exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

Files Date: 2020-11-25

BigBlueButton 2.2.29 Brute Force
Posted Nov 25, 2020
Authored by Ismail Saygili

BigBlueButton versions 2.2.29 and below suffer from a meeting access code brute forcing vulnerability.

tags | exploit, cracker
advisories | CVE-2020-29042
SHA-256 | 7779a47f90e53f789a2fbce3072e0d2ff2ac04320c70d8126d32c0cd38ef8a28
House Rental 1.0 SQL Injection
Posted Nov 25, 2020
Authored by Bobby Cooke, hyd3sec

House Rental version 1.0 remote SQL injection exploit that leverages the keywords variable.

tags | exploit, remote, sql injection
SHA-256 | f3ce405357239bc159864db3af6456bd0791342c989bbfdf3d252560b427b3d3
OpenMediaVault rpc.php Authenticated PHP Code Injection
Posted Nov 25, 2020
Authored by Anastasios Stasinopoulos | Site metasploit.com

This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "json_encode_safe()" is not used in config/databasebackend.inc. Successful exploitation grants attackers the ability to execute arbitrary commands on the underlying operating system as root.

tags | exploit, arbitrary, root, php
advisories | CVE-2020-26124
SHA-256 | e0e5ffa0c0727fd8caae8d1a6288e302aebc6906241ff1131429f2abbcdbe8a1
Kong Gateway Admin API Remote Code Execution
Posted Nov 25, 2020
Authored by Graeme Robinson | Site metasploit.com

This Metasploit module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute(). After execution the route is deleted, which also deletes the plugin.

tags | exploit
SHA-256 | 4bafd791ffc69e6f0e7e5e659d5843334eaeb9b206ab4512782cccf29ffe011a
WordPress Simple File List Unauthenticated Remote Code Execution
Posted Nov 25, 2020
Authored by h00die, coiffeur | Site metasploit.com

This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed to php and executed.

tags | exploit, remote, arbitrary, php
SHA-256 | c76d8f741d62e082e4021197c4f997d2888355186e9e04b1278f52540744b1fa
Ubuntu Security Notice USN-4644-1
Posted Nov 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4644-1 - It was discovered that igraph mishandled certain malformed XML. An attacker could use this vulnerability to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-20349
SHA-256 | 36b45e5bfb54b57372c5e59ba133db2f7997fdeb4b4be4e54951e5f434ce0131
SyncBreeze 10.0.28 Remote Buffer Overflow
Posted Nov 25, 2020
Authored by Abdessalam King

SyncBreeze version 10.0.28 suffers from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
SHA-256 | 21147b01f84dbcd01dd7401e1fa1618def57364c73f6c87de1e4deda21699dd9
osCommerce 2.3.4.1 Cross Site Scripting
Posted Nov 25, 2020
Authored by Emre Aslan

osCommerce version 2.3.4.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3a2d13a1bea10737d2fffae795bbf8e8e1456bee046f30ed0b0fc07162a20926
Wondershare Driver Install Service Help 10.7.1.321 Unquoted Service Path
Posted Nov 25, 2020
Authored by Luis Sandoval

Wondershare Driver Install Service Help version 10.7.1.321 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 22e81b9e302abbc514142b60342851f9f20aea48f363575022e6b4d599358ec4
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close