exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files Date: 2021-01-08

Backdoor.Win32.NinjaSpy.c MVID-2021-0018 Remote Stack Buffer Overflow
Posted Jan 8, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.NinjaSpy.c suffers from a remote stack buffer overflow vulnerability. The specimen drops a DLL named "cmd.dll" under C:\WINDOWS\ which listens on both TCP ports 2003 and 2004. By sending consecutive HTTP PUT requests with large payloads of characters, we can cause buffer overflow.

tags | exploit, remote, web, overflow, tcp
systems | windows
SHA-256 | 400bc171e968496bf6805e3f0060696d5ec13c5f875efa99884bbebe00d20df4
WordPress wpDiscuz 7.0.4 Shell Upload
Posted Jan 8, 2021
Authored by Hoa Nguyen, Chloe Chamberland | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.

tags | exploit, remote, arbitrary, php, code execution, file upload
SHA-256 | 187052df5b77471af6ad467ad2dc057df0f9c9a641dd2c9d116e4f60896dcc30
Backdoor.Win32.Xtreme.yvp MVID-2021-0017 Insecure Permissions / Privilege Escalation
Posted Jan 8, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Xtreme.yvp malware suffers from an insecure permissions vulnerability that can allow for privilege escalation.

tags | exploit
systems | windows
SHA-256 | d669ec11f5f4683946716bc09419f2d27c2862ffea1aea535846c71ffaa01d1f
Cockpit 234 Server-Side Request Forgery
Posted Jan 8, 2021
Authored by Metin Yunus Kandemir

Cockpit version 234 suffers from an unauthenticated server-side request forgery vulnerability.

tags | exploit
SHA-256 | 7d5320612c3c2171833bc0f579b2434057c4c62e25ce3e66372baa4bc0bb0e83
Backdoor.Win32.Agent.dcbh MVID-2021-0016 Insecure Permissions / Privilege Escalation
Posted Jan 8, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Agent.dcbh malware suffers from an insecure permissions vulnerability that can allow for privilege escalation.

tags | exploit
systems | windows
SHA-256 | 65b717d008ad928996743eba63917d1ee7bd2a3706dde18975d4feeabd4b5f35
Online Doctor Appointment System 1.0 Cross Site Scripting
Posted Jan 8, 2021
Authored by Mohamed Habib Smidi

Online Doctor Appointment System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 4e72a82ccdf12e6453817b1ea3a0470883ee32884e94f262834e0420bd9d8b1a
Practical PHP Security
Posted Jan 8, 2021
Authored by Andrey Stoykov

Whitepaper called Practical PHP Security.

tags | paper, php
SHA-256 | 197e4ac0326bbfca74f1394ddd7a80a6c26652441548adc45d5fc3339e7c5fd7
dnsrecon 0.10.0 CSV Injection
Posted Jan 8, 2021
Authored by Dolev Farhi

dnsrecon version 0.10.0 suffers from a CSV injection vulnerability.

tags | exploit
SHA-256 | 2484de16c6549b81343bb9a0ce48244d651f1fbae9b77711eac1a70a6d6494b6
Ubuntu Security Notice USN-4687-1
Posted Jan 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4687-1 - A use-after-free was discovered in Firefox when handling SCTP packets. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-16044
SHA-256 | f6f6d4bb80647327a6de7e815de26093fdd003e58d138ef1b1dd715a7afd3f48
ECSIMAGING PACS 6.21.5 SQL Injection
Posted Jan 8, 2021
Authored by shoxxdj

ECSIMAGING PACS version 6.21.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ec26b638120831f7b4b2f8afd063f96eb0f5169a9cf988f5550e0348cb1de0b6
Curfew e-Pass Management System 1.0 Cross Site Scripting
Posted Jan 8, 2021
Authored by Arnav Tripathy

Curfew e-Pass Management System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 05f9bfd9d48cf362268b8ffe1871911c831f3b3d39c1748e99d606ffeb84261d
OX App Suite / OX Documents 7.10.x XSS / SSRF
Posted Jan 8, 2021
Authored by Martin Heiland, notoriousrip, Stuart Redman

OX App Suite and OX Documents suffer from server-side request forgery and multiple cross site scripting vulnerabilities. Various versions are affected including 7.10.4 and 7.10.3.

tags | exploit, vulnerability, xss
advisories | CVE-2020-24700, CVE-2020-24701
SHA-256 | ba8c16584bc43d579279e941f2d796ec74153f6debe5a7df85b435f86196a43c
Cockpit CMS Remote Code Execution
Posted Jan 8, 2021
Authored by Rafael Resende

Cockpit CMS versions prior to 0.6.1 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 99acfe128fe581918e0f3dd4c9856740d5d3ff47b96b2b1f9ff3f56b072adaac
Life Insurance Management System 1.0 Cross Site Scripting
Posted Jan 8, 2021
Authored by Arnav Tripathy

Life Insurance Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | d11e7072e6f0bb447cf8aa647cf3bec6d19972eca9cfab38a82236c922416965
WordPress Autoptimize Shell Upload
Posted Jan 8, 2021
Authored by Hoa Nguyen, Thien Ngo, Khanh Nguyen | Site metasploit.com

WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.

tags | exploit, remote, arbitrary, shell, php, code execution
advisories | CVE-2020-24948
SHA-256 | 6976952649b949f1c677f4557fec06bb177e699a8fe16b809dfddb9cd2ec1b25
Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal
Posted Jan 8, 2021
Authored by SunCSR, Hoa Nguyen, 0rich1 | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink version 1.11.0.

tags | exploit
advisories | CVE-2020-17519
SHA-256 | 79df4302ec4ea436f7e67026dddc838b8aa4610460bb6f8baa402ecd0a91ba4d
Employee Record System 1.0 Shell Upload
Posted Jan 8, 2021
Authored by Saeed Bala Ahmed

Employee Record System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 1f4a5de2446758fa6b5567e6d7538a9f646130b6562a5f45e210b83df76a14a3
iBall-Baton WRA150N File Disclosure
Posted Jan 8, 2021
Authored by h4cks1n

iBall-Baton WRA150N Rom-0 backup suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | a51ab5d5d288d862c7866e1eea33c4dcaf1a599a08d3e7c2b27ace50bbe64e9a
Ethical Hacking And Penetration Testing Guide
Posted Jan 8, 2021
Authored by Furkan Enes Polatoglu

Whitepaper called Ethical Hacking and Penetration Testing Guide. Written in Turkish.

tags | paper
SHA-256 | 731b7b5c2b743defdfcad78b3cb602b5d27ec0cdccd13f1989fb47027ac5ee92
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close