what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Openfire 3.10.2 Cross Site Request Forgery
Posted Sep 14, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Openfire version 3.10.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-6973
SHA-256 | 0e24b5cc34f5f30e0f92cdca09e38caa5c6a3aa1e7231a61f43ed26e5a092d1c
Download | Favorite | View

Related Files

Openfire Authentication Bypass / Remote Code Execution
Posted Jul 19, 2023
Authored by h00die-gr3y | Site metasploit.com

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This Metasploit module will use the vulnerability to create a new admin user that will be used to upload a Openfire management plugin weaponized with a java native payload that triggers remote code execution. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the first version on the 4.8 branch, which is version 4.8.0.

tags | exploit, java, remote, web, code execution
advisories | CVE-2023-32315
SHA-256 | 88a0702601cff01264e02916f842525d503acf8b450db38e6b24d4a2d9099b89
Download | Favorite | View
CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissions
Posted Mar 7, 2023
Authored by Systems Research Group

CoreDial sipXcom sipXopenfire versions 21.04 and below suffer from XMPP message system command argument injection and insecure service file permissions that when chained together gives root.

tags | exploit, root
advisories | CVE-2023-25355, CVE-2023-25356
SHA-256 | b306297e359b80aaed39f16e6cdc8e7a70a93aff1cb4084d52e8dfcfadc31596
Download | Favorite | View
Openfire 4.6.0 Cross Site Scripting
Posted Dec 10, 2020
Authored by j5s

Openfire version 4.6.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, xss
SHA-256 | f9c7f42f5cd677f2e3c3280fd7992e2595856f2a86b2332e2d48c94b993b1751
Download | Favorite | View
Openfire 4.4.1 Cross Site Scripting
Posted Oct 11, 2019
Authored by Daniel Bishtawi | Site netsparker.com

Openfire version 4.4.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c8cd190de875e1a2748c12d3c36958a18961d0b35d125bc5fd41cb6f0f69ee0a
Download | Favorite | View
Ignite Realtime Openfire 3.7.1 Cross Site Scripting
Posted Jun 5, 2018
Authored by Yavuz Atlas

Ignite Realtime Openfire version 3.7.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-11688
SHA-256 | c10f3c6ace6529c0ad221c414802d91b8aafa5e9cc0a5c883951f87d29b5c532
Download | Favorite | View
Amazon S3 Open Redirect
Posted Mar 30, 2017
Authored by Ghostman

Amazon S3 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | cc5afbb9a4b12138b7c5db47bdc0b8bb94e014dae51869e09b079aaf22a799b5
Download | Favorite | View
Gentoo Linux Security Advisory 201612-50
Posted Dec 31, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-50 - Multiple vulnerabilities have been found in Openfire, the worst of which could lead to privilege escalation. Versions less than 4.1.0 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2015-6972, CVE-2015-6973, CVE-2015-7707
SHA-256 | 3c1df0aaa23400fdf285f6cdd7ebc3a5090dc54bebf822e15d09feb645c3e10b
Download | Favorite | View
OpenFire 4.0.1 Cross Site Request Forgery / Cross Site Scripting
Posted Jul 6, 2016
Authored by Florian Nivette

OpenFire versions 3.10.2 through 4.0.1 suffer from cross site request forgery and cross site scripting vulnerabilities. These issues are similar as findings discovered by hyp3rlinx but leverage different pages.

tags | exploit, vulnerability, xss, csrf
SHA-256 | be513ac2a1d466d9fc24adcadf3d11b3c22f9970e5d75746d50da08647e6334e
Download | Favorite | View
CF Image Host 1.6.6 Cross Site Scripting
Posted Nov 16, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

CF Image Host version 1.6.6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 5aebca1b9f045bc969d039b5496d6960cda4b824e2248290684f290c24ab8154
Download | Favorite | View
CF Image Host 1.6.6 Command Injection
Posted Nov 16, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

CF Image Host version 1.6.6 suffers from a remote command injection vulnerability.

tags | exploit, remote
SHA-256 | 3bdd452cf772fc135e145528adbae009a496b93c527c63ea2a8b533c396898cc
Download | Favorite | View
CF Image Host 1.6.6 Cross Site Request Forgery
Posted Nov 16, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

CF Image Host version 1.6.6 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 3ae3bf2225e27dc0567a1770d302662b64ef0e7cbedf10d0c07be86aa05f8bd1
Download | Favorite | View
b374k 3.2.3 2.8 CSRF / Command Injection
Posted Nov 13, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

b374k web shell versions 2.8 and 3.2.3 suffer from a cross site request forgery vulnerability that allows for remote command injection.

tags | exploit, remote, web, shell, csrf
SHA-256 | 7a3f5f494c2b27e756fd6b73c4b14796921e7612b045ce5d5b218e90626c8178
Download | Favorite | View
Microsoft .NET Framework XSS / Privilege Escalation
Posted Nov 11, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft .NET Framework suffers from cross site scripting and elevation of privilege vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2015-6099
SHA-256 | 67e140fbcdfd0cfa86769915aa1660f8416cb51af113ed025468412f12623927
Download | Favorite | View
NXFilter 3.0.3 Cross Site Scripting
Posted Nov 9, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

NXFilter version 3.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 25d37f8adf5afa9c7c98764fff4c727777d4b671efb6c7a9a03dd0ec08335501
Download | Favorite | View
NXFilter 3.0.3 Cross Site Request Forgery
Posted Nov 9, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

NXFilter version 3.0.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 7bc6dd411cd4472cf1c1681c9e4ae97ab9d2970ba375615bec05bd0f544a3f2d
Download | Favorite | View
Spetnik TCPing Utility 2.1.0 Buffer Overflow
Posted Nov 2, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

If TCPing is called with an specially crafted CL argument it will cause an exception and overwrite the pointers to next SEH record and SEH handler with our buffer and malicious shellcode. Spetnik TCPing version 2.1.0 is affected.

tags | exploit, tcp, shellcode
SHA-256 | f06cc5b1273a53dd542910fc1defe06e91902dd50c024cd10a345a30dfa1bc90
Download | Favorite | View
PHP Server Monitor 3.1.1 Privilege Escalation
Posted Oct 30, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

PHP Server Monitor version 3.1.1 suffers from a privilege escalation vulnerability.

tags | exploit, php
SHA-256 | aafa69a15ff0e3770a96c5012d8cb850bdb3fda9ba48a991cb0678d1cb2b0ff6
Download | Favorite | View
PHP Server Monitor 3.1.1 Cross Site Request Forgery
Posted Oct 30, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

PHP Server Monitor version 3.1.1 suffers from a cross site request forgery vulnerability.

tags | exploit, php, csrf
SHA-256 | c6dd900ebf2986cd3b5ad60ba13c81ef576d594f7507b637176981a3472236fa
Download | Favorite | View
Blat 2.7.6 Buffer Overflow
Posted Oct 14, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Blat version 2.7.6 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 21911e93027d280e190872f956f0eb12482a0f9573adbf3e42f6c5e7e8327a60
Download | Favorite | View
AdobeWorkgroupHelper.exe 2.8.3.3 Buffer Overflow
Posted Oct 12, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

If AdobeWorkgroupHelper.exe is called with an overly long command line argument it is vulnerable to a stack based buffer overflow exploit. Version 2.8.3.3 is affected.

tags | exploit, overflow
SHA-256 | ef450a73a8d6362812ddab4a5aa611d7e0c3cdb0cf7886a183004492328ce245
Download | Favorite | View
Zope Management Interface 4.3.7 Cross Site Request Forgery
Posted Oct 7, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Zope Management Interface version 4.3.7 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-7293
SHA-256 | 4a44c59001f1f7565864d480e019a3a4fd024ae8fa91414db943f1b82c6bccf1
Download | Favorite | View
LanWhoIs.exe 1.0.1.120 Buffer Overflow
Posted Oct 7, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

LanWhoIs.exe version 1.0.1.120 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 7574eb8ce3b4e579f9b7bdfda42d4551f13c05418bf0b8426310d33e3bde8949
Download | Favorite | View
LanSpy 2.0.0.155 Buffer Overflow
Posted Oct 6, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

LanSpy version 2.0.0.155 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 2e17ea86e3b7e6207891ab7629ef137a4bc24466fafb4299bf5316035b1c6609
Download | Favorite | View
FTGate 2009 SR3 Cross Site Scripting
Posted Oct 2, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

FTGate 2009 SR3 May 13 2010 Build 6.4.000 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 99a355c0ad599328abceaf0fae609ea435adbf8015e3bff1bf74e184f3f138db
Download | Favorite | View
FTGate 7 Cross Site Request Forgery
Posted Oct 2, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

FTGate version 7 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | fd79666db0bf16b4789a4b47b07c05cca8adffccf0476cac004649e4884f28ce
Download | Favorite | View
Page 1 of 4
Back1234Next

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    32 Files
  • 5
    Dec 5th
    10 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    23 Files
  • 8
    Dec 8th
    19 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close