what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Nmap Http-domino-enum-passwords File Upload
Posted Aug 7, 2013
Authored by Piotr Duszynski | Site trustwave.com

An arbitrary file upload vulnerability exists in the official Nmap Http-domino-enum-passwords NSE script.

tags | advisory, web, arbitrary, file upload
advisories | CVE-2013-4885
SHA-256 | 3f3f0fed34e91a5d44d190bceb8508b03d02326855de030750d04807d7eb4044

Related Files

MobileCartly 1.0 File Deletion
Posted Aug 10, 2012
Authored by GolD_M

MobileCartly version 1.0 suffers from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
SHA-256 | 3e0d3cff02b70b9d850e0e20a7bb38e04d1ab43ffeeccb1ae21617853e077b98
Red Hat Security Advisory 2012-1149-01
Posted Aug 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1149-01 - The sudo utility allows system administrators to give certain users the ability to run commands as root. An insecure temporary file use flaw was found in the sudo package's post-uninstall script. A local attacker could possibly use this flaw to overwrite an arbitrary file via a symbolic link attack, or modify the contents of the "/etc/nsswitch.conf" file during the upgrade or removal of the sudo package. This update also fixes the following bugs:

tags | advisory, arbitrary, local, root
systems | linux, redhat
advisories | CVE-2012-3440
SHA-256 | beba8e6ed13cfb26fb7c7c1854aef7f93f140ed6cc736059b657a68db78e6e8f
Metasploit pcap_log Privlege Escalation
Posted Jul 17, 2012
Authored by 0a29406d9794e4f9b30b3c5d6702c708

Metasploit plugin 'pcap_log' is vulnerable to an arbitrary file overwrite bug which can further be leveraged to insert user-controlled data resulting in potential escalation of privileges. Metasploit module included.

tags | exploit, arbitrary
SHA-256 | a3608689ff5f6a56679189ea8149e0e805de1c706fb7d3fedff592abe11d622b
Red Hat Security Advisory 2012-1046-01
Posted Jun 28, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1046-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2010-2950, CVE-2011-4153, CVE-2012-0057, CVE-2012-0781, CVE-2012-0789, CVE-2012-1172, CVE-2012-2143, CVE-2012-2336, CVE-2012-2386
SHA-256 | fe71e26fd75c9403f91014baf93c4a6d167a5d5aef0be73d9f6c0fe60b8a1865
Red Hat Security Advisory 2012-1045-01
Posted Jun 28, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1045-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2011-4153, CVE-2012-0057, CVE-2012-0789, CVE-2012-1172, CVE-2012-2336
SHA-256 | 57bee9f577390f47d09269171763d581bac37a4751fb81fddb955d4db237ace9
Red Hat Security Advisory 2012-1047-01
Posted Jun 28, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1047-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2010-2950, CVE-2011-4153, CVE-2012-0057, CVE-2012-0789, CVE-2012-1172, CVE-2012-2143, CVE-2012-2336, CVE-2012-2386
SHA-256 | ad1e0d74169944968d087c38eeee1c4b790cf754e68c22a60bc2f608214be628
Red Hat Security Advisory 2012-0939-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0939-04 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2011-4028, CVE-2011-4029
SHA-256 | 056bbb8f9c917f5519bbd54df7dac67565efe3792cceacb35765ad54e8033a0f
Mega File Manager 1.0 File Download
Posted Apr 23, 2012
Authored by i2sec-Min Gi Jo

Mega File Manager version 1.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | 82d8be8c8a197aff6162ca8c6654d71c3bbc7be6d45c8e286a8be96f62d01204
Tiny Server 1.1.5 Arbitrary File Disclosure
Posted Mar 17, 2012
Authored by KaHPeSeSe

Tiny Server version 1.1.5 suffers from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary, info disclosure
SHA-256 | 1c1ae4d4e1d6b30fb54ae4704d973d8f0bfbac327febdb2a7bc68850d12b520a
TVersity 1.9.7 Arbitrary File Download
Posted Mar 14, 2012
Authored by Luigi Auriemma | Site aluigi.org

TVersity versions 1.9.7 and below suffer from an arbitrary file downloading vulnerability.

tags | exploit, arbitrary
SHA-256 | 0f98c43eb0ac7b40b724aa6931aae34c0f0bc9dd08645febfe3d9acc825d95a2
SMF Portal 1.1.16 Shell Upload
Posted Jan 21, 2012
Authored by HELLBOY

SMF Portal version 1.1.16 fckeditor suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 04babd577f16ab3b3226783c0614188c3210538cd0494f5a7fa636ca41c2f6f2
X.org File Permission Change Proof Of Concept
Posted Dec 16, 2011
Authored by vladz

This proof of concept exploit sets permissions to 444 on an arbitrary file specified as an argument by leveraging SIGSTOP/SIGCONT signals and the Inotify API to win a race condition in X.

tags | exploit, arbitrary, proof of concept
advisories | CVE-2011-4029
SHA-256 | 0ea22872b6b51bf5249b0a70a12ebe97e3272ad611f24a936335036486484018
Muster Render Farm Management System 6.1.6 Arbitrary File Download
Posted Nov 30, 2011
Authored by Nick Freeman | Site security-assessment.com

Muster Render Farm Management System version 6.1.6 suffer from an arbitrary file download issue due to a directory traversal vulnerability. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. The advisory in this archive includes exploitation details.

tags | exploit, arbitrary
systems | linux
SHA-256 | 4c7c5caf872d4ace08b11d687019c73a366d5da96d3cb3fa5d8590c61b7d691a
BroadWin WebAccess SCADA / HMI Code Execution
Posted Oct 30, 2011
Authored by Snake

BroadWin WebAccess SCADA/HMI client remote code execution exploit that takes advantage of an arbitrary file creation vulnerability in bwocxrun.ocx.

tags | exploit, remote, arbitrary, code execution
SHA-256 | f079fd3dc3cf78363b594fd11ee0b79d8882cd62845270eb0046830691d26fd5
Xorg Permission Change
Posted Oct 27, 2011
Authored by vladz

Xorg versions 1.11.2 and below suffer from a permission change vulnerability that allows a local user the ability to set an arbitrary file to 444.

tags | exploit, arbitrary, local
SHA-256 | 9f6009b727030f6089ce212fb9833092feb2cd7c92c9d65e65e274472ecb43ce
Apple Safari Webkit libxslt Arbitrary File Creation
Posted Oct 18, 2011
Authored by Nicolas Gregoire | Site metasploit.com

This Metasploit module exploits a file creation vulnerability in the Webkit rendering engine. It is possible to redirect the output of a XSLT transformation to an arbitrary file. The content of the created file must be ASCII or UTF-8. The destination path can be relative or absolute. This Metasploit module has been tested on Safari and Maxthon. Code execution can be achieved by first uploading the payload to the remote machine in VBS format, and then upload a MOF file, which enables Windows Management Instrumentation service to execute the VBS.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2011-1774, OSVDB-74017
SHA-256 | c3cc069840b33d66dc0f5eb936fd86d7c0e81a9ca3077cb540669d0523d716eb
Tajan System Arbitrary File Download
Posted Sep 29, 2011
Authored by St493r

Tajan System suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
SHA-256 | e2df46920e2605d7c30d2221e22d7a9ff4df2e1b0b109c229e37d4fccc7cfee2
iManager Plugin 1.2.8 Arbitrary File Deletion
Posted Sep 18, 2011
Authored by LiquidWorm | Site zeroscience.mk

iManager plugin version 1.2.8 suffers from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
SHA-256 | 63d8ec3f4d364c44e15e1df3ae54eb79901968d0e854a24fdc9ff42dc237090b
WebsiteBaker 2.8.1 File Upload
Posted Aug 13, 2011
Authored by Aung Khant | Site yehg.net

WebsiteBaker versions 2.8.1 and below suffer from an arbitrary file upload vulnerability.

tags | advisory, arbitrary, file upload
SHA-256 | 860ce23a122b9c64b307c8914a6362127a7b2825b85474a6ad123edb69c2d7bb
MyWebServer 1.0.3 Arbitrary File Download
Posted Jul 29, 2011
Authored by X-h4ck

MyWebServer version 1.0.3 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | d4996c4c733d4a5b035b5aae5c50a79599b51430fd59a050497f73d8eeff330f
Joomla Appointment Booking Pro Arbitrary File Reading
Posted Jul 20, 2011
Authored by Don Tukulesto | Site indonesiancoder.com

The Joomla Appointment Booking Pro component suffers from an arbitrary file reading vulnerability.

tags | exploit, arbitrary, file inclusion
SHA-256 | 3919153d2e40600bef5a3b3385d421da5a7351ac182a07274b851a53bcbdc041
HP OpenView Communication Broker Arbitrary File Deletion
Posted Jul 7, 2011
Authored by Luigi Auriemma | Site aluigi.org

HP OpenView Communication Broker (ovbbccb.exe versions 11.0.43.0 and below) suffer from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
systems | linux
SHA-256 | 986bc67bf92ec6f9f779b02911e1349819b414d7082a4622ce743f01160246c4
HP OpenView Performance Agent Arbitrary File Deletion
Posted Jul 2, 2011
Authored by Luigi Auriemma | Site aluigi.org

HP OpenView Performance Agent (ovbbccb.exe versions 6.20.50.0 and below) suffer from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
systems | linux
SHA-256 | 7d59d753152e867af2baa1fa2866cd3a57d33f78ac76a3387fc7da8a45ecbf4b
Kofax 2.5.0.933 File Overwrite
Posted Jun 24, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Kofax version 2.5.0.933 suffers from an arbitrary file overwrite vulnerability.

tags | exploit, arbitrary
SHA-256 | 3281c8b5dece97ac0a85e385b7de5c6f12504838d5c29db6be1e5e33f9c43352
ZyWALL USG Appliance Arbitrary File Read / Write
Posted May 4, 2011
Site redteam-pentesting.de

ZyXEL ZyWALL USG appliances suffer from an arbitrary file read/write vulnerability that allows for system compromise.

tags | exploit, arbitrary
SHA-256 | a79275261085696d0102bdf6c611df7de8b6388dbd1c16f1dcfe29f1632051fc
Page 1 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close