exploit the possibilities
Showing 1 - 25 of 288 RSS Feed

Files Date: 2019-12-01 to 2019-12-31

Thrive Smart Home 1.1 SQL Injection
Posted Dec 30, 2019
Authored by LiquidWorm | Site zeroscience.mk

Thrive Smart Home version 1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 77fa2ff07fff998018a221ce9eca4313
Thrive Smart Home 1.1 Cross Site Scripting
Posted Dec 30, 2019
Authored by LiquidWorm | Site zeroscience.mk

Thrive Smart Home version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7bf380a8440ed49b889c303e67f82cc6
HomeAutomation 3.3.2 Open Redirect
Posted Dec 30, 2019
Authored by LiquidWorm | Site zeroscience.mk

HomeAutomation version 3.3.2 suffers from an open redirection vulnerability.

tags | exploit
MD5 | 630d0cbd683fd34193cbca469d7e85d9
HomeAutomation 3.3.2 CSRF / Code Execution
Posted Dec 30, 2019
Authored by LiquidWorm | Site zeroscience.mk

HomeAutomation version 3.3.2 suffers from a cross site request forgery vulnerability that allows for remote command execution.

tags | exploit, remote, csrf
MD5 | 7a30bd09a47e106df3ab7b988c8b1342
HomeAutomation 3.3.2 Cross Site Request Forgery
Posted Dec 30, 2019
Authored by LiquidWorm | Site zeroscience.mk

HomeAutomation version 3.3.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | f521d14fc5f05ace7e2a49937acea647
Debian Security Advisory 4596-1
Posted Dec 30, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4596-1 - Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross- site scripting, denial of service via resource exhaustion and insecure redirects.

tags | advisory, denial of service, info disclosure
systems | linux, debian
advisories | CVE-2018-11784, CVE-2018-8014, CVE-2019-0199, CVE-2019-0221, CVE-2019-12418, CVE-2019-17563
MD5 | 09c17e7ab1b3a837f06eaa360ec8f557
FreeBSD fd Privilege Escalation
Posted Dec 30, 2019
Authored by Karsten Konig

Local root exploit for the FreeBSD fd vulnerability as disclosed in FreeBSD-SA-19:02.fd.

tags | exploit, local, root
systems | freebsd, bsd
advisories | CVE-2019-5596
MD5 | 6426b023a6749568c0e3de1d4ba2531a
HomeAutomation 3.3.2 Authentication Bypass
Posted Dec 30, 2019
Authored by LiquidWorm | Site zeroscience.mk

HomeAutomation version 3.3.2 authentication bypass exploit.

tags | exploit
MD5 | 921241dc04c0b6e0180069cb9f3dbcda
FreeBSD mqueuefs Privilege Escalation
Posted Dec 30, 2019
Authored by Karsten Konig

Local root exploit for the FreeBSD mqueuefs vulnerability as disclosed in FreeBSD-SA-19:15.mqueuefs.

tags | exploit, local, root
systems | freebsd, bsd
MD5 | fa32a042469b8505c6692ec2c13703e4
MyDomoAtHome (MDAH) REST API Domoticz ISS Gateway 0.2.40 Information Disclosure
Posted Dec 30, 2019
Authored by LiquidWorm | Site zeroscience.mk

MyDomoAtHome REST API is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.

tags | exploit, remote, info disclosure
MD5 | a1b1c0aaf9c17fbc3d0e5a3f982a85d5
HomeAutomation 3.3.2 Cross Site Scripting
Posted Dec 30, 2019
Authored by LiquidWorm | Site zeroscience.mk

HomeAutomation version 3.3.2 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 474a51866f9db5110eab6aaf47fedf9b
WEMS BEMS 21.3.1 Undocumented Backdoor Account
Posted Dec 30, 2019
Authored by LiquidWorm | Site zeroscience.mk

WEMS BEMS version 21.3.1 has an undocumented backdoor account that is Base64 encoded. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the controller thru the RMI.

tags | exploit
MD5 | 435b68cd5f2973394cdaaaa858de0877
Debian Security Advisory 4595-1
Posted Dec 30, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4595-1 - It was discovered that debian-lan-config, a FAI config space for the Debian-LAN system, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals.

tags | advisory
systems | linux, debian
advisories | CVE-2019-3467
MD5 | 2598a07dcc97a5b4ed1559e650919b05
Debian Security Advisory 4594-1
Posted Dec 30, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4594-1 - Guido Vranken discovered an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2019-1551
MD5 | d2c9dfa6cac8f0059915a20ae1281999
WEMS Enterprise Manager 2.58 Cross Site Scripting
Posted Dec 30, 2019
Authored by LiquidWorm | Site zeroscience.mk

WEMS Enterprise Manager version 2.58 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | fd26e913be2f2993ba411b392e5e811e
Heatmiser Netmonitor 3.03 Hardcoded Credentials
Posted Dec 30, 2019
Authored by Ismail Tasdelen

Heatmiser Netmonitor version 3.03 suffers from a hardcoded credential vulnerability.

tags | exploit
MD5 | d4d631c6376d487b9ae1a6c2018ff59d
Wing FTP Server 6.0.7 Unquoted Service Path
Posted Dec 30, 2019
Authored by Nawaf Alkeraithe

Wing FTP Server version 6.0.7 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | 905dcd4da68059b2eb8ef12e0d438343
RICOH SP 4510SF Printer HTML Injection
Posted Dec 29, 2019
Authored by Ismail Tasdelen

RICOH SP 4510SF Printer suffers from an html injection vulnerability.

tags | exploit
MD5 | 37bac0e1cb65a4ac19579686fad7cd33
Wave 2.0 SQL Injection
Posted Dec 29, 2019
Authored by Mehmet Emiroglu

Wave version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3a259fc3a2c1bdb8f5a277313bf511b7
elearning-script 1.0 SQL Injection
Posted Dec 29, 2019
Authored by riamloo

elearning-script version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | fb8acea883788dfcc45b20c0f399fd75
Cera Intranet Community Theme 1.0.1 SQL Injection
Posted Dec 29, 2019
Authored by Mehmet Emiroglu

Cera Intranet Community Theme version 1.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7f4a4918440ef190708ffb505e89d8be
Linux x86_x64 sys_creat("ajit", 0755) Shellcode
Posted Dec 29, 2019
Authored by Ajith KP, Sayooj S Nambiar, Vishnu Nath Kp

53 bytes small Linux/x86_x64 sys_creat("ajit", 0755) shellcode.

tags | shellcode
systems | linux
MD5 | 0eed31c2bdd96a48256f7678f4398ab9
FTP Navigator 8.03 Stack Overflow
Posted Dec 28, 2019
Authored by Bobby Cooke

FTP Navigator version 8.03 stack overflow SEH proof of concept exploit.

tags | exploit, overflow, proof of concept
MD5 | 78426da5d3b6949020b7975d56c68d3f
AVS Audio Converter 9.1.2.600 Stack Overflow
Posted Dec 28, 2019
Authored by Bobby Cooke

AVS Audio Converter version 9.1.2.600 stack overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
MD5 | 46c6cde0d6cf6092eb46863d4eda74b6
OpenBSD Dynamic Loader chpass Privilege Escalation
Posted Dec 27, 2019
Authored by Brendan Coles, Qualys Security Advisory | Site metasploit.com

This Metasploit module exploits a vulnerability in the OpenBSD ld.so dynamic loader (CVE-2019-19726). The _dl_getenv() function fails to reset the LD_LIBRARY_PATH environment variable when set with approximately ARG_MAX colons. This can be abused to load libutil.so from an untrusted path, using LD_LIBRARY_PATH in combination with the chpass set-uid executable, resulting in privileged code execution. This module has been tested successfully on OpenBSD 6.1 (amd64) and OpenBSD 6.6 (amd64).

tags | exploit, code execution
systems | openbsd
advisories | CVE-2019-19726
MD5 | 0a972f77813616f87fc79b2ebe062ffb
Page 1 of 12
Back12345Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    15 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close