MD5 | 713db6ec075d419a92892e79e38ad52c
WordPress Newsletter 4.6.0 Cross Site Request Forgery / Cross Site Scripting
Posted Oct 13, 2016
Authored by Keith Lee

WordPress Newsletter plugin version 4.6.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 6cc120dc6ca72ce24477e8b469a32dba
Simple Blog PHP 2.0 SQL Injection
Posted Oct 13, 2016
Authored by Ehsan Hosseini

Simple Blog PHP version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | a3d925f22175f89144a96a0235314fec
Simple Blog PHP 2.0 Cross Site Request Forgery / Cross Site Scripting
Posted Oct 13, 2016
Authored by Ehsan Hosseini

Simple Blog PHP version 2.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss, csrf
MD5 | e998b49792a643ae9a5ec03a7f107ae3
InsOnSrv Asus InstantOn 2.3.1.1 Privilege Escalation
Posted Oct 13, 2016
Authored by Cyril Vallicari

InsOnSrv Asus InstantOn version 2.3.1.1 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
MD5 | 41b583f421ccd0b7e4369560f4b98825
ASLDRService ATK Hotkey 1.0.69.0 Privilege Escalation
Posted Oct 13, 2016
Authored by Cyril Vallicari

ASLDRService ATK Hotkey version 1.0.69.0 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
MD5 | ebd076b62e2ecc80be24b116cec033a8
Colorful Blog Cross Site Request Forgery
Posted Oct 13, 2016
Authored by Besim

Colorful Blog suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 2c66d9b45dd97284c93f087bd0bad734
ATKGFNEXSrv ATKGFNEX 1.0.11.1 Privilege Escalation
Posted Oct 13, 2016
Authored by Cyril Vallicari

ATKGFNEXSrv ATKGFNEX version 1.0.11.1 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
MD5 | a5e650ffa171f5b27f4dad937014379b
Colorful Blog Cross Site Scripting
Posted Oct 13, 2016
Authored by Besim

Colorful Blog suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | d9178f79d4ae0117458041a42977c615
Hotspot Shield 6.0.3 Privilege Escalation
Posted Oct 13, 2016
Authored by Amir.ght

Hotspot Shield version 6.0.3 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
MD5 | fff5bac21ca44742404c0d9fdf10eff1
VOX Music Player 2.8.8 Denial Of Service
Posted Oct 13, 2016
Authored by Antonio Z

VOX Music Player version 2.8.8 denial of service exploit that leverages a malicious .pls file.

tags | exploit, denial of service
MD5 | df452ac3339befd4238db035b7fad6c6
IObit Malware Fighter 4.3.1 Privilege Escalation
Posted Oct 13, 2016
Authored by Amir.ght

IObit Malware Fighter version 4.3.1 suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
MD5 | f5b9a1e3af8202b76d53f6bf2bdd5737
Cisco Webex Player T29.10 Use-After-Free Memory Corruption
Posted Oct 13, 2016
Authored by Francis Provencher

Cisco Webex Player version T29.10 suffers from a .wrf use-after-free memory corruption vulnerability.

tags | exploit
systems | cisco
advisories | CVE-2016-1464
MD5 | ec1cc7257ee75bf5544fca951cfac52b
Cisco Webex Player T29.10 Out-Of-Bounds Memory Corruption
Posted Oct 13, 2016
Authored by Francis Provencher

Cisco Webex Player version T29.10 suffers from a .arf out-of-bounds memory corruption vulnerability.

tags | exploit
systems | cisco
advisories | CVE-2016-1415
MD5 | 0ea248b2edbdd5bf05d03cdecdb11716
Subversion 1.6.6 / 1.6.12 Code Execution
Posted Oct 13, 2016
Authored by GlacierZ0ne

Subversion versions 1.6.6 and 1.6.12 suffers from a code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2013-2088
MD5 | 28d8b3c2a7abe9448c79cb3a810ef51c
NetBilleterie 2.8 SQL Injection / Information Disclosure
Posted Oct 13, 2016
Authored by Wadeek

NetBilleterie version 2.8 suffers from remote SQL injection and information disclosure vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
MD5 | f586c0ee0b0b53b8de663ab455f199ae
Bettercap 1.5.8
Posted Oct 13, 2016
Authored by evilsocket | Site bettercap.org

BetterCAP is a powerful, flexible, and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.

Changes: New --log-http-response, --html-file, and --full-duplex options. Various fixes.
tags | tool, web, sniffer, tcp
systems | unix
MD5 | 36da34d5adcfb224dff49bee99847691
ApPHP MicroBlog 1.0.2 Cross Site Scripting
Posted Oct 13, 2016
Authored by Besim

ApPHP MicroBlog version 1.0.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | c247fd686fb04a960b4ac0cbae420cc3
phpEnter 4.2.7 Cross Site Request Forgery
Posted Oct 13, 2016
Authored by Besim

phpEnter version 4.2.7 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | b6b3dd5b9a509118d973d9e16701906a
ApPHP MicroBlog 1.0.2 Cross Site Request Forgery
Posted Oct 13, 2016
Authored by Besim

ApPHP MicroBlog version 1.0.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 2b1356fd89ceac7b623e227009b5e828
ApPHP MicroCMS 3.9.5 Cross Site Scripting
Posted Oct 13, 2016
Authored by Besim

ApPHP MicroCMS version 3.9.5 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | daaced04928d75910172b107ac2e3921
BirdBlog 1.4.0 Cross Site Request Forgery
Posted Oct 13, 2016
Authored by Besim

BirdBlog version 1.4.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 98f6b8dd38e3d59b84c0d81e12610b99
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    28 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close