exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

Files Date: 2022-12-23

OpenTSDB 2.4.0 Command Injection
Posted Dec 23, 2022
Authored by Shai rod, Erik Wynter | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 (CVE-2020-35476) in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.0 or lower, the module performs additional checks to obtain the configured metrics and aggregators. It then randomly selects one metric and one aggregator and uses those to instruct the target server to plot a graph. As part of this request, the yrange parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully tested against OpenTSDB version 2.3.0.

tags | exploit, remote, root, code execution
advisories | CVE-2020-35476
SHA-256 | 7183104f20371379d7bbd3538dcce42a94117e14b0bb74805ced99f7bd85603f
GRAudit Grep Auditing Tool 3.5
Posted Dec 23, 2022
Authored by Wireghoul | Site justanotherhacker.com

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Changes: Added Eiffel rules. Updated secret rules. Reduced false positives in php rules. Reduced false positives in nim rules. Added typescript rules. Fixed path issue in misc/gitscan. Bugfix for actionscript, asp and ios rules. Rule correctness adjustments to asp rules. Minor documentation updates.
tags | tool
systems | unix
SHA-256 | 3e5640bdf3520143887748dd71372f092de7b62b576127bda963e7187d1ac1e1
WordPress Yith WooCommerce Gift Cards Premium 3.19.0 Shell Upload
Posted Dec 23, 2022
Authored by Dave Jong | Site wordfence.com

WordPress Yith WooCommerce Gift Cards Premium plugin versions 3.19.0 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2022-45359
SHA-256 | dcd88dd9c8059a2065d4797ada28efaa82a7e64b25ece681f77bf1889891ddf7
Stock Management System 2022 1.0 From Erick Cesar SQL Injection
Posted Dec 23, 2022
Authored by nu11secur1ty

Stock Management System 2022 version 1.0 from Erick Cesar suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ade07070843b1cd49c2828f05194f05b9d998ceca6cfae3ab368b539941ee210
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close