what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2018-05-28 to 2018-05-29

Appnitro MachForm SQL Injection / Traversal / File Upload
Posted May 28, 2018
Authored by Amine Taouirsa

Appnitro MachForm suffers from remote file upload, remote SQL injection, and path traversal vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, file inclusion, file upload
advisories | CVE-2018-6409, CVE-2018-6410, CVE-2018-6411
SHA-256 | 29ad09f6e7112cceddfe216c07e3423ff01d9605ecbdf939deff018b09bb2832
libmobi 0.3 Information Disclosure
Posted May 28, 2018
Authored by bear.xiong

The mobi_parse_mobiheader function in read.c in libmobi version 0.3 allows remote attackers to cause an information disclosure (heap-buffer-overflow out-of-bounds read) via a crafted mobi file.

tags | exploit, remote, overflow, info disclosure
advisories | CVE-2018-11432, CVE-2018-11433, CVE-2018-11434, CVE-2018-11435, CVE-2018-11436, CVE-2018-11437, CVE-2018-11438
SHA-256 | babc700fdfbf7569414cc4b5cc9368b9e9d4a00a0985a70e4dbb9bbe3dcd9824
WordPress Events Calendar 1.0 SQL Injection
Posted May 28, 2018
Authored by Ozkan Mustafa Akkus

WordPress Events Calendar plugin version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 806a1b2edbf1e1dfb95044f6dd57692fb5902dbab18b558d5ea9eb4b23cc7703
Ubuntu Security Notice USN-3586-2
Posted May 28, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3586-2 - USN-3586-1 fixed a vulnerability in DHCP. This update provides the corresponding update for Ubuntu 12.04 ESM. Felix Wilhelm discovered that the DHCP client incorrectly handled certain malformed responses. A remote attacker could use this issue to cause the DHCP client to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the dhclient AppArmor profile. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-5732, CVE-2018-5733
SHA-256 | 87bf0b43aecf798e53a7ec0e8497cf38db7e719785f0c2616c8cddec7692bcc1
Joomla Full Social 1.1.0 SQL Injection
Posted May 28, 2018
Authored by Borna Nematzadeh

Joomla Full Social extension version 1.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ce93df768137fac4a7b861712045a2aa41187528bd67fe5cda4b8f73befa87cb
Joomla JoomOCShop 1.0 Cross Site Request Forgery
Posted May 28, 2018
Authored by Borna Nematzadeh

Joomla JoomOCShop component version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 066af939a7670d681433259ae5b324a01af7318181811d3d4496b384fa8445c0
DomainMod 4.09.03 Cross Site Scripting
Posted May 28, 2018
Authored by longer

DomainMod version 4.09.03 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-11403, CVE-2018-11404
SHA-256 | abc27fba0510717d1a5f7a087b7da4cdf65dd561e3b0c927fd6ad6c5a9cc2713
TP-Link TL-WR840N / TL-WR841N Authentication Bypass
Posted May 28, 2018
Authored by BlackFog Team

TP-Link TL-WR840N and TL-WR841N suffer from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 9bc6863b7767effc424671cde611c90b951d22eb5f197625c4189947f30737df
Engel Voelkers Cross Site Scripting
Posted May 28, 2018
Authored by Ismail Tasdelen

www.engelvoelkers.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ca63dd8900bc530bb28fd2119fb867c60f4e129331a7b454bbec9119b07f1f5d
Joomla jCart For OpenCart 2.3.0.2 Cross Site Request Forgery
Posted May 28, 2018
Authored by Borna Nematzadeh

Joomla jCart for OpenCart component version 2.3.0.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 114563506afd2b68b276ae85037c5e86677c9c3d1888697553baf7f13e4d2a43
Kernel Live Patch Security Notice LSN-0039-1
Posted May 28, 2018
Authored by Benjamin M. Romer

Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux
advisories | CVE-2017-17862, CVE-2018-1000004, CVE-2018-1092, CVE-2018-1093, CVE-2018-8087
SHA-256 | 0e3788ff5b92bdb81c16b39e96e620f55d7e00317265a10546173540afa06d71
CloudMe Sync SEH Buffer Overflow
Posted May 28, 2018
Authored by Juan Prescotto

CloudMe Sync versions prior to 1.11.0 SEH buffer overflow exploit with DEP bypass.

tags | exploit, overflow
SHA-256 | f0e35b18cc3b45a2f7245397a9807fa2574cce43e052d6507bbce428f8230e1f
wityCMS 0.6.1 Cross Site Scripting
Posted May 28, 2018
Authored by Nathu Nandwani

wityCMS version 0.6.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-11512
SHA-256 | cf35f62293a5c896e129d0813de47e7e5cdcf4189cc5ad8ec259e3deaca58794
Linux/x86 TCP/5555 Bindshell Shellcode
Posted May 28, 2018
Authored by Luca Di Domenico

98 bytes small Linux/x86 TCP/5555 bindshell shellcode.

tags | x86, tcp, shellcode
systems | linux
SHA-256 | 2695862019edfec544f315d7be17d3f2bf86d2f43cc665a7c5133f3db8244852
Dell EMC RecoverPoint Command Injection / LDAP Password Leak / File Read
Posted May 28, 2018
Authored by Paul Taylor | Site emc.com

Dell EMC RecoverPoint versions prior to 5.1.2 and Dell EMC RecoverPoint Virtual Machine (VM) versions prior to 5.1.1.3 suffer from command injection, LDAP password leak, and arbitrary file read vulnerabilities.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2018-1235, CVE-2018-1241, CVE-2018-1242
SHA-256 | a32f56f16886245544fb248cad14e2e09e7d117b2031783004120f837bd910e0
ALFTP 5.31 Buffer Overflow
Posted May 28, 2018
Authored by Gokul Babu

ALFTP version 5.31 suffers from a local buffer overflow vulnerability.

tags | exploit, overflow, local
SHA-256 | dd60385cff880c4348304843c3efe5d0c745d73e9510506c9db9ff1f9fa6ae92
Software Advice 1.0 Cross Site Scripting
Posted May 28, 2018
Authored by Ismail Tasdelen

Software Advice version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7bc406a8580de28cdfb85b1124b94292bb3c70c3821030fa776315ab32a88bfb
JDA Connect CSRF / Command Execution / Exposed JMX Service
Posted May 28, 2018
Authored by Xiaoran Wang

JDA Connect suffers from cross site request forgery, JMX interface exposure, and command execution vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 9208639b230a277236982d9d21e65b17c68509bc2d0a40672ac22f324f504dfb
Accellion Kiteworks Authentication Bypass
Posted May 28, 2018
Authored by jerinjoy

Accellion Kiteworks versions prior to 2017.01.00 suffer from an authentication bypass vulnerability.

tags | advisory, bypass
SHA-256 | d347dee5b223a51f0bdd3cd6f19b767f912e1d12f4d86c8a16314862e8c9b919
JDA Warehouse Management System Buffer Overflow / SQL Injection / XML Injection
Posted May 28, 2018
Authored by Xiaoran Wang

JDA Warehouse Management System suffers from buffer overflow, code execution, cross site request forgery, XML external entity injection, file disclosure, remote SQL injection, and various other vulnerabilities.

tags | exploit, remote, overflow, vulnerability, code execution, sql injection, csrf
SHA-256 | 80c3d8cda05b3dd2c84304a7b43325ab0b1c8a0d9a228f7465df525ab144814c
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close