what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files Date: 2021-01-08

Backdoor.Win32.NinjaSpy.c Remote Stack Buffer Overflow
Posted Jan 8, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.NinjaSpy.c suffers from a remote stack buffer overflow vulnerability. The specimen drops a DLL named "cmd.dll" under C:\WINDOWS\ which listens on both TCP ports 2003 and 2004. By sending consecutive HTTP PUT requests with large payloads of characters, we can cause buffer overflow.

tags | exploit, remote, web, overflow, tcp
systems | windows, 32
MD5 | 8f5ab251df42addd482e25bdea7aa8d8
WordPress wpDiscuz 7.0.4 Shell Upload
Posted Jan 8, 2021
Authored by Hoa Nguyen, Chloe Chamberland | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | 77c5903183e5519dfd6d1477ae0018a4
Backdoor.Win32.Xtreme.yvp Insecure Permissions / Privilege Escalation
Posted Jan 8, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Xtreme.yvp malware suffers from an insecure permissions vulnerability that can allow for privilege escalation.

tags | exploit
systems | windows
MD5 | 741ddec159e373a1d7451f1e291cafb5
Cockpit 234 Server-Side Request Forgery
Posted Jan 8, 2021
Authored by Metin Yunus Kandemir

Cockpit version 234 suffers from an unauthenticated server-side request forgery vulnerability.

tags | exploit
MD5 | 08a5222d2042e7b178bdc08a8b512ecb
Backdoor.Win32.Agent.dcbh Insecure Permissions / Privilege Escalation
Posted Jan 8, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Agent.dcbh malware suffers from an insecure permissions vulnerability that can allow for privilege escalation.

tags | exploit
systems | windows
MD5 | 79eaeea64233b9ed3ee2b637042313f9
Online Doctor Appointment System 1.0 Cross Site Scripting
Posted Jan 8, 2021
Authored by Mohamed Habib Smidi

Online Doctor Appointment System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 76c223f15acb1a444605758caefc7bb2
Practical PHP Security
Posted Jan 8, 2021
Authored by Andrey Stoykov

Whitepaper called Practical PHP Security.

tags | paper, php
MD5 | ba9dacc8d65da0f08072dc4b5e4512f6
dnsrecon 0.10.0 CSV Injection
Posted Jan 8, 2021
Authored by Dolev Farhi

dnsrecon version 0.10.0 suffers from a CSV injection vulnerability.

tags | exploit
MD5 | 4bce920f7493baa70e2b5037c9524863
Ubuntu Security Notice USN-4687-1
Posted Jan 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4687-1 - A use-after-free was discovered in Firefox when handling SCTP packets. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-16044
MD5 | 8b8168d3ee3d2c80f6d055fe05c6c894
ECSIMAGING PACS 6.21.5 SQL Injection
Posted Jan 8, 2021
Authored by shoxxdj

ECSIMAGING PACS version 6.21.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 7c262b918f02322cb8ce4f726a471a8a
Curfew e-Pass Management System 1.0 Cross Site Scripting
Posted Jan 8, 2021
Authored by Arnav Tripathy

Curfew e-Pass Management System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | d3793ea721e408dd186835342d6f1817
OX App Suite / OX Documents 7.10.x XSS / SSRF
Posted Jan 8, 2021
Authored by Martin Heiland, notoriousrip, Stuart Redman

OX App Suite and OX Documents suffer from server-side request forgery and multiple cross site scripting vulnerabilities. Various versions are affected including 7.10.4 and 7.10.3.

tags | exploit, vulnerability, xss
advisories | CVE-2020-24700, CVE-2020-24701
MD5 | 2fbb089c8daa5ef915d9f746ea2a73a4
Cockpit CMS Remote Code Execution
Posted Jan 8, 2021
Authored by Rafael Resende

Cockpit CMS versions prior to 0.6.1 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 2e84035dfa7fd332be24257ee653f517
Life Insurance Management System 1.0 Cross Site Scripting
Posted Jan 8, 2021
Authored by Arnav Tripathy

Life Insurance Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 69c15061f1341d5b67f0075fcd3b91a2
WordPress Autoptimize Shell Upload
Posted Jan 8, 2021
Authored by Hoa Nguyen, Thien Ngo, Khanh Nguyen | Site metasploit.com

WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.

tags | exploit, remote, arbitrary, shell, php, code execution
advisories | CVE-2020-24948
MD5 | b411262c32d42ec1cbf7382e1a8f4a37
Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal
Posted Jan 8, 2021
Authored by SunCSR, Hoa Nguyen, 0rich1 | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink version 1.11.0.

tags | exploit
advisories | CVE-2020-17519
MD5 | a8332e42d64ab8da484106f4450b83c2
Employee Record System 1.0 Shell Upload
Posted Jan 8, 2021
Authored by Saeed Bala Ahmed

Employee Record System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 743848822029ae69cea3de6909d752da
iBall-Baton WRA150N File Disclosure
Posted Jan 8, 2021
Authored by h4cks1n

iBall-Baton WRA150N Rom-0 backup suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 2a520518522c61411cd4451764df21a9
Ethical Hacking And Penetration Testing Guide
Posted Jan 8, 2021
Authored by Furkan Enes Polatoglu

Whitepaper called Ethical Hacking and Penetration Testing Guide. Written in Turkish.

tags | paper
MD5 | ae55abf53fb2c2ab6ef9f6b1cf481640
Page 1 of 1
Back1Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close