exploit the possibilities
Showing 1 - 12 of 12 RSS Feed

Files Date: 2019-03-15

Webmin 1.900 Upload Authenticated Remote Command Execution
Posted Mar 15, 2019
Authored by Ozkan Mustafa Akkus, Ziconius | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes (proc) privilege is set the user can accurately determine which directory to upload to. Webmin application files can be written/overwritten, which allows remote code execution. The module has been tested successfully with Webmin 1.900 on Ubuntu v18.04.

tags | exploit, remote, arbitrary, root, code execution
systems | linux, ubuntu
MD5 | 3ba74c7641d287a5a1d6cee6bdb0eff5
BMC Patrol Agent Privilege Escalation / Command Execution
Posted Mar 15, 2019
Authored by b0yd | Site metasploit.com

This Metasploit module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verifies that the password of the provided user is correct. This also means if the software is running on a domain controller, it can be used to escalate from a normal domain user to domain admin as SYSTEM on a DC is DA. **WARNING** The windows version of this exploit uses powershell to execute the payload. The powershell version tends to timeout on the first run so it may take multiple tries.

tags | exploit, remote
systems | windows
advisories | CVE-2018-20735
MD5 | 07522a05b37456d4fcb66eb0e429685a
Fujitsu LX901 GK900 Keystroke Injection
Posted Mar 15, 2019
Authored by Matthias Deeg

SySS GmbH found out that the wireless desktop set Fujitsu LX901 is vulnerable to keystroke injection attacks by sending unencrypted data packets with the correct packet format to the receiver (USB dongle).

tags | advisory
MD5 | be5d36b96d4f2705e625f64190c28a98
VMware Security Advisory 2019-0003
Posted Mar 15, 2019
Authored by VMware | Site vmware.com

VVMware Security Advisory 2019-0003 - VMware Horizon update addresses Connection Server an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2019-5513
MD5 | 76f3dac71537e32727ad6ebb2ba40a25
VMware Security Advisory 2019-0002
Posted Mar 15, 2019
Authored by VMware | Site vmware.com

VMware Security Advisory 2019-0002 - VMware Workstation update addresses elevation of privilege issues.

tags | advisory
advisories | CVE-2019-5511, CVE-2019-5512
MD5 | bd52e07808c7e943f940f78dc5dad784
Moodle 3.4.1 Remote Code Execution
Posted Mar 15, 2019
Authored by Darryn Ten

Moodle version 3.4.1 remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2018-1133
MD5 | bd02c3aeef707232a71ffa986a5773f5
Mail Carrier 2.5.1 Buffer Overflow
Posted Mar 15, 2019
Authored by Joseph McDonagh

Mail Carrier version 2.5.1 suffers from a MAIL FROM buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 3e57b4dfb5a6eb123d1fd94288b6eb7e
ICE HRM 23.0 SQL / Iframe Injection
Posted Mar 15, 2019
Authored by Mehmet Emiroglu

ICE HRM version 23.0 suffers from remote SQL injection and iframe injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 88f32bcf40b75d3ec675f719b69058c2
CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload
Posted Mar 15, 2019
Authored by Daniele Scanu

CMS Made Simple Showtime2 module version 3.6.2 suffers from an authenticated arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-9692
MD5 | 2221652ee89c73f5809f4205dcbfb0d2
Vembu Storegrid Web Interface 4.4.0 Cross Site Scripting / Information Disclosure
Posted Mar 15, 2019
Authored by Gionathan Reale

Vembu Storegrid Web Interface version 4.4.0 suffers from cross site scripting and information leakage vulnerabilities.

tags | exploit, web, vulnerability, xss, info disclosure
MD5 | cb155a5256ab42ddf032f5074309b122
NetData 1.13.0 HTML Injection
Posted Mar 15, 2019
Authored by Marcelo Vazquez

NetData versions 1.13.0 and below suffer from an html injection vulnerability.

tags | exploit
MD5 | f29c3ddc1f8748e3056e7ae71f90e31c
Laundry CMS SQL / Iframe Injection
Posted Mar 15, 2019
Authored by Mehmet Emiroglu

Laundry CMS suffers from remote SQL injection and iframe injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 91203e9cc32fd60108329b5447497452
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    15 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close