exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

WordPress W3 Total Cache Data Disclosure
Posted Dec 24, 2012
Authored by zx2c4

This is an exploit for W3 Total Cache called W3 Total Fail that works by attempting to guess SQL queries that might contain important password hashes.

tags | exploit
SHA-256 | 2e978aeab0aad073084fa3c762212c6feb62f882be9a85f79fe5a5effb151596

Related Files

FruityWifi Remote Code Execution
Posted Mar 26, 2022
Authored by Knights of Nynex

This is an exploit for FruityWifi that binds a shell to tcp port 4444 using a remote code execution vulnerability leveraged via a SOAP request.

tags | exploit, remote, shell, tcp, code execution
SHA-256 | 1fbc099825cc98358311d77554470a0efa5ba3cd62aac47f9426a08630b11b78
Web Application Firewall Bypass Via Bluecoat Device
Posted Feb 17, 2020
Authored by redtimmysec

Whitepaper called Web Application Firewall Bypass via Bluecoat Device.

tags | paper, web
SHA-256 | a7866388d1501e972c85add7da1749c0587312eed8461805b75236def544a63f
Wacom WTabletService 6.6.7-3 Unquoted Service Path
Posted Nov 6, 2019
Authored by Marcos Antonio Leon

Wacom WTabletService version 6.6.7-3 suffers from a WTabletServicePro unquoted service path vulnerability.

tags | exploit
SHA-256 | 23e461d5a58cd52d170f6b39cfe4422a0f612dc15029ca40dc99b38b36f6c94a
Weeny Audio Cutter Software 1.5 Content Injection
Posted Feb 24, 2018
Authored by Ajay Gowtham

Weeny Audio Cutter Software version 1.5 suffers from a content injection vulnerability.

tags | advisory
SHA-256 | 53f7cd379147df72f2c98fd29688727773be46310992b4ed3b436766e4119707
Weeny Audio Cutter Software 1.5 Code Injection
Posted Feb 24, 2018
Authored by Ajay Gowtham

Weeny Audio Cutter Software version 1.5 suffers from a code injection vulnerability.

tags | advisory
SHA-256 | fc7fa803ecfb1a49f71355cb7c47a7df5cb9cfbb9b980c2cdd81afea88c2ee37
Wacom Consumer Service Privilege Escalation
Posted Oct 9, 2016
Authored by Ross Marks

Wacom Consumer Service suffers from an unquoted service path privilege escalation vulnerability.

tags | exploit
SHA-256 | defcd1ded33b5f60c2962798b7f39c71618d759fdfdc38593a6aa07cff627287
ELIGIBLEBACHELOR TOPSEC Firewall Exploit
Posted Aug 18, 2016

This is an exploit with an unclear attack vector for TOPSEC firewalls running TOS operating system versions 3.2.100.010, 3.3.001.050, 3.3.002.021 and 3.3.002.030. Note that this exploit is part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content. This archive also includes the BLATSTING implant that works in conjunction with this exploit.

tags | exploit
SHA-256 | ae4f378ecbad405382fac8e24df03e338500f8f2240c84275feef4f4de371f1d
Samsung Security Manager 1.5 ActiveMQ Broker Service PUT Method Remote Code Execution
Posted Aug 6, 2016
Authored by mr_me | Site metasploit.com

This is an exploit against Samsung Security Manager that bypasses the patch in CVE-2015-3435 by exploiting the vulnerability against the client side. This exploit has been tested successfully against IE, FireFox and Chrome by abusing a GET request XSS to bypass CORS and reach the vulnerable PUT. Finally, a traversal is used in the PUT request to upload the code just where we want it and gain Remote Code Execution as SYSTEM.

tags | exploit, remote, code execution
advisories | CVE-2015-3435
SHA-256 | 73f23908956d6ea94bcc26b81f8a3497f76a508c71653023ffa4e3ff18b4779e
w2wiki Cross Site Scripting
Posted Jun 14, 2016
Authored by HaHwul

w2wiki suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 86c82dd7197e6e15f5700fec6e362c652ccf54539af69bad7c9cf2f79426cda7
w3tw0rk / Pitbul IRC Bot Remote Code Execution
Posted Sep 23, 2015
Authored by Jay Turla | Site metasploit.com

This Metasploit module allows remote command execution on the w3tw0rk / Pitbul IRC Bot.

tags | exploit, remote
SHA-256 | a66d2214cda0b74148ccafd0385d0e911312b00a6a8e83f79d778d3df8c97ac7
WordPress Brute Forcer 2.0
Posted Apr 14, 2015
Authored by Claudio Viviani

This is a python script that performs brute forcing against WordPress installs using a wordlist.

Changes: xml-rpc brute force functionality added.
tags | tool, cracker, python
SHA-256 | 2d97133aba0d51470e503dd301f411312b3310db7a1d1bc94a2801174b8229ca
W3 Total Cache 0.9.4 Cross Site Request Forgery
Posted Dec 12, 2014
Authored by Mazin Ahmed

W3 Total Cache version 0.9.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 6b5a5b055312a8b9ac869d31da7a50ad0789008ca253cbb4e6f4c154da8a7063
WordPress Brute Forcer
Posted Oct 16, 2014
Authored by Claudio Viviani

This is a python script that performs brute forcing against WordPress installs using a wordlist.

tags | tool, cracker, python
SHA-256 | 34a1d35b75a5ee427f856e9296a435d61d1a6ff8f950bb5dafd9d5b3cbfb298a
WAF Bypass Methods
Posted Apr 29, 2014
Authored by Deniz Cevik

This whitepaper discusses various web application firewall bypass methodologies. Written in Turkish.

tags | paper, web, bypass
SHA-256 | d04d9dc9ed267c9142d78a1a35f38d8397df4345faa4d26a2221dd442c5ad695
w3af Web Application Attack and Audit Framework 1.6
Posted Mar 31, 2014
Authored by Andres Riancho | Site w3af.sourceforge.net

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.

Changes: Improved performance for scans. Better documentation. Improved quality.
tags | tool, remote, web, local, xss, sql injection, python, file inclusion
SHA-256 | 006731b74f58960a1f3580194979bb988fa52df2bc92f6f36b1ce36ffcdd6003
Bypassing Modern Web Application Firewalls
Posted Dec 14, 2013
Authored by Rafay Baloch

This whitepaper is called Modern Web Application Firewalls Fingerprinting and Bypassing XSS Filters.

tags | paper, web
SHA-256 | 65acaee3edb30787203ec67ebd4b8e85f2ced5170a1f786efb797a9df09856b3
Web 2.0 Security And Privacy 2014 Call For Papers
Posted Oct 30, 2013
Site w2spconf.com

W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers, cloud, mobile and their eco-system. The workshop will take place May 18th, 2014.

tags | paper, web, conference
SHA-256 | 70acc7274bf12747f9c47988852750b4fc23e87d7650e7750274540b904b94e4
Prestige Software CMS Local File Disclosure
Posted Sep 5, 2013
Authored by bie gabby

This is an exploit that leverages a local file disclosure vulnerability in systems running Prestige Software CMS in order to gain database information and credentials.

tags | exploit, local, info disclosure
SHA-256 | 27a08ed1766b1a787e4d304b3c3b415e4c40310fa22976f85822c4bacc05b08e
WAF-FLE ModSecurity Console 0.6.0
Posted Apr 26, 2013
Authored by Klaubert Herr | Site waf-fle.org

WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.

Changes: This release close the release candidate cycle, fixing many bugs reports by users.
tags | tool
systems | unix
SHA-256 | f31029e3107c00a5828eaac9ee79751bd70f293a167bf45ae69647f29b31deb0
NVidia Display Driver Buffer Overflow
Posted Jan 18, 2013
Authored by Peter Winter-Smith, Sean de Regge

This is an exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\\pipe\\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability. This is updated by Sean de Regge to target the 30 Aug 2012 nvvsvc.exe build.

tags | exploit, remote, overflow
systems | windows
SHA-256 | 824e71b2ccad1dc6738764ed7ad37c509efaedb2901fd0a0583430d31a361995
NVidia Display Driver Buffer Overflow
Posted Dec 27, 2012
Authored by Peter Winter-Smith

This is an exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability.

tags | exploit, remote, overflow
systems | windows
SHA-256 | a93753892580d6dad44444623d6355d154269fccaba04b2dcab06daf83d116a5
WAF-FLE ModSecurity Console 0.6.0rc2
Posted Oct 26, 2012
Authored by Klaubert Herr | Site waf-fle.org

WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.

Changes: This release fixes an issue with new sensor creation.
tags | tool
systems | unix
SHA-256 | 1550bffec9e3d6456c3b17a48dc90408f06301e18f7cfd1ef8ca41662b56f587
WAF-FLE ModSecurity Console 0.6.0rc1
Posted Oct 25, 2012
Authored by Klaubert Herr | Site waf-fle.org

WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.

Changes: This is a major release, with many new features, improvements, and bugfixes. You can now use filters in the dashboard. All charts and tables are clickable for drilling down into data. Compression of full events was implemented, saving around 60% of space. A setup script helps with dependency checking and database creation/migration. mlog2waffle was included - a daemon that works as a replacement to mlogc.
tags | tool
systems | unix
SHA-256 | 122813253c79cd040ff61afd735813c66e290c911fabf78025fc7d9446b1ab7d
Internet Explorer Remote Code Execution With DEP And ASLR Bypass
Posted Aug 17, 2012
Authored by FaryadR

The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized or is deleted, aka "Time Element Memory Corruption Vulnerability." This is an exploit for the vulnerability noted in MS11-050.

tags | exploit, remote, arbitrary
systems | windows
advisories | CVE-2011-1255
SHA-256 | ce6d03f8afb8da5e9fab7773161352eac8d3bfb7b25bc19d2aa5c97279ad7812
w3af Web Application Attack and Audit Framework 1.1
Posted Nov 10, 2011
Authored by Andres Riancho | Site w3af.sourceforge.net

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.

Changes: Increased performance using gzip encoding, hundreds of bugs fixed, enhanced embedded bug report system added and more.
tags | tool, remote, web, local, xss, sql injection, python, file inclusion
SHA-256 | 0bf3cec513931b9bf20e6f753dedeaab57b5cad303489ab9ff365786c04d9444
Page 1 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close