exploit the possibilities
Showing 1 - 25 of 58 RSS Feed

Files

Bitweaver 2.8.1 Cross Site Scripting / Local File Inclusion
Posted Oct 25, 2012
Authored by Jonathan Claudius, David Aaron | Site trustwave.com

Bitweaver version 2.8.1 suffers from local file inclusion and multiple cross site scripting vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2012-5192, CVE-2012-5193
MD5 | 1cede2c6a508a2da6de216f8ac5c07bd

Related Files

Netgear Router Password Disclosure
Posted Jan 31, 2017
Authored by Simon Kenin | Site trustwave.com

Multiple Netgear routers suffers from remote and local password disclosure vulnerabilities.

tags | exploit, remote, local, vulnerability
advisories | CVE-2017-5521
MD5 | dde6807e42ef89f62b7461a8f2d32d98
Tableau Server Blind SQL Injection
Posted Feb 11, 2014
Authored by Tanya Secker | Site trustwave.com

Tableau server suffers from a remote blind SQL injection vulnerability. Versions 8.1.X before 8.1.2 and 8.0.X before 8.0.7 are affected.

tags | exploit, remote, sql injection
advisories | CVE-2014-1204
MD5 | 6a4990a9af7c7101d67eeedc7b79b16b
DaumGame ActiveX 1.1.0.x Buffer Overflow
Posted Jan 22, 2014
Authored by Daniel Chechik | Site trustwave.com

DaumGame active-x control versions 1.1.0.5 and 1.1.0.4 suffer from a buffer overflow vulnerability. Proof of concept code included.

tags | exploit, overflow, activex, proof of concept
advisories | CVE-2013-7246
MD5 | bb38487f14a6788ab2616efdecf39f1c
Franklin Fueling's T550 Evo Access Control / Credentials
Posted Jan 21, 2014
Authored by Matthew Jakubowski, Nate Drier | Site trustwave.com

Franklin Fueling's TS-550 Evo suffers from insufficient access control and hard-coded credential vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2013-7248, CVE-2013-7247
MD5 | f9eaa96ecaf2d672f1f502ba968905ce
Vino VNC Server 3.7.3 Denial Of Service
Posted Sep 17, 2013
Authored by Jonathan Claudius | Site trustwave.com

The Vino VNC server, which is also the default VNC server in Ubuntu (3.4.2-0ubuntu1.2), is vulnerable to a persistent denial of service vulnerability. The vulnerability is triggered when a VNC client, who claims to only support protocol version 3.3, sends malformed data during the authentication selection stage of the authentication process.

tags | exploit, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2013-5745
MD5 | 9805104b37e287b3c1768723562121fc
AjaXplorer 5.0.2 Shell Upload / Traversal
Posted Sep 6, 2013
Authored by Vikas Singhal | Site trustwave.com

AjaXplorer versions 5.0.2 and below suffer from remote shell upload and path traversal vulnerabilities.

tags | exploit, remote, shell, vulnerability
advisories | CVE-2013-5688, CVE-2013-5689
MD5 | 092d960a36eb41e0c8353591d50305e3
Nmap Http-domino-enum-passwords File Upload
Posted Aug 7, 2013
Authored by Piotr Duszynski | Site trustwave.com

An arbitrary file upload vulnerability exists in the official Nmap Http-domino-enum-passwords NSE script.

tags | advisory, web, arbitrary, file upload
advisories | CVE-2013-4885
MD5 | a5fc2d275d961f0c05933b6a24ed1221
McAfee Superscan 4.0 Cross Site Scripting
Posted Aug 7, 2013
Authored by Piotr Duszynski | Site trustwave.com

McAfee Superscan version 4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-4884
MD5 | 9d1beb98cd5f8def347f664747c29e7f
INSTEON Hub 2242-222 Lack Of Authentication
Posted Aug 2, 2013
Authored by David Bryan | Site trustwave.com

INSTEON Hub version 2242-222, a home automation controller for INSTEON and X10 compatible devices, fails to authenticate access to various APIs.

tags | exploit
advisories | CVE-2013-4859
MD5 | c848cd3f7d52dda197b27a7bf097dae1
Radio Thermostat Of America, Inc Lack Of Authentication
Posted Aug 2, 2013
Authored by Dan Crowley | Site trustwave.com

Radio Thermostat of America, Inc products CT80 and CT50 versions 1.4.64 and prior fail to authenticate any access to their API.

tags | exploit
advisories | CVE-2013-4860
MD5 | c7002a42578a939a30737a517afe49aa
Karotz Smart Rabbit 12.07.19.00 Hijacking / Cleartext Token
Posted Aug 2, 2013
Authored by Dan Crowley | Site trustwave.com

Karotz Smart Rabbit version 12.07.19.00 suffers from python module hijacking and cleartext token passing vulnerabilities.

tags | exploit, vulnerability, python
advisories | CVE-2013-4868, CVE-2013-4867
MD5 | 0a70ef688d61234f7b84408bf6dd6616
LIXIL Satis Toilet Hard-Coded Bluetooth PIN
Posted Aug 2, 2013
Authored by Dan Crowley | Site trustwave.com

LIXIL Satis Toilet suffers from having a hard-coded bluetooth PIN of 0000. Attackers can cause your toilet to repeatedly flush. Yes, this is a real advisory.

tags | exploit
advisories | CVE-2013-4866
MD5 | 7608f52aea3d01f53c378eba4365c1a6
MiCasaVerde VeraLite 1.5.408 Traversal / Authorization / CSRF / Disclosure
Posted Aug 2, 2013
Authored by Dan Crowley | Site trustwave.com

MiCasaVerde VeraLite version 1.5.408 suffers from path traversal, insufficient authorization checks, and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2013-4861, CVE-2013-4862, CVE-2013-4863, CVE-2013-4865
MD5 | 858b486823da52b68dbcfeb2198ebd23
OpenEMR 4.1.1 patch-12 Cross Site Scripting / SQL Injection
Posted Jul 14, 2013
Authored by Nate Drier | Site trustwave.com

OpenEMR versions 4.1.1 patch-12 and below suffer from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2013-4619, CVE-2013-4620
MD5 | fc87446e60ffe507fc1064a5a41b99c6
Cisco IKE Implementation Group Name Enumeration
Posted Apr 19, 2013
Authored by Jonathan Claudius | Site trustwave.com

Cisco ASA versions 8.4(2), 8.4(5), and 9.1(1) suffer from a group name enumeration vulnerability in their IKE implementation.

tags | exploit
systems | cisco
advisories | CVE-2013-1194
MD5 | 37f3ee04820cd518c1b15bfc834bed67
Oracle Application Framework Diagnostic Mode Bypass
Posted Jan 16, 2013
Authored by David Byrne | Site trustwave.com

The Oracle Application Framework supports diagnostic and developer mode features that are intended to be enabled from developer or administrative interfaces. However, any user can manually enable the modes by setting the "OADiagnostic" or "OADeveloperMode" cookies to "1". Versions affected include 11.5.10.2, 12.0.6, and 12.1.3.

tags | exploit
advisories | CVE-2013-0397
MD5 | 732fcc051dcdd72f21d694d46217da66
Secunia Security Advisory 51091
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in bitweaver, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 58d9538db56d4b12c1cd53a75d97ed8d
Scrutinizer NetFlow / sFlow Analyzer 9.0.1 XSS / Bypass / File Upload
Posted Jul 29, 2012
Authored by Mario Ceballos, Jonathan Claudius | Site trustwave.com

Scrutinizer NetFlow and sFlow Analyzer versions 9.0.1 and below suffer from bypass, cross site scripting, and remote file upload vulnerabilities. It also has undocumented MySQL admin users.

tags | exploit, remote, vulnerability, xss, file upload
advisories | CVE-2012-2626, CVE-2012-2627, CVE-2012-3848, CVE-2012-3951
MD5 | 73d5828d4514d8fed50ab4579ea87f2b
Bitweaver CMS 2.8.1 Cross Site Scripting
Posted Jun 22, 2012
Authored by $1l3n7 @$$@$$17

Bitweaver CMS version 2.8.1 suffers from persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 4cfbb6114639f45cea20f1a446bb97f3
Scrutinizer 8.6.2 Bypass / Cross Site Scripting / SQL Injection
Posted Apr 12, 2012
Authored by Tanya Secker | Site trustwave.com

Scrutinizer NetFlow and sFlow Analyzer version 8.6.2 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2012-1258, CVE-2012-1259, CVE-2012-1260, CVE-2012-1261
MD5 | 139e0d78c8ca14b9d0067df0efbd1350
Bitweaver 2.81 Local File Inclusion
Posted Feb 27, 2012
Authored by I2sec-PJH

Bitweaver version 2.81 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 753b91469a53e53f874590454ab44c8c
Movable Type Publishing Platform Cross Site Scripting
Posted Feb 24, 2012
Authored by Jonathan Claudius | Site trustwave.com

Movable Type Publishing Platform versions prior to 5.13, 5.07, and 4.38 are affected by a cross site scripting vulnerability. After extracting the Moveable Type CGI files and source files on to a web server, but before the application is fully installed, cross site scripting vulnerabilities are present in the '/cgi-bin/mt/mt-wizard.cgi' page.

tags | exploit, web, cgi, vulnerability, xss
advisories | CVE-2012-1262
MD5 | 241cf86dc42ae73227e3d0e7d6cacac1
WordPress 3.3.1 Code Execution / Cross Site Scripting
Posted Jan 25, 2012
Authored by Jonathan Claudius | Site trustwave.com

WordPress versions 3.3.1 and below suffer from MySQL username/password disclosure, PHP code execution and cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, code execution, xss
advisories | CVE-2011-4899, CVE-2012-0782, CVE-2011-4898
MD5 | 2ff8651f912a2170669cc231ffd47fb5
Textpattern CMS 4.4.1 Cross Site Scripting
Posted Jan 4, 2012
Authored by Jonathan Claudius | Site trustwave.com

Textpattern CMS version 4.4.1 before change set 3612 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2011-5019
MD5 | c1a8fa607d7e69ae3ed1115ee98c8e2f
phpMyAdmin 3.4.8 Cross Site Scripting
Posted Dec 22, 2011
Authored by Jason Leyrer | Site trustwave.com

phpMyAdmin version 3.4.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2011-4782
MD5 | f02f278dbeedaec4203bcc81374f73f7
Page 1 of 3
Back123Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    14 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close