Showing 1 - 7 of 7

Files Date: 2012-12-08 to 2012-12-09

MyBB Kingchat Cross Site Scripting: Posted Dec 8, 2012; Authored by VipVince; MyBB Kingchat plugin suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | f94936996d8bbc5aab405f1a278b3a60ca5bd96993d1d961b16d7ab401fe2618; Download | Favorite | View

vBulletin 3.x / 4.x AjaxReg SQL Injection: Posted Dec 8, 2012; Authored by Cold z3ro; vBulletin versions 3.x and 4.x suffer from an AjaxReg remote blind SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | ba1d7d1f1438618fb4cca970000c2c7a3b406383099377a97eb9a8f42042b758; Download | Favorite | View

Site Builder RumahWeb File Disclosure: Posted Dec 8, 2012; Authored by X-Cisadane, xevil; Site Builder RumahWeb suffers from an arbitrary configuration file disclosure vulnerability.; tags | exploit, arbitrary, info disclosure; SHA-256 | 352ce885151eeb10f83fdaf153f611f686de4e94c4fc6ffc44044477b598a574; Download | Favorite | View

FreeFloat FTP Server Arbitrary File Upload: Posted Dec 8, 2012; Authored by sinn3r, juan vazquez | Site metasploit.com; This Metasploit module abuses multiple issues in FreeFloat: 1. No credential is actually needed to login; 2. User's default path is in C:\, and this cannot be changed; 3. User can write to anywhere on the server's file system. As a result of these poor implementations, a malicious user can just log in and then upload files, and let WMI (Management Instrumentation service) to execute the payload uploaded.; tags | exploit; SHA-256 | 7e4b33e6e72bc7067803b531d78ed6fe17a2b9daf5dacfbff469915388c07408; Download | Favorite | View

Centrify Deployment Manager 2.1.0.283 Local Root: Posted Dec 8, 2012; Authored by Larry W. Cashdollar; Centrify Deployment Manager version 2.1.0.283 suffers from a race condition in /tmp that allows for local root privilege escalation.; tags | exploit, local, root; SHA-256 | 7571d7bb4780c1d99a2465c7ff79b8660346fa719c99eca6d189b83896c08490; Download | Favorite | View

Maxthon3 about:history XCS Trusted Zone Code Execution: Posted Dec 8, 2012; Authored by Roberto Suggi Liverani, sinn3r, juan vazquez | Site metasploit.com; Cross Context Scripting (XCS) is possible in the Maxthon about:history page. Injection in such privileged/trusted browser zone can be used to modify configuration settings and execute arbitrary commands. Please note this module only works against specific versions of XCS. Currently, we've only successfully tested on Maxthon 3.1.7 build 600 up to 3.2.2 build 1000.; tags | exploit, arbitrary; SHA-256 | edfb695d586066cbef9515fde0393bb119c669cea54c3475dc93bb3dcdbc8c10; Download | Favorite | View

Splunk 5.0 Custom App Remote Code Execution: Posted Dec 8, 2012; Authored by sinn3r, juan vazquez, [at]marcwickenden | Site metasploit.com; This Metasploit module exploits a feature of Splunk whereby a custom application can be uploaded through the web based interface. Through the 'script' search command a user can call commands defined in their custom application which includes arbitrary perl or python code. To abuse this behavior, a valid Splunk user with the admin role is required. By default, this module uses the credential of "admin:changeme", the default Administrator credential for Splunk. Note that the Splunk web interface runs as SYSTEM on Windows, or as root on Linux by default. This Metasploit module has only been tested successfully against Splunk 5.0.; tags | exploit, web, arbitrary, root, perl, python; systems | linux, windows; SHA-256 | 638c1ea3c9f99886762f0c13cc824ca25fe4fd419cf32123b703084f0680888f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days