what you don't know can hurt you
Showing 1 - 25 of 45 RSS Feed

Files

i-doit Cross Site Scripting
Posted Mar 2, 2013
Authored by Stephan Rickauer | Site csnc.ch

i-doit versions prior to 1.0 Pro and 0.9.9-7 Open suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2013-1413
MD5 | 3d6d524c8cd5279814f313662b5bf608

Related Files

OpenVPN Monitor 1.1.3 Cross Site Request Forgery
Posted Sep 24, 2021
Authored by Sylvain Heiniger, Emanuel Duss

OpenVPN Monitor versions 1.1.3 and below suffer from a cross site request forgery vulnerability that allows an attacker to disconnect arbitrary VPN clients.

tags | exploit, arbitrary, csrf
advisories | CVE-2021-31604
MD5 | 8fe8676ce55952fcce460972fb63424c
OpenVPN Monitor 1.1.3 Command Injection
Posted Sep 24, 2021
Authored by Sylvain Heiniger, Emanuel Duss

OpenVPN Monitor versions 1.1.3 and below suffer from an injection vulnerability that allows an attacker to inject arbitrary commands into the OpenVPN server management interface socket.

tags | exploit, arbitrary
advisories | CVE-2021-31605
MD5 | 6ea912419e5cea8787dd7f4766877eef
OpenVPN Monitor 1.1.3 Authorization Bypass / Denial Of Service
Posted Sep 24, 2021
Authored by Sylvain Heiniger, Emanuel Duss

OpenVPN Monitor versions 1.1.3 and below suffer from an authorization bypass vulnerability that allows an attacker to disconnect arbitrary clients, even if the disconnect feature is disabled.

tags | exploit, arbitrary, bypass
advisories | CVE-2021-31606
MD5 | e062e120ca7f341e24487a82f218030c
Ionic Identity Vault 4.7 Android Biometric Authentication Bypass
Posted Sep 8, 2021
Authored by Emanuel Duss

Ionic Identity Vault versions 4.7 and below suffer from a biometric authentication bypass vulnerability on Android.

tags | exploit, bypass
advisories | CVE-2021-3145
MD5 | dfbe21d46c191918aee5d86df6d57c25
FusionAuth-SAMLv2 0.2.3 Message Forging
Posted Oct 2, 2020
Authored by Felix Sieges

Unauthenticated users can send forged messages to the FusionAuth to bypass authentication, impersonate other users or gain arbitrary roles. The SAML message can be send to the application without a signature even if this is required. The impact depends on individual applications that implement fusionauth-samlv2. Version 0.2.3 is vulnerable.

tags | exploit, arbitrary
advisories | CVE-2020-12676
MD5 | f8a52bf9494d332e9b0a5df53b18c1c8
Checkmk 1.6.0p16 Local Privilege Escalation
Posted Oct 2, 2020
Authored by Thierry Viaccoz

Checkmk version 1.6.0p16 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | e21d1df7920482548d547d5f1366637f
Froala WYSIWYG HTML Editor 3.1.1 Cross Site Scripting
Posted Jul 3, 2020
Authored by Emanuel Duss

Froala WYSIWYG HTML Editor versions 3.0.6 through 3.1.1 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-19935
MD5 | fb51f3219cdae4ef390670001545f686
Microsoft Windows Task Scheduler Security Feature Bypass
Posted May 15, 2020
Authored by Sylvain Heiniger

Compass Security identified a security feature bypass vulnerability in Microsoft Windows. Due to the absence of integrity verification requirements for the RPC protocol and in particular the Task Scheduler, a man-in-the-middle attacker can relay his victim's NTLM authentication to a target of his choice over the RPC protocol. Provided the victim has administrative privileges on the target, the attacker can execute code on the remote target.

tags | exploit, remote, protocol, bypass
systems | windows
advisories | CVE-2020-1113
MD5 | 9657b7615782fe7083c7fe7350cc206a
Apache Olingo OData 4.6.x XML Injection
Posted Dec 10, 2019
Authored by Archibald Haddock

Apache Olingo OData versions 4.x.x through 4.6.x suffer from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2019-17554
MD5 | 051e029f16764feddeb7a0590f43de8e
VMware VeloCloud 3.3.0 / 3.2.2 Authorization Bypass
Posted Oct 17, 2019
Authored by Silas Baertsch

VMware VeloCloud versions 3.3.0 and 3.2.2 suffer from an authorization bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2019-5533
MD5 | 12195b6551f517aa4bbe3b9c39469f0d
Siemens SICAM A8000 Series Denial Of Service
Posted Jan 17, 2019
Authored by Nicolas Heiniger, Emanuel Duss

Siemens SICAM A8000 Series suffers from an XML injection denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2018-13798
MD5 | 94b83feccca12141f97e4a4996b14321
ownCloud 0.1.2 User Impersonation Authorization Bypass
Posted Aug 31, 2018
Authored by Thierry Viaccoz

ownCloud version 0.1.2 suffers from a user impersonation authorization bypass vulnerability.

tags | exploit, bypass
MD5 | 6bc5693824d5901a03d83caf7dbc9ee2
ownCloud iOS Application 3.7.3 Cross Site Scripting
Posted Aug 15, 2018
Authored by Sylvain Heiniger

ownCloud version 3.7.3 for iOS suffers from a cross site scripting vulnerability.

tags | exploit, xss
systems | ios
MD5 | 5ae27cad5869c1d6ba868d900a0d55c8
Atmosphere 1.x / 2.x Cross Site Scripting
Posted Aug 15, 2018
Authored by Lukasz D.

Async-IO.org Atmosphere suffers from a cross site scripting vulnerability. Versions affected include 2.4.0 through 2.4.28, 2.3.0 through 2.3.9, 2.2.0 through 2.2.12, 2.1.0 through 2.1.13, 2.0.0 through 2.0.11, and 1.0.0 through 1.0.20.

tags | exploit, xss
MD5 | 9476e5ed3688706cc7814b7d361dc41c
Eclipse Vert.x 3.5.1 HTTP Header Injection
Posted Jun 13, 2018
Authored by Lukasz D.

Eclipse Vert.x versions 3.0.0 through 3.5.1 suffer from an HTTP header injection vulnerability.

tags | exploit, web
MD5 | b0bcdd2957a82518f6bc91174e6bea0c
Totemomail Encryption Gateway 6.0.0_Build_371 Cross Site Request Forgery
Posted May 15, 2018
Authored by Nicolas Heiniger

Totemomail Encryption Gateway version 6.0.0_Build_371 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2018-6563
MD5 | dddff35a0ad31ee3150a91121b2f0ea5
Totemomail Encryption Gateway 6.0.0_Build_371 JSONP Hijacking
Posted May 15, 2018
Authored by Nicolas Heiniger

Totemomail Encryption Gateway version 6.0.0_Build_371 suffers from a JSONP hijacking vulnerability.

tags | exploit
advisories | CVE-2018-6562
MD5 | 6e6f06190a4a84cb2f21b0f6884348b4
Microsoft Intune Design Weakness
Posted Mar 20, 2018
Authored by Stephan Sekula

Compass Security discovered a design weakness in Microsoft Intune's iOS Keychain management. This allows users to access company data even after the device has been unenrolled.

tags | advisory
systems | apple, ios
MD5 | 07ee7ba08f913665a8c31f611a99564a
Microsoft Intune App PIN Bypass
Posted Feb 13, 2018
Authored by Stephan Sekula

Compass Security discovered a design weakness in Microsoft Intune's app protection. This weakness allows a malicious user that gets hold of an employee's iOS device to access company data even without knowing the app PIN.

tags | exploit
systems | cisco, ios
MD5 | c46a3d6ea1c728f1cb1a8de7ee96f1f7
MyTy 5.1.7 Cross Site Scripting
Posted Nov 22, 2017
Authored by Nicolas Heiniger

MyTy versions 5.0.4 through 5.1.7 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a008300f781650c5d57bf9ca63e816ae
MyTy 5.1.6 Blind SQL Injection
Posted Nov 22, 2017
Authored by Nicolas Heiniger

MyTy versions 5.0.4 through 5.1.6 suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a13e0672e0e99854524ab58771d7fa5a
iText PDF Library 7.0.2 / 5.5.11 / 2.0.8 XXE Injection
Posted Nov 6, 2017
Authored by Benjamin Bruppacher

iText PDF Library versions 2.0.8, 5.5.11, and 7.0.2 suffer from an XML external entity injection vulnerability. The attack can be carried out by submitting a malicious PDF to an iText application that parses XML data. By providing a malicious XXE payloads inside the XML data that resides in the PDF, an attacker can for example extract files or forge requests on the server.

tags | advisory, xxe
advisories | CVE-2017-9096
MD5 | b4f4f5142c0c778840b48038c076d309
Mongoose Embedded Web Server Library 6.8 Buffer Overflow
Posted Sep 20, 2017
Authored by Dobin Rutishauser

Mongoose Embedded Web Server Library versions 6.8 and below suffer from a stack-based buffer overflow vulnerability.

tags | exploit, web, overflow
MD5 | 7a9669c25dc7bec6e80ff23d34fb2542
Sunell IPCAMERA IPR54/14AKDN(II)/13 Session ID Enumeration
Posted May 27, 2017
Authored by Stephan Sekula

Sunell IPCAMERA IPR54/14AKDN(II)/13 suffers from a session ID enumeration vulnerability.

tags | exploit
MD5 | 3d7b4df8fb17c45059d3a30f31f6cfd2
Sunell IPCAMERA IPR54/14AKDN(II)/13 Cross Site Scripting
Posted May 27, 2017
Authored by Stephan Sekula

Sunell IPCAMERA IPR54/14AKDN(II)/13 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
MD5 | cac4fb3c8a0231bc24e080283859ba02
Page 1 of 2
Back12Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close