This application assists in generating an iOS hotspot cracking word list, which might be used in subsequent attacks on other hotspot users. The application also gives explanations and hints on how to crack a captured WPA2 handshake using well-known password crackers.
7bfc13445c25636c0016f0b55593eac4a6a27ec67612994a4195e6468826f3e9In this paper, the author subjects the vulnerable web application vulnweb.com, developed by Acunetix, to security tests. Acunetix is a web application where we can perform legal penetration tests. The author discusses how to infiltrate the target system by acting as a real hacker through this application. Written in Turkish.
9452d8ba127e646598688770379f1d68ad85c10e81be8c7238597d9d656014c1This application, known as the SolarWinds n-Central Dumpster Diver, utilizes the nCentral agent dot net libraries to simulate the agent registration and pull the agent/appliance configuration settings. This information can contain plain text active directory domain credentials. This was reported to SolarWinds PSIRT(psirt@solarwinds.com) on 10/10/2019. In most cases the agent download URL is not secured allowing anyone without authorization and known customer id to download the agent software. Once you have a customer id you can self register and pull the config. Application will test availability of customer id via agent download URL. If successful it will then pull the config. We do not attempt to just pull the config because timing out on the operation takes to long. Removing the initial check, could produce more results as the agent download could be being blocked where as agent communication would not be. Harmony is only used to block the nCentral libraries from saving and creating a config directory that is not needed.
a5eae45f8004a3a4b9959a2fb2174fae1431d896302f66af21a6c07750294f7bTrend Maximum Security 2019 suffers from an unquoted search path vulnerability. This application provides an unquoted path in the parameter lpApplicationName of the function CreateProcessW during process create PwmConsole.exe --- which is triggered from the feature PC Health Checkup. If an attacker has write permissions to C:\ or C:\Program Files\, it could deliver an arbitrary executable named Program.exe or Trend.exe which would be executed by the coreServiceShell process. coreServiceShell is a privileged process that will run Program.exe with same privilege.
52269680ae8182e23a23e0158bbab33cb0478d44d1cb16eba85bdedcdf6abff8This Metasploit module exploits a file upload vulnerability in Wolf CMS version 0.8.2. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the '/public' directory.
bb14eded63b20bf9f13fdec65b93642599468f8b8d60278a25b93898e6f4fc4bThis Metasploit module exploits a remote code execution vulnerability in PHP Utility Belt, which is a set of tools for PHP developers and should not be installed in a production environment, since this application runs arbitrary PHP code as an intended functionality.
2e8528e3811c7d93f83ce9f7eaaa80a6321b298dc7b5c63c52212036dbd43291Mandriva Linux Security Advisory 2015-112 - Updated python-lxml packages fix a security vulnerability. The clean_html() function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters. A remote attacker could use this flaw to serve malicious content to an application using the clean_html() function to process HTML, possibly allowing the attacker to inject malicious code into a website generated by this application.
9782c7173bedc95f4c5df27002270a1202ff8a53b872b31ce533d108fb837b01Mandriva Linux Security Advisory 2014-088 - The clean_html() function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters. A remote attacker could use this flaw to serve malicious content to an application using the clean_html() function to process HTML, possibly allowing the attacker to inject malicious code into a website generated by this application.
27b6915e85e2cf8c9db16287c6217e0b73f61d3b1249f6dfb9740f12c8973c01This Metasploit module exploits a buffer overflow in Gold MP4 Player version 3.3. When this application loads a specially crafted flash URL, a buffer overflow can occur that allows for arbitrary code execution.
3da8325ad16a545338d4432ea3ca98df98052bedd020b25d70f23015fcfd6ab8This application dumps LM and NTLM hashes from active accounts stored in an Active Directory database.
9f18945c55a2fbd9055540900907f3a8eaa040d2e359f0cf0c72ca1e9f641b44This Metasploit module exploits a file upload vulnerability in Glossword versions 1.8.8 through 1.8.12 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the 'gw_temp/a/' directory.
6a00fc56bffca149e62d8602fbecdb81bf01e94e53c11f7eba4da3baed5c74a4This Metasploit module exploits a vulnerability in Kordil EDMS version 2.2.60rc3. This application has an upload feature that allows an unauthenticated user to upload arbitrary files to the '/kordil_edms/userpictures/' directory.
c33960b0a5838ddb0853afe03218b7db5ca3b95debdf3a837b3c39d718e797fcThis Metasploit module exploits an authentication bypass vulnerability in eXtplorer versions 2.1.0 to 2.1.2 and 2.1.0RC5 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to any writable directory in the web root. This Metasploit module uses an authentication bypass vulnerability to upload and execute a file.
8483dda079be04a44863b410b51eecbb3374b00177e8c973282a9974a2918555This Metasploit module exploits a vulnerability in TestLink versions 1.9.3 and prior. This application has an upload feature that allows any authenticated user to upload arbitrary files to the '/upload_area/nodes_hierarchy/' directory with a randomized file name. The file name can be retrieved from the database using SQL injection.
d7801d84f2c0b381a4eab2c495d1007bc1e69f64d876b88ff24732a4755a2f71This Metasploit module exploits a vulnerability in CuteFlow version 2.11.2 or prior. This application has an upload feature that allows an unauthenticated user to upload arbitrary files to the 'upload/___1/' directory and then execute it.
7e52dec1e5036e52df909f5beaef31339c50c613b21624d2406a52176b941892This Metasploit module exploits a vulnerability found in PHP Volunteer Management System, versions 1.0.2 and prior. This application has an upload feature that allows an authenticated user to upload anything to the 'uploads' directory, which is actually reachable by anyone without a credential. An attacker can easily abuse this upload functionality first by logging in with the default credential (admin:volunteer), upload a malicious payload, and then execute it by sending another GET request.
a9247fc86c26d352083bf798cdd011abca8e533b47fe3653ae48f91b1a8c9e3bZero Day Initiative Advisory 11-279 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Witness Systems eQuality Suite. This application is bundled with Nortel Contact Recording and Quality Monitoring Suite. Authentication is not required to exploit this vulnerability. The flaw exists within the Unify2.exe component which listens by default on TCP port 6821. When handling a packet type the process trusts a remaining packet length value provided by the user and blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
c5b7f7de67ca75c73da4296bc399ab55cec0f59dd665fc9c0582effcba399aa6This application is used to test SSL ciphers/protocols. It has some specific functionality for sip, ftps, pop3 and smtp and also tests for renegotiation. The binaries (in the debug-folder) ships with OpenSSL 1.0c dlls for win32. A separate test-tool enables testing for all possible ciphers allowed by protocols (not just OpenSSL-recognized-ciphers). Now there are also some tests for the Microsoft PCT protocol.
3f5edc67e2bf1a610ff4effe46bd02077cc82f2e9d60bb223f1800495451b920This Metasploit module exploits a stack buffer overflow in MJM Core Player 2011 When opening a malicious s3m file in this applications, a stack buffer overflow can be triggered, resulting in arbitrary code execution. This exploit bypasses DEP & ASLR, and works on XP, Vista & Windows 7.
b34af7c1a1ed7cf2711905e10f913bce6d4781228c221060be316b6715a150a5This application is used to test SSL ciphers/protocols. It has some specific functionality for sip, ftps, pop3 and smtp and also tests for renegotiation. The binaries (in the debug-folder) ships with OpenSSL 1.0c dlls for win32. A separate test-tool enables testing for all possible ciphers allowed by protocols (not just OpenSSL-recognized-ciphers). Now there are also some tests for the Microsoft PCT protocol.
03f648fd25e963ffc16c601f4c37313b0c4a40c420d3424228f85f9d3b37875fSimpleSPA is an application that consists of a single packet authorization mechanism designed for the purpose of hiding semi-public services like a SSH server. There is a server side (Linux only) and a client side (Windows and Linux). This application is similar to FWKnop and more of an academic/proof of concept application as opposed to a full blown commercial quality application. involves a client that creates a packet with a payload encrypted with the public half of two different RSA keys. The idea is that one key would be shared by all users and it would encrypt the user name of the individual. A second key specific to each individual user would encrypt a pre-shared key (just any old string, nothing secret about it really) and a timestamp (to counter replay attacks). The server would receive this packet and decrypt this first half of the packet, which would give us the user name of the person sending the packet. The server would then know which user specific second key to use to decrypt the pre-shared key and time stamp to evaluate them for acceptability. If all is good, then the server would open up a port for the semi-public service we were trying to conceal for a brief amount of time to allow for a connection to be made. PDF included that explains everything. Written in Java.
378f5402ded74b2de9cd170f0b9807fe64089a1ec6ed3df52cbfb01b705fce3dThis application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
05141c6832122145c652da82824f3085c5488b823070990a24949254cb65af14This application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
4ee1f84f4d21182952ecfed8687cef4a825f3b6bef20b8f84d2eb0fcbd3331f7This application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
1c0be18e09c162d53afc4ca5001d1a704539e78f384f8a56d464793d209bb72dThis application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
b23cc0f793e0d90a174b5bad3a33c00ecc667978663284c920705a7845b42879This application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
f01dedd83c2d7a18e92eb13b3b9432e87dddbb6e619544a79468729a1b71ce83
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed