exploit the possibilities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2020-12-11

OpenAsset Digital Asset Management SQL Injection
Posted Dec 11, 2020
Authored by Jack Misiura

OpenAsset Digital Asset Management suffers from an authenticated blind remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2020-28860
MD5 | 104a24c90358f7b176c601947844d418
OpenAsset Digital Asset Management Cross Site Request Forgery
Posted Dec 11, 2020
Authored by Jack Misiura

OpenAsset Digital Asset Management suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2020-28858
MD5 | 4ef799a57a5bebf1c7686ee9e8bb591b
OpenAsset Digital Asset Management Insecure Direct Object Reference
Posted Dec 11, 2020
Authored by Jack Misiura

OpenAsset Digital Asset Management was found to provide several endpoints which allowed for unauthenticated data retrieval in a CSV format. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

tags | exploit
advisories | CVE-2020-28861
MD5 | dcbdd080e561d84592ffec066c3a8472
Advanced Component System (ACS) 1.0 Path Traversal
Posted Dec 11, 2020
Authored by Francisco Javier Santiago Vazquez

Advanced Component System (ACS) version 1.0 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
MD5 | c0df758f96538e1b8ac9689218a081ad
OpenAsset Digital Asset Management Cross Site Scripting
Posted Dec 11, 2020
Authored by Jack Misiura

The OpenAsset Digital Asset Management web application suffers from multiple reflected and persistent cross site scripting vulnerabilities. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

tags | exploit, web, vulnerability, xss
advisories | CVE-2020-28857, CVE-2020-28859
MD5 | 35b3d6bf27bfcacaa597e0ed89c5cc54
Onilne Bus Booking System Project 1.0 Cross Site Scripting
Posted Dec 11, 2020
Authored by Krishna Yadav

Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | 208efcea716842d4864b2ad444c630e5
OpenAsset Digital Asset Management IP Access Control Bypass
Posted Dec 11, 2020
Authored by Jack Misiura

The OpenAsset Digital Asset Management web application allowed for spoofing of IP addresses by using X-Forwarded-For header. By default, the web application would allow all traffic in for 127.0.0.1, in order to prevent users from accidentally blocking themselves. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

tags | exploit, web, spoof, bypass
advisories | CVE-2020-28856
MD5 | b1d09f4404b1268792fe1602be620242
WordPress DirectoriesPro 1.3.45 Cross Site Scripting
Posted Dec 11, 2020
Authored by Jack Misiura

WordPress DirectoriesPro plugin version 1.3.45 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-29303, CVE-2020-29304
MD5 | ea91243869739ae676c39bebb79d51c4
Aerospike Database UDF Lua Code Execution
Posted Dec 11, 2020
Authored by Brendan Coles, b4ny4n | Site metasploit.com

Aerospike Database versions before 5.1.0.3 permitted user-defined functions (UDF) to call the os.execute Lua function. This Metasploit module creates a UDF utilizing this function to execute arbitrary operating system commands with the privileges of the user running the Aerospike service. This module does not support authentication; however Aerospike Database Community Edition does not enable authentication by default. This module has been tested successfully on Ubuntu with Aerospike Database Community Edition versions 4.9.0.5, 4.9.0.11 and 5.0.0.10.

tags | exploit, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-13151
MD5 | e8121ba043f9bc7dc8bc589dac7a4a1b
Ubuntu Security Notice USN-4666-2
Posted Dec 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4666-2 - USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides the corresponding additional patch in order to properly fix the vulnerability. It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting attacks.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2020-27783
MD5 | 3795fad2ebbcace586aa3ec37a6a6597
Rukovoditel 2.6.1 Shell Upload / Local File Inclusion
Posted Dec 11, 2020
Authored by coiffeur

Rukovoditel version 2.6.1 remote code execution exploit that leverages shell upload and local file inclusion vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, code execution, file inclusion
MD5 | e2fa9c797d92a57016481570e269e9e5
Dolibarr 12.0.3 SQL Injection / Remote Code Execution
Posted Dec 11, 2020
Authored by coiffeur

Dolibarr version 12.0.3 remote SQL injection exploit that achieves remote code execution.

tags | exploit, remote, code execution, sql injection
MD5 | 511f387e8db618560590a52a96f412ec
Courier Management System 1.0 Cross Site Scripting
Posted Dec 11, 2020
Authored by Zhaiyi

Courier Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 859f67d52b5fe525ba6908506b0a9d63
Courier Management System 1.0 SQL Injection
Posted Dec 11, 2020
Authored by Zhaiyi

Courier Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 807bfd73dd0313f2fd9ce52866147d82
Medical Center Portal Management System 1.0 Cross Site Scripting
Posted Dec 11, 2020
Authored by Saeed Bala Ahmed

Medical Center Portal Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 00e4c95eecce91a63dfe0d538a7f1039
Jenkins 2.235.3 Cross Site Scripting
Posted Dec 11, 2020
Authored by gx1

Jenkins version 2.235.3 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-2229, CVE-2020-2230
MD5 | 85158ef5e1a886db017a968f1200bb77
Supply Chain Management System SQL Injection
Posted Dec 11, 2020
Authored by Piyush Malviya

Supply Chain Management System suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | d7d6b405c12bcf353faaedb48b2bb9bf
Ubuntu Security Notice USN-4669-1
Posted Dec 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4669-1 - It was discovered that a cross-site scripting vulnerability in SquirrelMail allows remote attackers to use malicious script content from HTML e-mail to execute code and/or provoke a denial of service.

tags | advisory, remote, denial of service, xss
systems | linux, ubuntu
advisories | CVE-2019-12970
MD5 | 9c31e45174763f24cd3027caf8c1e712
Page 1 of 1
Back1Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    1 Files
  • 18
    Apr 18th
    1 Files
  • 19
    Apr 19th
    19 Files
  • 20
    Apr 20th
    18 Files
  • 21
    Apr 21st
    30 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close