exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 276 RSS Feed

Files Date: 2022-12-01 to 2022-12-31

BDWeb-Link LMS 1.11.5 SQL Injection
Posted Dec 30, 2022
Authored by indoushka

BDWeb-Link LMS version 1.11.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e35409b94c20ac1bcd1245d4197dc3ba55e45af59eec68fb48a654bc918974f4
Gentoo Linux Security Advisory 202212-06
Posted Dec 29, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202212-6 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could result in arbitrary code execution. Versions less than 9.1_p1 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2020-15778
SHA-256 | 5db7a1ed97ab0d3504acdf44a7a7f54e486cb86675f0f836c6f3e8061991af24
Gentoo Linux Security Advisory 202212-07
Posted Dec 29, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202212-7 - An integer overflow vulnerability has been found in libksba which could result in remote code execution. Versions less than 1.6.3 are affected.

tags | advisory, remote, overflow, code execution
systems | linux, gentoo
advisories | CVE-2022-3515, CVE-2022-47629
SHA-256 | ac69401436c9a575a37a5e7c9a25d6ebc19a3536a7758cb526dd48036ce3f6b7
Hughes Satellite Router Remote File Inclusion Cross Frame Scripting
Posted Dec 29, 2022
Authored by LiquidWorm | Site zeroscience.mk

Hughes Satellite Router contains a cross-frame scripting via remote file inclusion vulnerability that may potentially be exploited by malicious users to compromise an affected system. This vulnerability may allow an unauthenticated malicious user to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application. Affected versions include HX200 8.3.1.14, HX90 6.11.0.5, HX50L 6.10.0.18, HN9460 8.2.0.48, and HN7000S 6.9.0.37.

tags | exploit, remote, file inclusion
SHA-256 | 01732a937c344613efd7c1ef744f546511c874deecd845ef0ca2d232baf0e177
ProLink PRS1841 Backdoor Account
Posted Dec 29, 2022
Authored by Lawrence Amer | Site 0xsp.com

The ProLink PRS1841 home router suffers from having a backdoor account.

tags | exploit
SHA-256 | 3b3f62ff4e1b4590c8305809b96ee38b5562205c50d53c76fe183bb2b9098cc5
Debian Security Advisory 5306-1
Posted Dec 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5306-1 - Several vulnerabilities were discovered in gerbv, a Gerber file viewer, which could result in the execution of arbitrary code, denial of service or information disclosure if a specially crafted file is processed.

tags | advisory, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2021-40393, CVE-2021-40394, CVE-2021-40401, CVE-2021-40403
SHA-256 | 7896eb7f39ff77b06df66ff231f2b139698bb7e0c2257720b0e8cb19f5d9616d
Scapy Packet Manipulation Tool 2.5.0
Posted Dec 27, 2022
Authored by Philippe Biondi | Site secdev.org

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.

Changes: Added Python 3.9 and 3.10 support. Added macOS 10.15 support. Fixed sniffing performance issues with 2.4.4+ on Windows. Greatly improve BPF (macOS) support. Enhanced loopback interface support on Linux, *BSD, and Windows. SPDX License identifiers added. Several major CLI improvements, especially in autocompletion. Dozens of additional changes to layers, automotive, and misc have been added.
tags | tool, scanner, python
systems | unix
SHA-256 | 97c3f6c9258eeaa609e3ccab62531670b425713dd17c0415f512201c2b8cc82e
Enlightenment 0.25.3 Privilege Escalation
Posted Dec 27, 2022
Authored by nu11secur1ty

Enlightenment version 0.25.3 suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2022-37706
SHA-256 | e93489fd26e004d0d8880e5321f8ef4bf09f86a9c280083061f1af59051648cf
Courier Deprixa 2.5 Backdoor Account
Posted Dec 27, 2022
Authored by indoushka

Courier Deprixa version 2.5 has been reported as having a default backdoor account.

tags | exploit
SHA-256 | 3a121fed1fd3a0fe5e54d808739af402717fe948c5337a2d8d57899e47052bd6
Consultine Consulting Business And Finance Website CMS 1.8 Backdoor Account
Posted Dec 27, 2022
Authored by indoushka

Consultine Consulting Business and Finance Website CMS version 1.8 has been reported as having a default backdoor account.

tags | exploit
SHA-256 | b01ff83e9023892637ef4b2ca2dc55c76008f96e63ddf7c00f0eff741fd7f0d6
Car Dealer Pro 2.01 Backdoor Account
Posted Dec 27, 2022
Authored by indoushka

Car Dealer Pro version 2.01 has been reported as having a default backdoor account.

tags | exploit
SHA-256 | 45070a286856c5480a1c62319dc30408713e7974d5b858a58996f94c6ecfb61f
Botble 5.28.3 Backdoor Account
Posted Dec 27, 2022
Authored by indoushka

Botble version 5.28.3 has been reported as having a default backdoor account.

tags | exploit
SHA-256 | 9019ea1efb9719d19fc427dcd03b1617a9e0de63cac0a7371971e4c48ffb951d
Active Ecommerce CMS 6.4.0 Backdoor Account
Posted Dec 27, 2022
Authored by indoushka

Active Ecommerce CMS version 6.4.0 has been reported as having a default backdoor account.

tags | exploit
SHA-256 | ea72e7900caac2445ffc46c8240e581257d6110735dbf3603c06d5ae8f70953d
Student Attendance Management System 1.0 SQL Injection
Posted Dec 27, 2022
Authored by nu11secur1ty

Student Attendance Management System version 1.0 from Erick O. Omundi suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 62ef7d730378e8b973e75259554b08cbf8e3e7b8cc4d125c4c7eb687d7f04bef
ProLink PRS1841 PLDT Router Backdoor
Posted Dec 27, 2022
Authored by Lawrence Amer | Site 0xsp.com

The ProLink PRS1841 home router suffers from having a backdoor account.

tags | exploit
SHA-256 | 466a821fd095cb459000dd568367e6da0699862ec141e5a07fa26f40fc62dad7
OpenTSDB 2.4.0 Command Injection
Posted Dec 23, 2022
Authored by Shai rod, Erik Wynter | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 (CVE-2020-35476) in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.0 or lower, the module performs additional checks to obtain the configured metrics and aggregators. It then randomly selects one metric and one aggregator and uses those to instruct the target server to plot a graph. As part of this request, the yrange parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully tested against OpenTSDB version 2.3.0.

tags | exploit, remote, root, code execution
advisories | CVE-2020-35476
SHA-256 | 7183104f20371379d7bbd3538dcce42a94117e14b0bb74805ced99f7bd85603f
GRAudit Grep Auditing Tool 3.5
Posted Dec 23, 2022
Authored by Wireghoul | Site justanotherhacker.com

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Changes: Added Eiffel rules. Updated secret rules. Reduced false positives in php rules. Reduced false positives in nim rules. Added typescript rules. Fixed path issue in misc/gitscan. Bugfix for actionscript, asp and ios rules. Rule correctness adjustments to asp rules. Minor documentation updates.
tags | tool
systems | unix
SHA-256 | 3e5640bdf3520143887748dd71372f092de7b62b576127bda963e7187d1ac1e1
WordPress Yith WooCommerce Gift Cards Premium 3.19.0 Shell Upload
Posted Dec 23, 2022
Authored by Dave Jong | Site wordfence.com

WordPress Yith WooCommerce Gift Cards Premium plugin versions 3.19.0 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2022-45359
SHA-256 | dcd88dd9c8059a2065d4797ada28efaa82a7e64b25ece681f77bf1889891ddf7
Stock Management System 2022 1.0 From Erick Cesar SQL Injection
Posted Dec 23, 2022
Authored by nu11secur1ty

Stock Management System 2022 version 1.0 from Erick Cesar suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ade07070843b1cd49c2828f05194f05b9d998ceca6cfae3ab368b539941ee210
cryptmount Filesystem Manager 6.1.1
Posted Dec 22, 2022
Authored by RW Penney | Site cryptmount.sourceforge.net

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Changes: Updated various maintainer URLs to point to github.com. Reduced verbosity of manual-page variable substitution. Improved unit-test support for NVME devices.
tags | tool, kernel, encryption
systems | linux, unix
SHA-256 | 4938bf851be567140d2704bf5e60750b643450971c0a52de6ccaf993ac0090b4
Eclipse Business Intelligence Reporting Tool 4.11.0 Remote Code Execution
Posted Dec 22, 2022
Authored by Armin Stock | Site sec-consult.com

Eclipse Business Intelligence Reporting Tool versions 4.11.0 and below suffer from a bypass vulnerability that allows for remote code execution.

tags | exploit, remote, code execution, bypass
advisories | CVE-2021-34427
SHA-256 | c55f3454bd72ca20861da343024e58d83bdc1baa9d2abb5c622862d863e3caba
4images 1.9 Remote Command Execution
Posted Dec 22, 2022
Authored by Andrey Stoykov

4images version 1.9 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | d876d4e5b40a274d6db099e265423f9f96e10557a0bc7523e13fbd5618f59557
macOS/x64 Execve Caesar Cipher String Null-Free Shellcode
Posted Dec 22, 2022
Authored by Bobby Cooke

286 bytes small macOS/x64 execve Caesar cipher string null-free shellcode.

tags | shellcode
SHA-256 | aa23ac4a240ae6871b72d0723b1c8d4ebded5889ad862b0dd0455f86699c05a2
macOS/x64 Execve Null-Free Shellcode
Posted Dec 22, 2022
Authored by Bobby Cooke

253 bytes small macOS/x64 execve null-free shellcode.

tags | shellcode
SHA-256 | 8b589116ca43d93bd39b3f0f87c1530ec372e055ebb8ddff6b021bf288966dd7
Debian Security Advisory 5305-1
Posted Dec 22, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5305-1 - An integer overflow flaw was discovered in the CRL signature parser in libksba, an X.509 and CMS support library, which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2022-47629
SHA-256 | 843e53a80f0ad2baa47a3b31ceb1888ec6e137e08eb3fb471504684ad2c01fb9
Page 1 of 12
Back12345Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close