Twenty Year Anniversary
Showing 1 - 18 of 18 RSS Feed


Plesk PHP Code Injection
Posted Jun 25, 2013
Authored by Kingcope, infodox

Reliable exploit for the Plesk PHP code injection vulnerability disclosed by Kingcope in June 2013. Can deliver inline and reverse shells using the payloads library, as well as offering (buggy) file upload features.

tags | exploit, shell, php, file upload
systems | unix
MD5 | 40b90d76d0580f70886001e5bf3051b5

Related Files

Gstreamer 0.10.x Logic Error
Posted Dec 15, 2016
Authored by Chris Evans | Site

A vulnerability and a separate logic error exist in the gstreamer 0.10.x player for NSF music files. Combined, they allow for very reliable exploitation and the bypass of 64-bit ASLR, DEP, etc. The reliability is provided by the presence of a turing complete "scripting" inside a music player. Read the homepage link for full analysis. Proof of concept exploit included in this archive.

tags | exploit, proof of concept
MD5 | da231d9408e25a8f4d0e8b1c067159dc
Plesk Sitebuilder XSS / Bypass / Shell Upload / File Download
Posted Jul 25, 2014
Authored by alieye

Parallels Plesk Panel version 9.5 with Sitebuilder 4.5 suffers from bypass, file download, shell upload, and cross site scripting vulnerabilities.

tags | exploit, shell, vulnerability, xss, bypass
MD5 | 7360bc7c24f4f78cf5c224b4ca9a1fdf
Plesk 10.4.4 / 11.0.9 XXE Injection
Posted Jun 13, 2014
Authored by z00

Plesk versions 10.4.4 and 11.0.9 XXE injection exploit.

tags | exploit, xxe
MD5 | 9ab67a1bdbc82f8e11bde9470183196d
Parallels Plesk 9.5.4 Remote Command Execution
Posted Jun 5, 2013
Authored by Kingcope

Parallels Plesk version 9.5.4 (and possibly other versions) suffers from a remote PHP code execution vulnerability. This rar archive includes a working exploit and details surrounding the issue.

tags | exploit, remote, php, code execution
MD5 | b42829377d553f11639dc73af0e77a26
Parallels PLESK 9.x Insecure Permissions
Posted Apr 26, 2012
Authored by Nicolas Krassas

Parallels PLESK version 9.x suffers from an insecure permissions vulnerability.

tags | exploit
MD5 | d98e0ee350382166067017de9870c63c
HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
Posted Jan 20, 2012
Authored by sinn3r, Aniway, juan vazquez | Site

This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01213 without the SSRT100649 hotfix. By specifying a long 'textFile' argument when calling the 'webappmon.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code is within the "_OVBuildPath" function within "ov.dll". There are no stack cookies, so exploitation is achieved by overwriting the saved return address. The vulnerability is due to the use of the function "_OVConcatPath" which finally uses "strcat" in a insecure way. User controlled data is concatenated to a string which contains the OpenView installation path. To achieve reliable exploitation a directory traversal in OpenView5.exe (OSVDB 44359) is being used to retrieve OpenView logs and disclose the installation path.

tags | exploit, overflow, arbitrary, cgi
advisories | CVE-2011-3167, OSVDB-76775
MD5 | d931eb96f3799819a223e13af334d81a
Plesk Parallels Panel Cross Site Scripting / SQL Injection
Posted Sep 24, 2011

Plesk Parallels Panel version psa 10.2.0_build1011110331.18 suffers from cross site scripting, denial of service, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, xss, sql injection
MD5 | 4de8a34fc5e7f37fc5ae093df98251c1
Plesk Control Panel 10.2 Cross Site Scripting
Posted Sep 23, 2011

Plesk Control Panel version 102 suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 2eb876c40da0d9da7c27b3f3ec4926b6
Plesk Panel Brute Forcer 1.0
Posted Jun 21, 2011
Authored by Burtay

This php script is a Plesk Panel brute forcing utility.

tags | cracker, php
MD5 | 3111b67f330b10c80c271fdb6855c9e6
Plesk Small Business Manager 10.2 Cross Site Scripting / SQL Injection
Posted Oct 24, 2010
Authored by sqlhacker

Plesk Small Business Manager version 10.2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 57c5ba485c09dbcf82a0961aba8a0ce8
SonciWALL Aventail epi.dll AuthCredential Format String Exploit
Posted Aug 21, 2010
Authored by Nikolas Sotiriu, jduck | Site

This Metasploit module exploits a format string vulnerability within version 10.0.4.x and 10.5.1 of the SonicWALL Aventail SSL-VPN Endpoint Interrogator/Installer ActiveX control (epi.dll). By calling the 'AuthCredential' method with a specially crafted Unicode format string, an attacker can cause memory corruption and execute arbitrary code. Unfortunately, it does not appear to be possible to indirectly re-use existing stack data for more reliable exploitation. This is due to several particulars about this vulnerability. First, the format string must be a Unicode string, which uses two bytes per character. Second, the buffer is allocated on the stack using the 'alloca' function. As such, each additional format specifier (%x) will add four more bytes to the size allocated. This results in the inability to move the read pointer outside of the buffer. Further testing showed that using specifiers that pop more than four bytes does not help. Any number of format specifiers will result in accessing the same value within the buffer. NOTE: It may be possible to leverage the vulnerability to leak memory contents. However, that has not been fully investigated at this time.

tags | exploit, arbitrary, activex
MD5 | ed696145b958ba72cb078d78d73be31f
Timbuktu <= 8.6.6 PlughNTCommand Named Pipe Buffer Overflow
Posted Dec 31, 2009
Authored by bannedit | Site

This Metasploit module exploits a stack based buffer overflow in Timbuktu Pro version <= 8.6.6 in a pretty novel way. This exploit requires two connections. The first connection is used to leak stack data using the buffer overflow to overwrite the nNumberOfBytesToWrite argument. By supplying a large value for this argument it is possible to cause Timbuktu to reply to the initial request with leaked stack data. Using this data allows for reliable exploitation of the buffer overflow vulnerability. Props to Infamous41d for helping in finding this exploitation path. The second connection utilizes the data from the data leak to accurately exploit the stack based buffer overflow vulnerability. TODO: hdm suggested using meterpreter's migration capability and restarting the process for multishot exploitation.

tags | exploit, overflow
advisories | CVE-2009-1394
MD5 | df028563116486eee817e5533ceb5895
Posted Sep 3, 2008
Authored by Felix Buenemann

Plesk 8.6.0 suffers from an authentication flaw that allows an attacker to gain virtual user privileges.

tags | exploit
MD5 | 011a21c595fdaaa9dd0e090999ef6a69
Posted Oct 2, 2006
Authored by GuanYu | Site

Plesk 7.5 and prior and 7.6 for windows suffer from an information disclosure vulnerability in the file manager.

tags | advisory, info disclosure
systems | windows
MD5 | 1046960464b77bb56826f884e0e0d616
Posted Jul 20, 2006
Authored by INVENT

Plesk control panel versions 8.0.0 and below suffer from a cross site scripting flaw.

tags | exploit, xss
MD5 | e757b3b30a96c912837ce1e6832c62c5
Posted Dec 31, 2004
Authored by Andrew Smith

Plesk, a popular server administration tool used by many web hosting companies, is susceptible to cross site scripting flaws.

tags | advisory, web, xss
MD5 | 2a40d7304bd1fd94d5a07e880ad27fa5
Posted Jun 14, 2004
Authored by John Heasman | Site

NGSSoftware Insight Security Research Advisory #NISR11062004 - By crafting a malformed .RA, .RM, .RV or .RMJ file it possible to cause heap corruption that can lead to execution of arbitrary code. By forcing a browser or enticing a user to a website containing such a file, arbitrary attacker supplied code could be executed on the target machine. This code will run in the security context of the logged on user. Another attacker vector is via an e-mail attachment. NGSResearchers have created reliable exploits to take advantage of these issues. Versions affected are: RealOne Player (English), RealOne Player v2 (all languages), RealPlayer 10 (English, German and Japanese), RealPlayer 8 (all languages), RealPlayer Enterprise (all versions, standalone and as-configured by the RealPlayer Enterprise Manager).

tags | advisory, arbitrary
MD5 | 9b39749f4276503fbe10da621c33ba0b
Posted Oct 3, 2000
Authored by synnergy, Scrippie | Site

Inebriation.c is a local linux/x86 /bin/su + locale libc functions exploit which has been written in response to previous unreliable exploits for this vulnerability. It includes a perl wrapper to find the correct offset, can use GOT overwrites to evade stackguard, stackshield, and libsafe, uses clean overflow string creation, and has documentation and several other usability improvements.

tags | exploit, overflow, x86, local, perl
systems | linux
MD5 | a4ea18e81fddb4c040951cf4232de56a
Page 1 of 1

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By