exploit the possibilities
Showing 1 - 25 of 25 RSS Feed

Files Date: 2018-12-12

WordPress Snap Creek Duplicator Code Injection
Posted Dec 12, 2018
Authored by Thomas Chauchefoin, Julien Legras | Site metasploit.com

When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters before inserting them inside the wp-config.php file, leading to arbitrary PHP code execution. WARNING: This exploit WILL break the wp-config.php file. If possible try to restore backups of the configuration after the exploit to make the WordPress site work again.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2018-17207
MD5 | 3e9bb4227872fd85077a0576d93fc20f
HotelDruid 2.3 SQL Injection
Posted Dec 12, 2018
Authored by Sainadh Jamalpur

HotelDruid version 2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ff08e4b28ad90208305abee305153384
Apache OFBiz 16.11.05 Cross Site Scripting
Posted Dec 12, 2018
Authored by DKM

Apache OFBiz version 16.11.05 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2bdc946a9fe5817a2d11a5b13c07566f
WordPress AutoSuggest 0.24 SQL Injection
Posted Dec 12, 2018
Authored by Kaimi

WordPress AutoSuggest plugin version 0.24 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2ae7fec36d8cafaffee69a2b84782c6e
ThinkPHP 5.x Remote Code Execution
Posted Dec 12, 2018
Authored by VulnSpy

ThinkPHP versions prior to 5.0.23 and prior to 5.1.31 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 6b92d8a4fb370a3ceb662efb7302b3b7
Huawei B315s-22 Information Disclosure
Posted Dec 12, 2018
Authored by Usman Saeed

Huawei B315s-22 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-7921
MD5 | 029df3562dc9d2f68e5db5cbc790de49
Adobe ColdFusion 2018 Shell Upload
Posted Dec 12, 2018
Authored by Pete Freitag

Adobe ColdFusion 2018 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2018-15961
MD5 | 5759711c3f8c6e170b72ca702ef643ef
TP-Link Archer C1200 Cross Site Scripting
Posted Dec 12, 2018
Authored by Usman Saeed

TP-Link Archer C1200 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-13134
MD5 | 49bd46588e1bbff2559d1240c27c9f34
PrestaShop 1.6.x / 1.7.x Remote Code Execution
Posted Dec 12, 2018
Authored by farisv

PrestaShop versions 1.6.x and 1.7.x suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-19125, CVE-2018-19126
MD5 | a0976f0faba673405394f6f235ada8b2
Tourism Website Blog Code Execution / SQL Injection
Posted Dec 12, 2018
Authored by Ihsan Sencan

Tourism Website version Blog suffers from code execution and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection
MD5 | 03cfe8568af6f82ac7fcd8e738612593
Alumni Tracer SMS Notification Cross Site Request Forgery / SQL Injection
Posted Dec 12, 2018
Authored by Ihsan Sencan

Alumni Tracer SMS version Notification suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
MD5 | ea5cd9d5a70eee5746568396cf910032
Linux/x86 execve(/usr/bin/ncat -lvp 1337 -e /bin/bash) Shellcode
Posted Dec 12, 2018
Authored by T3jv1l

95 bytes small Linux/x86 execve(/usr/bin/ncat -lvp 1337 -e /bin/bash) null-free shellcode.

tags | x86, shellcode, bash
systems | linux
MD5 | f20cb38bce77dbfeb39dd788015b42cc
PHP Source Code Analysis
Posted Dec 12, 2018
Authored by Engin Demirbilek

Whitepaper called PHP Source Code Analysis. Written in Turkish.

tags | paper, php
MD5 | 541f02d58c221e424f1e880cec6cd567
SmartFTP Client 9.0.2623.0 Denial Of Service
Posted Dec 12, 2018
Authored by Alejandra Sanchez

SmartFTP Client version 9.0.2623.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 962a8f5a774d376afacc6b8c3a2bc6f5
LanSpy 2.0.1.159 Buffer Overflow
Posted Dec 12, 2018
Authored by Gionathan Reale

LanSpy version 2.0.1.159 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
MD5 | 3ac41bf9025e49e85846795af82daed6
PrinterOn Enterprise 4.1.4 Arbitrary File Deletion
Posted Dec 12, 2018
Authored by bzyo

PrinterOn Enterprise version 4.1.4 suffers from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
advisories | CVE-2018-19936
MD5 | d5530e12addfc38c0afd9a1265c92f72
CUPS Weak Session Cookie Generation
Posted Dec 12, 2018
Authored by Jann Horn, Google Security Research

CUPS generates session cookies srandom(time(NULL)) and random() on Linux.

tags | advisory
systems | linux
advisories | CVE-2018-4700
MD5 | 583f7c6a7321642c12877e79a0682883
Linux userfaultfd tmpfs File Permission Bypass
Posted Dec 12, 2018
Authored by Jann Horn, Google Security Research

Linux userfaultfd bypasses tmpfs file permissions.

tags | exploit
systems | linux
advisories | CVE-2018-18397
MD5 | 61256d48b95082beb5d8e4ef759bcd4c
Logitech Options Craft WebSocket Server Missing Authentication
Posted Dec 12, 2018
Authored by Tavis Ormandy, Google Security Research

The Logitech "Options" craft websocket server has no authentication.

tags | advisory
MD5 | 351cebf77410e506f6772f6e57f6204e
WebKit JIT Proxy Object Issue
Posted Dec 12, 2018
Authored by Google Security Research, lokihardt

WebKit JIT int32/double arrays can have proxy objects in the prototype chains.

tags | exploit
advisories | CVE-2018-4438
MD5 | 06865c2504867e5e78ec061c65753733
Ubuntu Security Notice USN-3844-1
Posted Dec 12, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3844-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code. Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to open privileged pages, or bypass other security restrictions. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-12405, CVE-2018-12407, CVE-2018-17466, CVE-2018-18492, CVE-2018-18494, CVE-2018-18497, CVE-2018-18498
MD5 | cd05546757b473bab2c95bffccfca6cc
Microsoft Security Bulletin CVE Revision Increment For December, 2018
Posted Dec 12, 2018
Site microsoft.com

This Microsoft bulletin summary lists CVEs that have undergone a major revision increment.

tags | advisory
advisories | CVE-2018-0952, CVE-2018-8650
MD5 | daba53b32d460668b295e117cea74508
Microsoft Security Update Summary For December 11, 2018
Posted Dec 12, 2018
Site microsoft.com

This Microsoft summary lists Microsoft security updates released for December 11, 2018.

tags | advisory
MD5 | 7ec3fe38354da1d6b93072fc64bb4dbb
Microsoft Security Advisory Updates For December 11, 2018
Posted Dec 12, 2018
Site microsoft.com

This Microsoft advisory notification includes advisories released or updated on December 11, 2018.

tags | advisory
MD5 | a0026433f5c0b229424091c03e858aa1
Dynamic Loader Oriented Programming - Wiederganger Proof Of Concept
Posted Dec 12, 2018
Authored by Marcin Kozlowski

This paper and proof of concept describes the Wiederganger-Attack, a new attack vector that reliably allows to escalate unbounded array access vulnerabilities occurring in specifically allocated memory regions to full code execution on programs running on i386/x86_64 Linux. Wiederganger-attacks abuse determinism in Linux ASLR implementation combined with the fact that (even with protection mechanisms such as relro and glibc's pointer mangling enabled) there exist easy-to-hijack, writable (function) pointers in application memory.

tags | exploit, vulnerability, code execution, proof of concept
systems | linux
MD5 | 9450ff4b4e1f182c2f3845ea9c3bdb86
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    16 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close