exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files Date: 2019-08-23

Exim 4.91 Local Privilege Escalation
Posted Aug 23, 2019
Authored by Marco Ivaldi, Dennis Herrmann, Guillaume Andre, Qualys | Site metasploit.com

This Metasploit module exploits a flaw in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to command execution with root privileges.

tags | exploit, root
advisories | CVE-2019-10149
SHA-256 | 7b1fe00dfa2c9cc882752b38e5a6e0f2df1617a466c97478e2257a3f314a59fd
Webmin 1.920 password_change.cgi Backdoor
Posted Aug 23, 2019
Authored by wvu | Site metasploit.com

This Metasploit module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attacker(s) inserted Perl qx statements into the build server's source code on two separate occasions: once in April 2018, introducing the backdoor in the 1.890 release, and in July 2018, reintroducing the backdoor in releases 1.900 through 1.920. Only version 1.890 is exploitable in the default install. Later affected versions require the expired password changing feature to be enabled.

tags | exploit, perl
advisories | CVE-2019-15107
SHA-256 | a77b36da3b341bc12695770cadbf155d839a3d53526172e82c4c2022be857299
CoreFTP Server MDTM Directory Traversal
Posted Aug 23, 2019
Authored by Kevin Randall | Site metasploit.com

An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and the last modified date.

tags | exploit, remote, root, file inclusion
advisories | CVE-2019-9649
SHA-256 | 02a55797ad317b26e2c3f852933ef7c93cfeefe8fa481fb85daa30044a0ac1f7
Nimble Streamer 3.x Directory Traversal
Posted Aug 23, 2019
Authored by MaYaSeVeN

Nimble Stream versions 3.0.2-2 up to 3.5.4.9 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2019-11013
SHA-256 | d4e2eef4ec2a68327bca6670f26198fa08d3b398340ddedb3a57f6a605b92afe
WordPress Import Export WordPress Users 1.3.1 CSV Injection
Posted Aug 23, 2019
Authored by Javier Olmedo

WordPress Import Export WordPress Users plugin version 1.3.1 suffers from a CSV injection vulnerability.

tags | exploit
advisories | CVE-2019-15092
SHA-256 | 2eb7970101409491db20486c52214cd1254e4bdb419a711ba6b82115810d9f67
CoreFTP Server SIZE Directory Traversal
Posted Aug 23, 2019
Authored by Kevin Randall | Site metasploit.com

An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.

tags | exploit, file inclusion
advisories | CVE-2019-9648
SHA-256 | 55d5c601f24989f0cd87c1d30f3e4d2e24da10d2ffdf9b41b6aeffd9d3a3e8cc
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close