what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2015-09-28 to 2015-09-29

Centreon 2.6.1 Command Injection
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Centreon version 2.6.1 suffers from a command injection vulnerability. The POST parameter 'persistant' which serves for making a new service run in the background is not properly sanitized before being used to execute commands. This can be exploited to inject and execute arbitrary shell commands as well as using cross site request forgery attacks.

tags | exploit, arbitrary, shell, csrf
SHA-256 | de65336a8a68b4177f682854c6416feedbbf44c0a5ff31835c174e78d0ac4037
IconLover 5.4.5 Stack Buffer Overflow
Posted Sep 28, 2015
Authored by Vulnerability Laboratory, ZwX | Site vulnerability-lab.com

IconLover version 5.4.5 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 96362c631d4c3b738ce245283544cd680aad9448b9f8b0b08fdb3b35d96e4555
Photos In Wifi 1.0.1 File Upload
Posted Sep 28, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Photos in Wifi version 1.0.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 4a00b037a1dc3051f06630d1a90f45ed20afc5751a1f8f286020dfd2832f6a2b
Centreon 2.6.1 Add Administrator Cross Site Request Forgery
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Centreon version 2.6.1 add administrator cross site request forgery exploit.

tags | exploit, csrf
SHA-256 | fb7aeb82618878ab24c9f5c4140479064eb157f08ed35e744bf8bc3096f3f188
Flash Failing Checks On uint Capacity Field
Posted Sep 28, 2015
Authored by Google Security Research, forshaw

The latest version of the Vector.primitive length check in Flash 18,0,0,232 is not robust against memory corruptions such as heap overflows. While it is no longer possible to obviously bypass the length check there is still unguarded data in the object which could be corrupted to serve as a useful primitive.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-5568
SHA-256 | 8a4222c338a3d67f609ec341393b261bae85b7cd1930829eb76c347db90be962
BisonWare BisonFTP 3.5 Directory Traversal
Posted Sep 28, 2015
Authored by Jay Turla

BisonWare BisonFTP version 3.5 suffers from a directory traversal vulnerability.

tags | exploit
SHA-256 | 1575080d2288468ab9940c569c8d1809df7eea9a1a1378d054311901e42a6d5b
ManageEngine EventLog Analyzer Remote Code Execution
Posted Sep 28, 2015
Authored by xistence | Site metasploit.com

This Metasploit module exploits a SQL query functionality in ManageEngine EventLog Analyzer v10.6 build 10060 and previous versions. Every authenticated user, including the default "guest" account can execute SQL queries directly on the underlying Postgres database server. The queries are executed as the "postgres" user which has full privileges and thus is able to write files to disk. This way a JSP payload can be uploaded and executed with SYSTEM privileges on the web server. This Metasploit module has been tested successfully on ManageEngine EventLog Analyzer 10.0 (build 10003) over Windows 7 SP1.

tags | exploit, web
systems | windows
SHA-256 | 883715a7f63b19f3be245204a59084b8ad642d1866b7fdd2c6b33080b2dcb675
Rowhammer Linux Kernel Privilege Escalation Proof Of Concept
Posted Sep 28, 2015
Authored by Google Security Research, mseaborn

Proof of concept exploit code for the Linux Rowhammer DRAM privilege escalation vulnerability.

tags | exploit, proof of concept
systems | linux
SHA-256 | 489f5aee79c282a129929f43e430e1183b4104c9deb7c71d43c23c88bca7a02c
Centreon 2.6.1 Shell Upload
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Centreon version 2.6.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | d6f7d3dc2b9d187d9f488cbf0e34984b389cdb34f36401b172e21e70df766956
WordPress Appointment Booking Calendar 1.1.7 XSS
Posted Sep 28, 2015
Authored by Iberia Medeiros

WordPress Appointment Booking Calendar plugin version 1.1.7 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-7320
SHA-256 | e41e23f354eb6f4f08e77c00b69191422177ba4009cf99f1480256bf86d9069a
ProjeQtor 4.5.2 Shell Upload
Posted Sep 28, 2015
Authored by Arturo Rodriguez

ProjeQtor version 4.5.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 081258bf82d0ffd88eeb2b6c53406776966e393e12f59c27c56af0870c182791
DNS Spider Multithreaded Bruteforcer 0.7
Posted Sep 28, 2015
Authored by noptrix | Site nullsecurity.net

DNS Spider is a multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.

Changes: Upgraded built-in wordlist. Removed annoying timeout warnings and color output when logging to file.
tags | tool, scanner
systems | unix
SHA-256 | a90aefae7da1aa551b84f0d928a33148efdd96e29752d17dd31962c49fe72368
Ubuntu Security Notice USN-2747-1
Posted Sep 28, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2747-1 - Dario Weisser discovered that the NVIDIA graphics drivers incorrectly handled certain IOCTL writes. A local attacker could use this issue to possibly gain root privileges.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2015-5950
SHA-256 | 93ae91f31f2689b548949ab00e6bc3a4f6a00e3221eb6c715a036784028c2edf
Open Source Point Of Sale 2.3.1 Cross Site Scripting
Posted Sep 28, 2015
Authored by Arturo Rodriguez

Open Source Point of Sale version 2.3.1 suffers from a persistent cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2015-0299
SHA-256 | f1671bce7a9da376f8b83740a41aa9d21414efb032bfcb02310d72edd617c40b
Collabtive 2.0 Shell Upload
Posted Sep 28, 2015
Authored by Arturo Rodriguez

Collabtive version 2.0 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2015-0258
SHA-256 | b1ee0eb6e9437d18623734420a78d2cd726cde7dca6939be3c5774847879e5a4
Mango Automation 2.6.0 File Upload / Code Execution CSRF
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Mango Automation version 2.6.0 file upload and arbitrary JSP code execution cross site request forgery exploit.

tags | exploit, arbitrary, code execution, file upload, csrf
SHA-256 | 369af63a236f59835ae9d5a84423f18106dbf1b5306ca3dd89941c5d6319d779
Mango Automation 2.6.0 Command Execution Cross Site Request Forgery
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Mango Automation version 2.6.0 arbitrary command execution cross site request forgery exploit.

tags | exploit, arbitrary, csrf
SHA-256 | b09f9d0d9450a157ee3b553cca92aa462e2f7e2a6ee87d0b4a8ba6fbcc0e4298
Mango Automation 2.6.0 Unprotected Debug Log View
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Mango Automation version 2.6.0 suffers from an information disclosure vulnerability because it contains default configuration for debugging enabled in the '/WEB-INF./web.xml' file (debug=true). An attacker can entice a logged-in user to visit a specially crafted URL which will produce a system exception with stack trace on the Jetty server. When this error occurs, the debug option generates a status page with all the information from the visitor, meaning that the attacker is able to see usernames, password hashes, e-mails and of course, Cookie sessions). Using the generated error, the attacker can easily perform session hijacking and take over the system using previously discovered vulnerabilities by just visiting the status page non-authenticated.

tags | exploit, web, vulnerability, info disclosure
SHA-256 | 1fbd54960e1a8376a34addc2eda82c308365f46b97f014b96b16a22e077651c6
Mango Automation 2.6.0 SQL Query Cross Site Request Forgery
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Mango Automation version 2.6.0 arbitrary SQL query execution cross site request forgery exploit.

tags | exploit, arbitrary, csrf
SHA-256 | 38d00e0cab4a748a1fcc3245087d28805312e778adcb96788a6049042e972de6
Mango Automation 2.6.0 Add Admin Cross Site Request Forgery
Posted Sep 28, 2015
Authored by LiquidWorm | Site zeroscience.mk

Mango Automation version 2.6.0 add administrator cross site request forgery exploit.

tags | exploit, csrf
SHA-256 | 3452804cb607c2191e8133952e326e01991ce212c3686cc9fd10f03579695729
OrangeHRM 3.3.1 Unauthorized Data Manipulation
Posted Sep 28, 2015
Authored by vishnu raju

OrangeHRM versions 3.3.1 and below suffer from an unauthorized data manipulation vulnerability.

tags | advisory
SHA-256 | 1f29e60d43418bbd4fba574abac4e07b014ed91d412c75eedb2deb6a5aa41d16
HP Security Bulletin HPSBHF03513
Posted Sep 28, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03513 - Potential security vulnerabilities have been identified with certain HP PCs and workstations with Windows and Linux running the NVidia Graphics Driver. The vulnerabilities could be locally exploited resulting in Denial of Service (DoS) and elevation of privilege. Note: This issue is present on Windows and Linux operating systems and affects all currently supported NVIDIA driver releases and all GPUs. This issue does not affect Android based NVIDIA Tegra products. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2015-5950
SHA-256 | ec26c4604b9de2314879b4fe75f99245c83a0fb1824494b34d2637127bf7aa05
My.WiFi USB Drive 1.0 File Inclusion
Posted Sep 28, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

My.WiFi USB Drive version 1.0 suffers from a file inclusion vulnerability.

tags | exploit, file inclusion
SHA-256 | 291d895c909d0e7e884d9e3475bc4fd0693023383eef111c66707bcae766d782
Flowdock API Script Insertion
Posted Sep 28, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Flowdock API suffers from a malicious script insertion vulnerability.

tags | exploit
SHA-256 | a3b7855c7e90fcf4c75103af35130d53982d9d62505e762c85e860f5faf3646d
NodeBB 0.8.2 Cross Site Scripting
Posted Sep 28, 2015
Authored by Vulnerability Laboratory, Mikica Ivosevic | Site vulnerability-lab.com

NodeBB version 0.8.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d57f11bfe70287dfffacacdc169c4b777ffa00972b7da86b4dc99814bccfc23f
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close