what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files

SPIP Core 3.0.1 / 2.1.14 / 2.0.19 Cross Site Scripting
Posted Jun 14, 2012
Authored by ASafety

SPIP Core versions below and equal to 3.0.1, 2,1.14, and 2.0.19 suffer from a cross site scripting vulnerability in the administrative panel.

tags | exploit, xss
SHA-256 | 5f46f70dfcbb4a11ad71960db80676cb97a1e1a148304daa9c476926ffe35c25

Related Files

SPIP CMS 2.x / 3.x Add Administrator / File Upload
Posted Mar 26, 2019
Authored by KingSkrupellos

SPIP CMS versions 2.x and 3.x suffer from unauthenticated add administrator and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, add administrator, file upload
SHA-256 | a7387c189d176bff2a0e9afc63e2bfada0350e829685bdc4a61f682b38596b2d
SPIP 3.1 Cross Site Scripting / Header Injection
Posted Nov 18, 2016
Authored by Tim Coen | Site curesec.com

SPIP version 3.1 suffers from head injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 394b3d785040fd809c2f73dd314d77d88779b3b4ac9853ba82bee47980e9b796
SPIP 3.1.2 Server Side Request Forgery
Posted Oct 20, 2016
Authored by Nicolas Chatelain

SPIP versions 3.1.2 and below suffer from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2016-7999
SHA-256 | dc168e14bb0b3787609859406eb46abb5130f843e9d1a807bf27946a599a5c1e
SPIP 3.1.2 Template Compiler / Composer PHP Code Execution
Posted Oct 20, 2016
Authored by Nicolas Chatelain

SPIP versions 3.1.2 and below suffer from a PHP code execution vulnerability.

tags | exploit, php, code execution
advisories | CVE-2016-7998
SHA-256 | 8fc707c64156c47e3eeb576edeae6ae8b7c1ca5620aec6068862b998fb7cc40c
SPIP 3.1.2 File Enumeration / Path Traversal
Posted Oct 20, 2016
Authored by Nicolas Chatelain

SPIP versions 3.1.2 and below suffer from file enumeration and path traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
advisories | CVE-2016-7982
SHA-256 | d2ab8b128415b09ef61ba0c89730401c75aa3f4ce322dd43fb4058ccc0950ac5
SPIP 3.1.2 Cross Site Scripting
Posted Oct 19, 2016
Authored by Nicolas Chatelain

SPIP versions 3.1.2 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-7981
SHA-256 | 82f26ce8d2e06a0310943f86601d4af8ea95702997bd1830df30452763eead8f
SPIP 3.1.2 Cross Site Request Forgery
Posted Oct 19, 2016
Authored by Nicolas Chatelain

SPIP versions 3.1.2 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2016-7980
SHA-256 | ac70a9fadf7bb6167051a6bc6282e4fffb3814c2ba5b4c38bd4c9d0a3de2e8c3
Spiped 1.4.0
Posted Aug 29, 2014
Authored by Colin Percival, Sean Kelly | Site tarsnap.com

Spiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses, so that one may connect to one address (e.g., a UNIX socket on localhost) and transparently have a connection established to another address (e.g., a UNIX socket on a different system). This is similar to 'ssh -L' functionality, but does not use SSH and requires a pre-shared symmetric key. Spiped uses strong and well-understood cryptographic components: The initial key negotiation is performed using HMAC-SHA256 and an authenticated Diffie-Hellman key exchange over the standard 2048-bit "group 14"; following the completion of key negotiation, packets are transmitted encrypted with AES-256 in CTR mode and authenticated using HMAC-SHA256.

Changes: Added automatic detection of compiler support. Added support for -g option, which makes {spiped, spipe} require perfect forward secrecy by dropping connections if the peer endpoint is detected to be running using the -f option.
tags | tool
systems | linux, unix
SHA-256 | d8fa13a36905337bec97e507e0689f7bbc9e5426b88d588f3ddd3d6c290dcf5f
SPIP Connect Parameter PHP Injection
Posted Aug 29, 2013
Authored by Davy Douhine, Arnaud Pachot, Frederic Cikala | Site metasploit.com

This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the connect parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 2.0, 2.1 and 3 are concerned. This module works only against branch 2.0 and has been tested successfully with SPIP 2.0.11 and SPIP 2.0.20 with Apache on Ubuntu and Fedora linux distributions.

tags | exploit, web, arbitrary, php
systems | linux, fedora, ubuntu
advisories | OSVDB-83543
SHA-256 | d27325e9d83bde4fc580a0bfde93a3bfbc111c65ffc0b7db562ca093df580462
SPIP SQL Injection / Path Disclosure
Posted Oct 1, 2011
Site tehtri-security.com

SPIP suffers from path disclosure and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, sql injection, info disclosure
advisories | CVE-2008-5813
SHA-256 | c5ec4f4dc665c1bcb44ae29ca93daddf8a426574d987114ec133f714bb184766
SPIP Copy All Passwords
Posted Aug 18, 2009
Authored by Kernel_Panik

SPIP CMS versions prior to 2.0.9 copy all passwords to XML file exploit.

tags | exploit
SHA-256 | 58282d3eb767390b7e7216751ce34103095607b10e5834c7a894e4562c1c7059
spip-rfi.txt
Posted Aug 24, 2007
Authored by DarKdewiL

SPIP version 1.7 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 04f73ad6f29fb12727e3185360feafb337b9510e90aefe7f66758e66bbf34456
SPIP-Agora_1-4-RC1.txt
Posted Oct 24, 2006
Authored by Drago84

SPIP-Agora_1-4-RC1 has a remote file inclusion bug in Wiki.php

tags | exploit, remote, php, file inclusion
SHA-256 | 5a1944ab466c49e00b7b440fe7786ba65e3e77318ae60736ba1b1ffb8c614e0f
SPIP-1.8.3.txt
Posted Apr 12, 2006
Site kecoak.or.id

SIPP 1.8.3 suffers from a remote php inclusion vulnerability in spip_login.php3.

tags | advisory, remote, php
SHA-256 | acb17b883c536be67b93f39013af90233608c80d917a182eca238d721ddc2ebe
spip_182g_shell_inj_xpl.html
Posted Feb 9, 2006
Authored by rgod | Site retrogod.altervista.org

SPIP versions 1.8.2g and below remote command execution exploit that makes use of an arbitrary local inclusion flaw and SQL injection.

tags | exploit, remote, arbitrary, local, sql injection
SHA-256 | 59a62d80b8dadeee1215c4be9c2ad51fb3504482b5aa036653d700829a4ef5c1
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close