what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

Files Date: 2013-08-16 to 2013-08-17

Java storeImageArray() Invalid Array Indexing
Posted Aug 16, 2013
Authored by sinn3r, juan vazquez, temp66 | Site metasploit.com

This Metasploit module abuses an Invalid Array Indexing Vulnerability on the static function storeImageArray() function in order to produce a memory corruption and finally escape the Java Sandbox. The vulnerability affects Java version 7u21 and earlier. The module, which doesn't bypass click2play, has been tested successfully on Java 7u21 on Windows and Linux systems. This was created based upon the Packet Storm Bug Bounty release for this issue.

tags | exploit, java, bug bounty, packet storm
systems | linux, windows
advisories | CVE-2013-2465, OSVDB-96269
SHA-256 | 0c05dd015762db29445b83c9149e17cf5ae97454169c165283cc6da07609a5dd
OWASP Xenotix XSS Exploit Framework 4
Posted Aug 16, 2013
Authored by Ajin Abraham | Site owasp.org

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

tags | tool, web, xss, proof of concept
SHA-256 | ec7eae73fb105951ed22898d881dae39b54e162988b8fdc8b9fc11276d59d8f0
IBM 1754 GCM16 1.18.0.22011 Command Execution
Posted Aug 16, 2013
Authored by Alejandro Alvarez Bravo

IBM 1754 GCM16 versions 1.18.0.22011 and below contain a flaw that allows a remote authenticated user to execute unauthorized commands as root. This flaw exist because webapp variables are not sanitized. In this case, parameters $count and $size from ping.php allow to create a special crafted URL to inject text to an exec() so it can be arbitrary used to execute any command on the KVM embedded linux.

tags | exploit, remote, arbitrary, root, php
systems | linux
advisories | CVE-2013-0526
SHA-256 | 44101c7790ad77030789c00566685d651abc1d129781a7ca33533e87d6ef5da9
Open-Xchange AppSuite 7.2.2 Race Condition
Posted Aug 16, 2013
Authored by Martin Braun

Open-Xchange AppSuite version 7.2.2 suffers from a race condition vulnerability.

tags | advisory
advisories | CVE-2013-5035
SHA-256 | 29dc634c735488b15be5d3c5505557afe8bba7b4881bed94b6d11caad980cbda
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close