exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2019-07-26

Zurmo 3.2.6 Persistent Cross Site Scripting
Posted Jul 26, 2019
Authored by Daniel Bishtawi, Umran Yildirimkaya | Site netsparker.com

Zurmo version 3.2.6 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 352b6bea16887100d57ed569f714b775
Zurmo 3.2.6 Iframe Injection
Posted Jul 26, 2019
Authored by Daniel Bishtawi, Umran Yildirimkaya | Site netsparker.com

Zurmo version 3.2.6 suffers from an iframe injection vulnerability.

tags | exploit
MD5 | 2e4d56abab0f411cf37326767c33aa4a
Zurmo 3.2.6 Open Redirection
Posted Jul 26, 2019
Authored by Daniel Bishtawi, Umran Yildirimkaya | Site netsparker.com

Zurmo version 3.2.6 suffers from an open redirection vulnerability.

tags | exploit
MD5 | 87b984b91752f0c6fdb99b470d4efa47
Zurmo 3.2.6 Out Of Band Code Evaluation
Posted Jul 26, 2019
Authored by Daniel Bishtawi, Umran Yildirimkaya | Site netsparker.com

Zurmo version 3.2.6 suffers from an out-of-band code evaluation vulnerability.

tags | exploit
MD5 | 59bcb6f24e1cc0c38ac66147225f3c6a
Ubuntu Security Notice USN-4054-2
Posted Jul 26, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4054-2 - USN-4054-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. It was discovered that Firefox treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, spoof, vulnerability, xss, csrf
systems | linux, ubuntu
advisories | CVE-2019-11711, CVE-2019-11715, CVE-2019-11719, CVE-2019-11724, CVE-2019-11729, CVE-2019-11730, CVE-2019-9811
MD5 | e9c0ca3d330f36b3511d7b7429ddec69
Ahsay Backup 7.x / 8.x XML Injection
Posted Jul 26, 2019
Authored by Wietse Boonstra

Ahsay Backup versions 7.x through 8.1.1.50 suffer from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2019-10266
MD5 | a6e792505885927bfbabcba7444ffe69
Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution
Posted Jul 26, 2019
Authored by Wietse Boonstra | Site metasploit.com

This Metasploit module exploits an authenticated insecure file upload and code execution flaw in Ahsay Backup versions 7.x through 8.1.1.50. To successfully execute the upload credentials are needed, default on Ahsay Backup trial accounts are enabled so an account can be created. It can be exploited in Windows and Linux environments to get remote code execution (usually as SYSTEM). This module has been tested successfully on Ahsay Backup v8.1.1.50 with Windows 2003 SP2 Server. Because of this flaw all connected clients can be configured to execute a command before the backup starts. Allowing an attacker to takeover even more systems and make it rain shells!

tags | exploit, remote, shell, code execution, file upload
systems | linux, windows
advisories | CVE-2019-10267
MD5 | 0c0971f123e2d1e301ee70a83a0ecda1
Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution
Posted Jul 26, 2019
Authored by Wietse Boonstra

Ahsay Backup versions 7.x through 8.1.1.50 suffer from authenticated arbitrary file upload and remote code execution vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution, file upload
advisories | CVE-2019-10267
MD5 | 8fd75cbde81ba7a873b5e8945de0c63e
Ubuntu Security Notice USN-4075-1
Posted Jul 26, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4075-1 - Jeremy Harris discovered that Exim incorrectly handled sort expansions. In environments where sort expansions are used, a remote attacker could possibly use this issue to execute arbitrary code as root.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2019-13917
MD5 | 611d1f921308752eb29e6f472cab4335
Red Hat Security Advisory 2019-1860-01
Posted Jul 26, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1860-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include buffer overflow and code execution vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-11218, CVE-2018-11219, CVE-2018-12326, CVE-2019-10192
MD5 | d6585375556f934ea7546a974339812d
pdfresurrect 0.15 Buffer Overflow
Posted Jul 26, 2019
Authored by j0lama

pdfresurrect version 0.15 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2019-14267
MD5 | 0b1d8046b3a8316d6ba8cc8c1309564f
Moodle Filepicker 3.5.2 Server-Side Request Forgery
Posted Jul 26, 2019
Authored by Nick Theisinger, Fabian Mosch

Moodle Filepicker version 3.5.2 suffers from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2018-1042
MD5 | 8269bb3c0e3bd3d21b22db1d5a4ff888
Microsoft Windows 7 Build 7601 (x86) Local Privilege Escalation
Posted Jul 26, 2019
Authored by ShivamTrivedi

Microsoft Windows 7 Build 7601 (x86) local privilege escalation exploit.

tags | exploit, x86, local
systems | windows, 7
advisories | CVE-2019-1132
MD5 | 871e209923431e6eedbcefcd950b86de
iMessage DigitalTouch Out-Of-Bounds Read
Posted Jul 26, 2019
Authored by Google Security Research, natashenka

iMessage suffers from an out-of-bounds read vulnerability in DigitalTouch tap message processing.

tags | exploit
advisories | CVE-2019-8624
MD5 | 7cc38755d991fb1a5a101045bfa32cee
WebKit Synchronous Page Load Universal Cross Site Scripting
Posted Jul 26, 2019
Authored by Google Security Research, Glazvunov

WebKit suffers from a universal cross site scripting vulnerability due to synchronous page loads.

tags | exploit, xss
advisories | CVE-2019-8649
MD5 | ce9b3ee68f9af8ecb25b696082074bd1
Page 1 of 1
Back1Next

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    22 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    1 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close