exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 411 RSS Feed

Files Date: 2017-12-01 to 2017-12-31

HP Mercury LoadRunner Agent magentproc.exe Remote Command Execution
Posted Dec 30, 2017
Authored by temp66, aushack | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in HP LoadRunner before 9.50 and also HP Performance Center before 9.50. HP LoadRunner 12.53 and other versions are also most likely vulnerable if the (non-default) SSL option is turned off. By sending a specially crafted packet, an attacker can execute commands remotely. The service is vulnerable provided the Secure Channel feature is disabled (default).

tags | exploit, remote
advisories | CVE-2010-1549
SHA-256 | 0bfa24b3a3de55a83f6e1af498795fa6d0ddf8b35ad4a3fdfc280bd24cc80dd2
Bitcoin Cash Receive Payments 1.0 Cross Site Scripting
Posted Dec 30, 2017
Authored by ShanoWeb

The CoinPayments API in Bitcoin Cash Receive Payments version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5520c90d106da07152f64b4382bc6011a873590dcdad5ceb64bdd481d5d4236e
WBiz Desk 1.0 Cross Site Scripting
Posted Dec 30, 2017
Authored by ShanoWeb

WBiz Desk version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 92320e858c586ecfa543bdc178dc71e91e7d058a9ad98001115f0ac1255ce93e
Joomla Varista Education 2.9 SQL Injection
Posted Dec 30, 2017
Authored by pwny

Joomla Varista Education template version 2.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6675591b3afcdef31e1587359d40658b37453853137a99f01a11a7aa4c3136b3
Joomla Jtag Minicart 4.1.0 SQL Injection
Posted Dec 30, 2017
Authored by Bilal Kardadou

Joomla Jtag Minicart component version 4.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 97b4e2c2eeb5824794805e41b513d4bd21530c913203d04be35830456956a8ea
Joomla JomHoliday 4.0 SQL Injection
Posted Dec 30, 2017
Authored by Bilal Kardadou

Joomla JomHoliday component version 4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 767a60fedf22258463462c31dbb04988eca5917d724629443f09f290f00b4a17
Joomla JomEvents 3.7 SQL Injection
Posted Dec 30, 2017
Authored by Bilal Kardadou

Joomla JomEvents component version 3.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8ec01102ca4bf7a41a18826f9bf4806b3bccd4180059754b75020b6b4d11199a
Joomla JomEstate PRO 3.7 SQL Injection
Posted Dec 30, 2017
Authored by Bilal Kardadou

Joomla JomEstate PRO component version 3.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bfcf42072b9cf91da89830017ac194a66f4f7e2e705f86e3ecbd335e99a52824
Joomla Jtag Members Directory 5.3.7 SQL Injection
Posted Dec 30, 2017
Authored by Bilal Kardadou

Joomla Jtag Members Directory component version 5.3.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d901d64738af4283912ae456b22303d55bea7e831289877bee031fc9b586d745
Joomla SP Movie Database 1.4 SQL Injection
Posted Dec 30, 2017
Authored by pwny

Joomla SP Movie Database component version 1.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8579c18b406fe62a9ac7a7283024d897b7774d96f54913999501538d96849cfa
GNU Privacy Guard 2.2.4
Posted Dec 29, 2017
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Multiple translations updated and various new options added.
tags | tool, encryption
SHA-256 | 401a3e64780fdfa6d7670de0880aa5c9d589b3db7a7098979d7606cec546f2ec
Lynis Auditing Tool 2.5.8
Posted Dec 29, 2017
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Check added for empty files improved on several locations. New allow-auto-purge setting in profile for short-lived systems. Additional checks for log and report file. Changes to support time synchronization in old and newer systemd releases. Enhanced output for systems other than Linux. New class (hardware) added and enabled in default profile.
tags | tool, scanner
systems | unix
SHA-256 | cb18e95e83c414ab36b125c9aa97c9a79b10a7cba2e94e622242611af5042ffb
Ansvif 1.8.1.1
Posted Dec 29, 2017
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release is for Windows 10 compatibility. Includes an ansvif.exe (with embedded icon this time), and printf.exe for reproducing faults. Also included are the examples to test ansvif on.
tags | tool, fuzzer
systems | unix
SHA-256 | a6465c6ebdc9d2ee488e2f8e4ef6e93e8ae72c06bb4873aee84e3b20039b9f2d
Joomla! JEXTN FAQ Pro 4.0.0 SQL Injection
Posted Dec 29, 2017
Authored by Ihsan Sencan

Joomla! JEXTN FAQ Pro component version 4.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-17875
SHA-256 | b03cc3319d419173541167131fc23d93ea0ec2598c61146e15e27155593d1973
Cambium ePMP1000 2.5 Command Injection
Posted Dec 29, 2017
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell.

tags | exploit, shell
SHA-256 | 80ffaf7cb462642699e6294696050604e8ce8895cc84c13a29c4668c10b20da4
Cambium ePMP1000 3.1-3.5-RC7 Command Injection
Posted Dec 29, 2017
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell. The module has been tested on versions 3.1-3.5-RC7.

tags | exploit, shell
advisories | CVE-2017-5255
SHA-256 | 19c3372a730e1d8d0af6219db6b006294c0a1e69708189476bc93f45950021eb
pfSense 2.1.3-RELEASE (amd64) Remote Command Execution
Posted Dec 28, 2017
Authored by wetw0rk, Jared Stephens | Site metasploit.com

pfSense, a free BSD based open source firewall distribution, versions 2.2.6 and below contain a remote command execution vulnerability post authentication in the _rrd_graph_img.php page. The vulnerability occurs via the graph GET parameter. A non-administrative authenticated attacker can inject arbitrary operating system commands and execute them as the root user. Verified against 2.1.3.

tags | exploit, remote, arbitrary, root, php
systems | bsd
SHA-256 | 356649d9c2f36292416d035a36aa1b87ba078c2559b4b41b29fff647aca29fbd
Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure
Posted Dec 28, 2017
Authored by LiquidWorm | Site zeroscience.mk

Xerox DC260 EFI Fiery Controller Webtools version 2.0 suffers from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary
SHA-256 | 232f0949b47771d8a400247b6898412dc0cdee0443eb991fe9aca3e5e6feaf6e
NetTransport Download Manager 2.96L Buffer Overflow
Posted Dec 28, 2017
Authored by Aloyce J. Makalanga

NetTransport Download Manager version 2.96L suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2017-17968
SHA-256 | 28848aef819ba5185a0dd108f0a97ed3dfa29c5c39a3c8702b523fe708f4b285
NetWin SurgeFTP 23f2 Cross Site Scripting
Posted Dec 28, 2017
Authored by Aloyce J. Makalanga

NetWin SurgeFTP version 23f2 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2017-17933
SHA-256 | cb86e442ff84f5e815cc2692af37acce6e30fbd8973d937b161b7cbe34ca12bb
Easy!Appointments 1.2.1 Cross Site Scripting
Posted Dec 28, 2017
Authored by LiquidWorm | Site zeroscience.mk

Easy!Appointments version 1.2.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | ce28d66cade69cacbae2d0aa77efad6ce35b84246bb3a51d6cf1db25de6af0a3
ALLMediaServer 0.95 Buffer Overflow
Posted Dec 28, 2017
Authored by Anurag Srivastava | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in ALLMediaServer 0.95. The vulnerability is caused due to a boundary error within the handling of HTTP request.

tags | exploit, web, overflow
SHA-256 | 0aeb690c29587f9a0c63a6668b87a74d40a7e016b5c7c1bd296f108aa1a7986d
HP Insight Control For VMware vCenter Server 7.3 Insecure Permissions
Posted Dec 28, 2017
Authored by Glafkos Charalambous

HP Insight Control for VMware vCenter Server version 7.3 allows a low privileged attacker to read sensitive information files, decrypt all configuration server passwords, and gain access to the systems which in turn leads to the compromise of the whole infrastructure.

tags | exploit
SHA-256 | 171a6632cc48d498cc993433e0e5d051881555de1c0cff708aef0055cc0d4f1c
GoodTravel Travel And Locations 1.0 Cross Site Scripting
Posted Dec 28, 2017
Authored by ShanoWeb

GoodTravel Travel and Locations PHP script and mobile application version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | 2dcd01f32ff2105c17880d9ad49ee4861236c484ebe4474ef48cde826c7d7440
Tripbuddy Travel, Locations, And Events 1.0 Cross Site Scripting
Posted Dec 28, 2017
Authored by ShanoWeb

Tripbuddy Travel, Locations, and Events version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8283b8e4e07e4e98f5710efc7b3cc551e82f7df72361b652a27798bc223c53b2
Page 1 of 17
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close