exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Cross Site Scripting Payloads
Posted Apr 24, 2012
Site vulnerability-lab.com

Vulnerability Lab has produced a large amount of cross site scripting payloads that can be used with fuzzers for automated scanning, etc.

tags | paper, xss, fuzzer
SHA-256 | 71078b2183d9cc07ac1636ddcb7060fb73257b6ebaedff466a4e3c1617e9defc

Related Files

Projeqtor 9.3.1 Cross Site Scripting
Posted Jan 4, 2022
Authored by Oscar Gutierrez

Projeqtor version 9.3.1 suffers from a persistent cross site scripting vulnerability leveraging an svg file.

tags | exploit, xss
SHA-256 | bde147dde0e655b6460f8a6a34ccabd043f4088adb54286690a13f6711cf969d
COVID19 Testing Management System 1.0 SQL Injection
Posted Aug 12, 2021
Authored by Ashish Upsham

COVID19 Testing Management System version 1.0 suffers from a remote SQL injection vulnerability leveraging the searchdata parameter on the patient-search-report.php page. This is a variant of the original discovery of SQL injection in this version as discovered by Rohit Burke in May of 2021.

tags | exploit, remote, php, sql injection
SHA-256 | f002eabeb50977244e89748650d5102ddc6e7551996a2b13e8a2e3dd3a119827
CMSUno 1.6.2 Remote Code Execution
Posted Jan 28, 2021
Authored by Alexandre Zanni

CMSUno version 1.6.2 authenticated remote code execution exploit. The original discovery for the vulnerability leveraged is attributed to Fatih Celik in November of 2020.

tags | exploit, remote, code execution
advisories | CVE-2020-25538, CVE-2020-25557
SHA-256 | 2477146e721d33c19e7c9e103dfd83b0cfc4343413f007eb0260e88e64259065
Serv-U FTP Server 15.1.7 Cross Site Scripting
Posted Dec 17, 2019
Authored by Cyb0r9

Serv-U FTP Server version 15.1.7 suffers from a persistent cross site scripting vulnerability leveraging the Email parameter.

tags | exploit, xss
advisories | CVE-2019-19829
SHA-256 | aa2326e905a32869464797f4ab4f9f89f4833a91a24f94eef43d78621f1d001a
Sparkasse Cross Site Scripting
Posted Mar 7, 2019
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

The vulnerability laboratory core research team discovered multiple persistent cross site vulnerabilities in the Sparkasse online service web-application.

tags | exploit, web, vulnerability
SHA-256 | 42d53ff3e5deb653a5edb38b01a8cbe7d3ff0a34e775ab7bc920dfcbbfafaa0f
Google Android USB Directory Traversal
Posted Aug 13, 2018
Authored by Jann Horn, Google Security Research

Android suffers from a directory traversal vulnerability leveraged over USB via injection in blkid output.

tags | exploit
advisories | CVE-2018-9445
SHA-256 | 1a9a98a5d3646606a97839bbd61b73ee7e1fdecfe1c57894ed27e0090f81b250
Razer Synapse rzpnk.sys ZwOpenProcess
Posted Jul 22, 2017
Authored by Spencer McIntyre | Site metasploit.com

A vulnerability exists in the latest version of Razer Synapse (v2.20.15.1104 as of the day of disclosure) which can be leveraged locally by a malicious application to elevate its privileges to those of NT_AUTHORITY\SYSTEM.

tags | exploit, web, arbitrary, shellcode
advisories | CVE-2017-9769
SHA-256 | 9240ec8d6ca5d5eb386ea5fd8d70c4669a8c2b74388b4cb929f23fc1508d1dd8
AlienVault USM/OSSIM 5.3.4 / 5.3.5 Remote Command Execution
Posted Apr 14, 2017
Authored by temp66, Peter Lapp | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection in Alienvault USM/OSSIM versions 5.3.4 and 5.3.5. The vulnerability lies in an API function that does not check for authentication and then passes user input directly to a system call as root.

tags | exploit, root
SHA-256 | d72c139011d02b5dd53490824fea6a9d33d4ea93c69d1eaa4c8702f390b4d945
D-Link NAS / DNS Cross Site Scripting
Posted Aug 4, 2016
Authored by Benjamin Daniel Mussler

D-Link NAS and DNS series devices suffer from a stored cross site scripting vulnerability leveraged via unauthenticated smb.

tags | exploit, xss
SHA-256 | 9bea630d3d38c702848bb36c64938bc6d9f67aa4a832a9ec706a406f0d228f6d
Aruba Authentication Bypass / Insecure Transport / Tons Of Issues
Posted May 6, 2016
Authored by Google Security Research, Sven Blumenstein

Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices.

tags | exploit, remote, vulnerability, protocol
advisories | CVE-2007-0932, CVE-2014-7299, CVE-2016-2031, CVE-2016-2032
SHA-256 | 3a3494bcdbe8f6b8c31c2a7fca58aaa5c1af0d80362f0ec65e759ae54b68b2ac
Bypassing McAfee's Application Whitelisting For Critical Infrastructure Systems
Posted Jan 12, 2016
Authored by Rene Freingruber | Site sec-consult.com

This paper describes the results of the research conducted by SEC Consult Vulnerability Lab on the security of McAfee Application Control. This product is an example of an application whitelisting solution which can be used to further harden critical systems such as server systems in SCADA environments or client systems with high security requirements like administrative workstations. Application whitelisting is a concept which works by whitelisting all installed software on a system and after that prevent the execution of not whitelisted software. This should prevent the execution of malware and therefore protect against advanced persistent threat (APT) attacks. McAfee Application Control is an example of such a software. It can be installed on any system, however, the main field of application is the protection of highly critical infrastructures. While the core feature of the product is application whitelisting, it also supports additional security features including write and read protection as well as different memory corruption protections.

tags | paper
SHA-256 | 447953aeb8d3c594011048fcd1518b83478ae1bf8164d0159859893f8caa6b18
Western Union Cross Site Scripting
Posted Dec 22, 2015
Authored by Vulnerability Laboratory, Milan A Solanki | Site vulnerability-lab.com

The Vulnerability Laboratory Core Research Team discovered a client side cross site scripting web vulnerability in the official Western Union China web application.

tags | exploit, web, xss
SHA-256 | fa620ca37dc2f6c6837ce5da404bfa5e648280e8544058e2a100fb5356c8fa42
PayPal Authentication Bypass
Posted Sep 2, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

The Vulnerability Laboratory Core Research Team discovered a restriction filter bypass in the official PayPal Inc Mobile API for Apple iOS.

tags | advisory
systems | cisco, apple, ios
SHA-256 | aebf28b1409e41a13475d9756d4f6dcf370b04518d3a09a7f95d6ed6787c1200
Ferrari Simulator PHP CGI Argument Injection
Posted Aug 7, 2015
Authored by Vulnerability Laboratory, Kieran Claessens | Site vulnerability-lab.com

An independent vulnerability laboratory researcher discovered a remote code execution vulnerability in the official Ferrari online service web-application.

tags | exploit, remote, web, code execution
SHA-256 | cd634fe57ff51c217453aa33dc7e4cad2c507d2915ae0f729bba7792b937c431
AirLive Remote Command Injection
Posted Jul 6, 2015
Authored by Core Security Technologies, Nahuel Riva | Site coresecurity.com

Core Security Technologies Advisory - AirLive MD-3025, BU-3026, BU-2015, WL-2000CAM, and POE-200CAM are IP cameras designed for professional surveillance and security applications. The built-in IR LEDs provide high quality nighttime monitoring. These AirLive devices are vulnerable to an OS Command Injection Vulnerability. In the case of the MD-3025, BU-3026 and BU-2015 cameras, the vulnerability lies in the cgi_test.cgi binary file. In the case of the WL-2000CAM and POE-200CAM cameras, the command injection can be performed using the vulnerable wireless_mft.cgi binary file.

tags | exploit, cgi
advisories | CVE-2014-8389, CVE-2015-2279
SHA-256 | 4f5dfe0ba3159b241b97dd31fdce3b6857722610dfebf00e92c39d6677ccf2b6
Wireless Photo Transfer 3.0 Local File Include
Posted May 19, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

The Vulnerability Laboratory Research Team discovered a local file include vulnerability in the official Wireless Photo Transfer Mobile version 3.0 iOS application.

tags | advisory, local
systems | apple
SHA-256 | 8c45956de7bbff8e824ef289258164e1927f4f4d9ddcc638bb142469272f0b3b
Crucial Networking CRUCMS SQL Injection
Posted May 19, 2015
Authored by Vulnerability Laboratory, kjfido | Site vulnerability-lab.com

An independent Vulnerability Laboratory researcher discovered a remote SQL injection web vulnerability in the official Crucial Networking CRUCMS web application.

tags | advisory, remote, web, sql injection
SHA-256 | 012e19951d4d4560a4e25753146c9e294b8586acbbc08fc70636504e77a9384a
Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory
Posted May 1, 2015
Authored by Nicolas Joly, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits an uninitialized memory vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, which fails to initialize allocated memory. When using a correct memory layout this vulnerability leads to a ByteArray object corruption, which can be abused to access and corrupt memory. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 15.0.0.189.

tags | exploit
systems | windows
advisories | CVE-2014-8440
SHA-256 | 5e90527feb81af64901755b776a489cf3494498219d1281419ecb16f62818f6f
Avira License Application Cross Site Request Forgery
Posted Sep 1, 2014
Authored by Mazen Gamal, Vulnerability Laboratory | Site vulnerability-lab.com

An independent Vulnerability Laboratory Researcher discovered a cross site request forgery vulnerability in the official Avira license account system web-application.

tags | exploit, web, csrf
SHA-256 | ab4176d2b30b9e05afdd30da7c3b895224608b39c04f1ce77d350aa5b6774188
SonicWall Dashboard Cross Site Scripting
Posted Mar 6, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

The Vulnerability Laboratory Research Team discovered a client-side cross site scripting web vulnerability in the SonicWall backend servers with which firewalls communicate.

tags | exploit, web, xss
SHA-256 | a3ef7226bb0bd32e609daeaf47556d4710d38214467798953308e80c9e2d8bac
PayPal Cross Site Scripting
Posted Feb 13, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

This advisory documents the 17th PayPal bug bounty Vulnerability Labs received for a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c3159303306fc3e4bd5a3833fb174c160953470d614af33b1969327a5efddea0
Secunia Security Advisory 51431
Posted Dec 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Vulnerability Lab has reported multiple vulnerabilities in Fortinet FortiOS (FortiGate), which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 2fb1fd721beaec0fd6804d7b55966ccd10f3a55f9eb6075379368c937b98775c
Secunia Security Advisory 51430
Posted Dec 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Vulnerability Lab has reported a vulnerability in Fortinet FortiWeb, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | ee6aea6dc6c68ef6a1bb671dd1daeaf12619007221e8b383854faa18bc784f00
Secunia Security Advisory 51290
Posted Nov 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Vulnerability lab has reported two vulnerabilities in ManageEngine ServiceDesk Plus, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | f2c8ad4820af79432ab9ae3955e7ac0789beda59c53668e1c6c9b6908ab08caf
Secunia Security Advisory 51350
Posted Nov 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Vulnerability lab has discovered a vulnerability in ManageEngine ServiceDesk Plus, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | 405744ac70e936811a9441ca929e309eaf7e0606862ebefbee4b850eb79b36ac
Page 1 of 4
Back1234Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close