what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files

Netgear WNDRMAC 1.0.0.22 Information Disclosure
Posted May 13, 2012
Authored by Nathaniel Carew | Site senseofsecurity.com.au

Netgear WNDRMAC versions 1.0.0.22 and below suffer from a serial number disclosure vulnerability.

tags | exploit, web
SHA-256 | 664bd8ae2a0cd1c838915a72e05bf722f27b543f881fd63debb15589291aab4c

Related Files

SOS JobScheduler 1.13.3 Stored Password Decryption
Posted Jun 16, 2020
Authored by Sander Ubink

SOS JobScheduler version 1.13.3 encrypts a secret by simply using the name of a profile as the key, making it trivial to decrypt.

tags | exploit
advisories | CVE-2020-12712
SHA-256 | fe2cf7ab1a965708745f8a3ccea8786f1c5edbfe5c3b8ab23a4f225c60f669af
Google Active Directory Sync (GADS) Tool 3.1.3 Information Disclosure
Posted Apr 3, 2013
Authored by Nathaniel Carew | Site senseofsecurity.com.au

Google Active Directory Sync (GADS) Tool versions 3.1.3 and below suffer from a local information disclosure vulnerability.

tags | exploit, local, info disclosure
SHA-256 | 5af6fac3359b45806a514cce9e316949ac1c763760a0a252335bc60361e5db98
SilverStripe CMS 3.0.2 Cross Site Request Forgery / Cross Site Scripting
Posted Nov 30, 2012
Authored by Nathaniel Carew | Site senseofsecurity.com.au

SilverStripe version 3.0.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 5cb762b339a330f6095d9df36320aed93b37bcf830588eaba27f260b27da40fb
FileBound On-Site Privilege Escalation
Posted Oct 11, 2012
Authored by Nathaniel Carew | Site senseofsecurity.com.au

FileBound On-Site versions prior to 6.2 suffer from a remote privilege escalation vulnerability due to a faulty control validating password requests.

tags | exploit, remote
SHA-256 | 8e56b4f4c9544dd8530de39fc0101066f47f4c720e156e0793d6aa0ddffaf44a
Ektron CMS 8.5.0 File Upload / XXE Injection
Posted Sep 6, 2012
Authored by Phil Taylor | Site senseofsecurity.com.au

Ektron CMS version 8.5.0 suffers from unauthenticated file upload and XXE injection vulnerabilities.

tags | exploit, vulnerability, file upload, xxe
SHA-256 | aec2ac7f32fa1685fd5e487de3e2ea551d1c03b5a65c07c2695b12fd0654d18e
Elcom Community Manager 7.4.10 Shell Upload
Posted Aug 25, 2012
Authored by Phil Taylor | Site senseofsecurity.com.au

Elcom Community Manager versions 7.4.10 from Elcom CMS suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 401ff74fdfc536a8f3c29661cb406b10fe55203d159972a2634931d9a52b3349
Squiz CMS 4.6.3 XXE Injection / Cross Site Scripting
Posted Jun 18, 2012
Authored by Nadeem Salim | Site senseofsecurity.com.au

Squiz CMS version 4.6.3 suffers from cross site scripting and XXE injection vulnerabilities.

tags | exploit, vulnerability, xss, xxe
SHA-256 | a5d045b3aad07ff6c6442d788cf3530feb8b0422a99a5af1dae6dda396024529
QNAP Command Injection
Posted Jun 17, 2012
Authored by Phil Taylor, Nadeem Salim | Site senseofsecurity.com.au

QNAP Turbo NAS with firmware versions 3.6.1 Build 0302T and below suffer from a command injection vulnerability that allows for remote code execution.

tags | exploit, remote, code execution
SHA-256 | bcec74851c024f2e1466935f495fd1687810e39d50b44f12aa001bc14964e143
Secunia Security Advisory 49099
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Jason Edelstein has reported a vulnerability in NetGear WNDRMAC, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | 4f4d0d4821715286cf4146e251818b0519a10b9edbc7d757fcc20e873e47ce62
Aurora WebOPAC SQL Injection
Posted Mar 16, 2012
Authored by Niket Khosla | Site senseofsecurity.com.au

Aurora WebOPAC suffers from a remote SQL injection vulnerability. Versions affected include 3.5.0e, 3.4.6a, 3.5.3, 3.5.0i, 3.4.7b, 3.5.2.2, 3.4.7b, and possibly others.

tags | advisory, remote, sql injection
SHA-256 | c2953c142e76ad17f190004540861518022a43999ae0d3e8793ef9f6ce681036
Iciniti Store 4.3.3683.31484 SQL Injection
Posted Mar 7, 2012
Site senseofsecurity.com.au

Iciniti Store version 4.3.3683.31484 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 468555f310e3babc2bec1e782bf7364b99eadd7c132f25fc01ef86f9aef13b79
Symfony 2 Unauthenticated Information Disclosure
Posted Mar 5, 2012
Authored by Phil Taylor | Site senseofsecurity.com.au

The XMLEncoder component of Symfony version 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system. Any application written in Symfony2 that parses user supplied XML is affected.

tags | exploit, arbitrary
SHA-256 | 41c5e9ed24bcfedc86e11b0fbb5e857209c2e898342bd3b498a8707a5985fdad
Snom IP Phone Privilege Escalation
Posted Feb 23, 2012
Authored by Nathaniel Carew | Site senseofsecurity.com.au

All versions of Snom IP Phone prior to 8.4.35 suffer from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 9e5b6063e0a97f160456f3011fab1f5a1ffe250662f024fd27b0438d6244a154
WordPress BackWPup 2.1.4 Code Execution
Posted Oct 17, 2011
Authored by Phil Taylor | Site senseofsecurity.com.au

WordPress plugin BackWPup version 2.1.4 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | e8922fa4c7addf7e093d643ed4e3247a3aeeba16d61549f286d287b09cde8758
NETGEAR CG814WG Cross Site Request Forgery
Posted Sep 21, 2011
Site senseofsecurity.com.au

The NETGEAR Wireless Cable Modem Gateway model CG814WG suffers from authentication bypass, cross site request forgery, and other vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | ca0cb4ca523d4b1ed566b694edcda33f3ed5049b521a2b8f296b638be22fb96e
Cisco TelePresence Cookie Theft / Impersonation / Code Execution
Posted Sep 19, 2011

Cisco TelePresensce Series suffers from client-side code execution, denial of service, cookie theft, loss of confidentiality, and impersonation vulnerabilities.

tags | exploit, denial of service, vulnerability, code execution
systems | cisco
advisories | CVE-2011-2544, CVE-2011-2543, CVE-2011-2577
SHA-256 | bc7f59652d2d33927b5be11b22f77d5545fd6efa01646d0cc73f14ea610a6d87
Oracle Sun GlassFish Enterprise Server 2.1.1 Cross Site Scripting
Posted Jul 20, 2011
Site senseofsecurity.com.au

Oracle Sun GlassFish Enterprise Server version 2.1.1 suffers from a cross site scripting vulnerability. Proof of concept code included.

tags | exploit, xss, proof of concept
advisories | CVE-2011-2260
SHA-256 | e852d78319b40a191a8aa9ea6c5cefd12cf9f11cf487cae2ce22d9f26df1275b
PHPCaptcha / Securimage Authentication Bypass
Posted May 20, 2011
Authored by Phil Taylor | Site senseofsecurity.com.au

PHPCaptcha / Securimage versions 1.0.4 through 2.0.2 suffer from an authentication bypass vulnerability. Proof of concept code included.

tags | exploit, proof of concept, bypass
systems | linux
SHA-256 | 241cf163dd08c5ba7d4da72cdecbbb268ce65adffc9dc6337e5656dedb08a513
Cisco Unified Operations Manager XSS / SQL Injection / Directory Traversal
Posted May 18, 2011
Site senseofsecurity.com.au

Cisco Unified Operations Manager suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities. Versions 8.0 and 8.5 are affected.

tags | exploit, remote, vulnerability, xss, sql injection
systems | cisco
advisories | CVE-2011-0959, CVE-2011-0960, CVE-2011-0961, CVE-2011-0962, CVE-2011-0966
SHA-256 | d6733640509f4e53a13a0029f841b353ff1086c5280643834acf286ecbf3b8bc
Proofpoint Protection Server 5.5.5 Cross Site Scripting
Posted May 4, 2011
Authored by Karan Khosla | Site senseofsecurity.com.au

Proofpoint Protection Server version 5.5.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 412f53f289503ca09e6bb76b8fe8c5f67ba8e41e4c5e459c8514b9e1b2603ba2
Collaborative Passwords Manager (cPassMan) 1.82 Arbitrary File Download
Posted Apr 15, 2011
Authored by Kaan Kivilcim | Site senseofsecurity.com.au

Collaborative Passwords Manager (cPassMan) version 1.82 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | 967826b2fe42669cdbb86c278cdcd41df4089bd07c90acbcb696c66c58c57b9f
WordPress BackWPup 1.6.1 Code Execution
Posted Mar 28, 2011
Authored by Phil Taylor | Site senseofsecurity.com.au

The WordPress BackWPup plugin version 1.6.1 suffers from a vulnerability that allows for local or remote code to be executed.

tags | exploit, remote, local
SHA-256 | 9d1296daa3ec8fb23564f12b35f8a9259718b647bc906c9344ec6687a2bdcfa6
Elcom CommunityManager.NET Authentication Bypass
Posted Dec 20, 2010
Site senseofsecurity.com.au

Elcom CommunityManager.NET suffers from an authentication bypass vulnerability. Proof of concept code is included. Version 6.7 is vulnerable.

tags | exploit, proof of concept, bypass
SHA-256 | 7acb1f10e416f67bc4734d295a385802936a471c97a267dd98e74911fcfd8dbc
Adobe Reader 9.3.4 Multiple Memory Corruption Issues
Posted Oct 8, 2010
Authored by Brett Gervasoni | Site senseofsecurity.com.au

Adobe Reader version 9.3.4 is vulnerable to multiple memory corruption vulnerabilities. By sending specially crafted PDF files it is possible to cause memory corruption in the 3difr and AcroRd32.dll modules. Both issues trigger a null pointer condition which results in an access violation. The issue in AcroRd32.dll is triggered when Adobe Reader is closed.

tags | advisory, vulnerability
advisories | CVE-2010-3630
SHA-256 | 8cc088f240fc45c266a250afb545cea36a5bbe247a4e721a59aa2a79ae7d9a37
Apache 2.2.14 mod_isapi Dangling Pointer
Posted Mar 6, 2010
Authored by Brett Gervasoni | Site senseofsecurity.com.au

By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache 2.2.14 mod_isapi that will unload the target ISAPI module from memory. However function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability. Successful exploitation results in the execution of arbitrary code with SYSTEM privileges.

tags | advisory, arbitrary
advisories | CVE-2010-0425
SHA-256 | 90f73578fb832e46f16d36335ab9911e89d608d85ddf6502b6fd7c3f8e006935
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close