exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2022-02-08

QEMU Monitor HMP migrate Command Execution
Posted Feb 8, 2022
Authored by Brendan Coles | Site metasploit.com

This Metasploit module uses QEMU's Monitor Human Monitor Interface (HMP) TCP server to execute system commands using the migrate command. This module has been tested successfully on QEMU version 6.2.0 on Ubuntu 20.04.

tags | exploit, tcp
systems | linux, ubuntu
SHA-256 | 31bb8b20fecf053ea400a06b2e8d39f22d910c3d0025edb6108fcff42b5aa6e0
Ubuntu Security Notice USN-5276-1
Posted Feb 8, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5276-1 - It was discovered that the NVIDIA graphics drivers incorrectly handled permissions in the kernel mode layer. A local attacker could use this issue to write to protected memory and cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-21813
SHA-256 | d50dcfc92772fd94f09c1ba41be3847ec98174ed8719d0aa6d49b3d232f51071
TOR Virtual Network Tunneling Tool 0.4.6.10
Posted Feb 8, 2022
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

Changes: This version contains minor bugfixes but one in particular is that relays do not advertise onion service v2 support at the protocol version level.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 94ccd60e04e558f33be73032bc84ea241660f92f58cfb88789bda6893739e31c
Strapi CMS 3.0.0-beta.17.4 Privilege Escalation
Posted Feb 8, 2022
Authored by WackyH4cker | Site metasploit.com

This Metasploit module exploits the mishandling of a password reset in JSON for Strapi CMS version 3.0.0-beta.17.4 to change the password of a privileged user.

tags | exploit
advisories | CVE-2019-18818
SHA-256 | 4ac993e145c27d7ed64c4f6e44f4afc8411b55cf2ca926dd259851fb7f0b8399
PHP Everywhere 2.0.3 Remote Code Execution
Posted Feb 8, 2022
Authored by Ramuel Gall | Site wordfence.com

PHP Everywhere versions 2.0.3 and below suffer from multiple remote code execution vulnerabilities.

tags | exploit, remote, php, vulnerability, code execution
advisories | CVE-2022-24663, CVE-2022-24664, CVE-2022-24665
SHA-256 | 6a2dcc3898ac3a1b90915521a41f2d6e5e9592121ab91ccecbf993baae2e11e2
Wing FTP Server 4.3.8 Remote Code Execution
Posted Feb 8, 2022
Authored by notcos

Wing FTP Server versions 4.3.8 and below suffer from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 998c2be0b0522190dcae0ebfec889301aac9b989c5003477f006c606eb368b95
Ubuntu Security Notice USN-4754-5
Posted Feb 8, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4754-5 - USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177 in Ubuntu 14.04 ESM. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.

tags | advisory, denial of service, arbitrary, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2021-3177
SHA-256 | 9e8d8ce75e1b0efee0c9fad596fdf37e5d67da5cb097f2e4e4915445223eec1a
WordPress Simple Job Board 2.9.3 Local File Inclusion
Posted Feb 8, 2022
Authored by Ven3xy

WordPress Simple Job Board plugin version 2.9.3 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2020-35749
SHA-256 | 1c0762cbbdf0cad69fbecfc2a0c104e5004578ae2a294ea6aa61444f545b85e5
Hotel Reservation System 1.0 SQL Injection
Posted Feb 8, 2022
Authored by Nefrit ID

Hotel Reservation System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3e3bd465473a891d15ca7aa3fe85b68cc8c103202b6abfc4b735e6be274a0dca
Windows/x86 Locate kernel32 Base Address / Stack Crack Method Null Free Shellcode
Posted Feb 8, 2022
Authored by Tarek Ahmed

171 bytes small Windows/x86 shellcode with a new method to find the kernel32 base address by walking down the stack and look for a possible Kernel32 address using a custom SEH handler. Each address found on the stack will be tested using the Exception handling function. If it's valid and starts with 7, then it's a possible kernel32 address.

tags | x86, shellcode
systems | windows
SHA-256 | e7941faf4a7799cf5e35fcf962b075b17a9570e4f37e959633b2962f8d3bf53d
WordPress Contact Form Builder 1.6.1 Cross Site Scripting
Posted Feb 8, 2022
Authored by Milad Karimi

WordPress Contact Form Builder plugin version 1.6.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c2aed020b69b3271a6d80de4fbc36f467a697182b885b1fddf62504fa5ff9b7c
Ubuntu Security Notice USN-5275-1
Posted Feb 8, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5275-1 - Ziming Zhang discovered that BlueZ incorrectly handled memory write operations in its gatt server. A remote attacker could possibly use this to cause BlueZ to crash leading to a denial of service, or potentially remotely execute code.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-0204
SHA-256 | e4846f0450518360a0af3f0bdc909b173ba63f387de6d8987c18391cec5b64c5
WordPress CP Blocks 1.0.14 Cross Site Scripting
Posted Feb 8, 2022
Authored by Shweta Mahajan

WordPress CP Blocks plugin version 1.0.14 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-0448
SHA-256 | bedb8478a29285dc470e60f39b23e35602d1c730daced78189b47d9a01b242be
WordPress Security Audit 1.0.0 Cross Site Scripting
Posted Feb 8, 2022
Authored by Shweta Mahajan

WordPress Security Audit plugin version 1.0.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-24901
SHA-256 | e98bf641562461f1caee2b8d7c7754ff37849a553b250522cd10dd20f10e4661
FileBrowser 2.17.2 Code Execution / Cross Site Request Forgery
Posted Feb 8, 2022
Authored by Febin Mon Saji

FileBrowser versions 2.17.2 and below suffer from a cross site request forgery vulnerability that can lead to remote code execution.

tags | exploit, remote, code execution, csrf
advisories | CVE-2021-46398
SHA-256 | b79b4ba2c2abdc66f00abf630f5a12a9d519f5ebc3ebe0912769a71d16127880
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close