exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

FTP Voyager Scheduler 16.2.0 CSRF / Denial Of Service
Posted Mar 10, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

FTP Voyager Scheduler version 16.2.0 suffers from cross site request forgery and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, csrf
advisories | CVE-2017-6803
SHA-256 | c250c29068b52f653617aca259b87be4598e18f76d16ecb57f65037613ae14a6

Related Files

Covid Vaccination Scheduler System 1.0 SQL Injection / Cross Site Scripting
Posted Sep 29, 2021
Authored by nu11secur1ty | Site github.com

Covid Vaccination Scheduler System version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to faisalfs10x in July of 2021.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2021-36621
SHA-256 | ae710b05bd025d7e79e63517677882000a5dc8e341484db8f13afd0794170b66
Patient Appointment Scheduler System 1.0 Cross Site Scripting
Posted Sep 7, 2021
Authored by a-rey

Patient Appointment Scheduler System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 02cd231f9bd9d3120732a0518b1fc1524fd7216e69b972edd0c73cba58bf1a8f
Patient Appointment Scheduler System 1.0 Shell Upload
Posted Sep 7, 2021
Authored by a-rey

Patient Appointment Scheduler System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | d6b77bf46409ffe71304df6d5495ec902bcc9bf449600ea934b3c32ba7fff47c
Online Covid Vaccination Scheduler System 1.0 Shell Upload
Posted Jul 8, 2021
Authored by faisalfs10x

Online Covid Vaccination Scheduler System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 4b00627f9d97cd1cf78b8ef09aaada4fbe79cad01061c59440da2eadc6def00d
Online Covid Vaccination Scheduler System 1.0 SQL Injection
Posted Jul 7, 2021
Authored by faisalfs10x

Online Covid Vaccination Scheduler System version 1.0 suffers from a remote time-based blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 32a4ebe3a2c4d0408162c566f003abfc0258309dc6f2635c17de7c4a2d850b46
GravCMS 1.10.7 Remote Command Execution
Posted May 4, 2021
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits an arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of the administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system commands under the context of the web-server user.

tags | exploit, remote, web, arbitrary, code execution
advisories | CVE-2021-21425
SHA-256 | 98b7fd4e5a9eac0e57bc304d77db3533d90d58846a9eac785a65d9954b59c324
GravCMS 1.10.7 Remote Command Execution
Posted Apr 21, 2021
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits an arbitrary configuration write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user.

tags | exploit, remote, web, arbitrary, code execution
advisories | CVE-2021-21425
SHA-256 | abded99044d29ee61fd87425114e92d627cb24bfd4a08cbdc45f77650c84534d
PHPJabbers Appointment Scheduler 2.3 Cross Site Scripting
Posted Dec 17, 2020
Authored by Andrea Intilangelo

PHPJabbers Appointment Scheduler version 2.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-35416
SHA-256 | 3f3a382ddbe5315a04dd191f3e4bfed9e6780f72a7ee0ec61bc3039d40259c90
PHPJabbers Appointment Scheduler 2.3 Cross Site Scripting
Posted Dec 15, 2020
Authored by Andrea Intilangelo

PHPJabbers Appointment Scheduler 2.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-35416
SHA-256 | 6d9f865f19e0ad489deb9399c4ddf39299e14a0507ba056a5a408033ba345e68
Internet Download Manager 6.38.12 Buffer Overflow
Posted Nov 19, 2020
Authored by Vincent Wolterman

Internet Download Manager version 6.38.12 suffers from a scheduler downloads scheduler buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 77157f59589b89e5782b1e7180f9a4549ec5495b926d3cc0be053079751dbf39
SOS JobScheduler 1.13.3 Stored Password Decryption
Posted Jun 16, 2020
Authored by Sander Ubink

SOS JobScheduler version 1.13.3 encrypts a secret by simply using the name of a profile as the key, making it trivial to decrypt.

tags | exploit
advisories | CVE-2020-12712
SHA-256 | fe2cf7ab1a965708745f8a3ccea8786f1c5edbfe5c3b8ab23a4f225c60f669af
WordPress Multi-Scheduler 1.0.0 Cross Site Request Forgery
Posted May 29, 2020
Authored by UnD3sc0n0c1d0

WordPress Multi-Scheduler plugin version 1.0.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 99dbc846378685b2323c34771392c6ef834d8a9183459926257b3a17519139d8
Microsoft Windows Task Scheduler Security Feature Bypass
Posted May 15, 2020
Authored by Sylvain Heiniger

Compass Security identified a security feature bypass vulnerability in Microsoft Windows. Due to the absence of integrity verification requirements for the RPC protocol and in particular the Task Scheduler, a man-in-the-middle attacker can relay his victim's NTLM authentication to a target of his choice over the RPC protocol. Provided the victim has administrative privileges on the target, the attacker can execute code on the remote target.

tags | exploit, remote, protocol, bypass
systems | windows
advisories | CVE-2020-1113
SHA-256 | 16fcf81541831c6f1a2109c00a1d366d79871db6b8aecafaba474512db27d1b8
Booked Scheduler 2.7.7 Directory Traversal
Posted May 6, 2020
Authored by Besim Altinok, Ismail Bozkurt

Booked Scheduler version 2.7.7 suffers from an authenticated directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 782ac4f090f374ab130b22a73361bfc6b5f75836095d2016f4ad9bec5be2ab85
Centreon Poller Authenticated Remote Command Execution
Posted Mar 18, 2020
Authored by mekhalleh, Fabien Aunay, Omri Baso | Site metasploit.com

This Metasploit module exploits a flaw where an authenticated user with sufficient administrative rights to manage pollers can use this functionality to execute arbitrary commands remotely. Usually, the miscellaneous commands are used by the additional modules (to perform certain actions), by the scheduler for data processing, etc. This module uses this functionality to obtain a remote shell on the target.

tags | exploit, remote, arbitrary, shell
SHA-256 | 4fc454b9a7db2a27a465a12d5f364a39e3ac7dba6dcd7fc3801635b21c08d5b6
Red Hat Security Advisory 2019-4075-01
Posted Dec 4, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4075-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the ose-cluster-kube-apiserver-operator-container and ose-cluster-kube-scheduler-operator-container images for Red Hat OpenShift Container Platform 4.2.9. These images have been rebuilt with an updated version of openshift/library-go to address a data sanitization issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-14854
SHA-256 | 9e663213cc9ad506fa281f48e31e66c01b3779f099e2b5b9665dac99a925af94
Ubuntu Security Notice USN-4211-1
Posted Dec 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4211-1 - Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-20784, CVE-2019-17075, CVE-2019-17133
SHA-256 | ac43373fd3992fe93ea49e70d60ced48d07ba9971e4ff45b9a5b27d1055fab57
Ubuntu Security Notice USN-4211-2
Posted Dec 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4211-2 - USN-4211-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-20784, CVE-2019-17075, CVE-2019-17133
SHA-256 | 4cc9d7156354ee94e31dfbd10c8fbfb9f55371614904959722ac400ac700368d
Ubuntu Security Notice USN-4115-1
Posted Sep 2, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4115-1 - Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service. Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-19985, CVE-2018-20784, CVE-2019-0136, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-11487, CVE-2019-11599, CVE-2019-11810, CVE-2019-13631, CVE-2019-13648, CVE-2019-14283, CVE-2019-14284, CVE-2019-14763, CVE-2019-15090, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214, CVE-2019-15215, CVE-2019-15216, CVE-2019-15218, CVE-2019-15220, CVE-2019-15221, CVE-2019-15292, CVE-2019-3701, CVE-2019-3819, CVE-2019-3900
SHA-256 | 08121c3db54d152e12d06507d23ec168fbb76db1ad82346d206b3edabc68482d
Microsoft Windows Task Scheduler Local Privilege Escalation
Posted Jul 19, 2019
Authored by Social Engineering Neo

Microsoft Windows Task Scheduler suffers from a local privilege escalation vulnerability. The Windows MMC auto-elevates members of the 'administrators' group via the GUI and MMC snap-ins (via mmc.exe) automatically elevate without prompting UAC potentially leading to unintentional elevation of privilege.

tags | exploit, local
systems | windows
SHA-256 | 27a3037b9c6d02b2d118a2d8e7f2cadfc535a7b45a10d00413e02cf04227f2c6
Windows Escalate UAC Protection Bypass Via SilentCleanup
Posted Jun 28, 2019
Authored by enigma0x3, Carter Brainerd, nyshone69, tyranid | Site metasploit.com

There's a task in Windows Task Scheduler called "SilentCleanup" which, while it's executed as Users, automatically runs with elevated privileges. When it runs, it executes the file %windir%\system32\cleanmgr.exe. Since it runs as Users, and we can control user's environment variables, %windir% (normally pointing to C:\Windows) can be changed to point to whatever we want, and it'll run as admin.

tags | exploit
systems | windows
SHA-256 | 58e8c9a2922eb9b32f5e84d467e3b7a8e02cbd89977b2287f299fcfa861a0d71
Microsoft Windows Task Scheduler .job Import Arbitrary DACL Write
Posted May 22, 2019
Authored by SandboxEscaper

Microsoft Windows task scheduler .job import arbitrary DACL write proof of concept exploit.

tags | exploit, arbitrary, proof of concept
systems | windows
SHA-256 | 0fa856233177fd157eb0c17568447c14846e7a88d108dd0d1cfae0edd06e078a
Streamworks Job Scheduler Release 7 Authentication Weakness
Posted Jan 16, 2019
Authored by Simon Bieber

Streamworks Job Scheduler Release 7 has all agents using the same X.509 certificates and keys issued by the vendor for authentication. The processing server component does not check received messages properly for authenticity. Agents installed on servers do not check received messages properly for authenticity. Agents and processing servers are vulnerable to the TLS Heartbleed attack.

tags | exploit
advisories | CVE-2014-0160
SHA-256 | 8d3ab2a2e1407bcba852d7925fccb15e6610ced1db687ba89dc4e1333028ea6d
Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
Posted Sep 22, 2018
Authored by Jacob Robles, bwatters-r7, SandboxEscaper, asoto-r7 | Site metasploit.com

On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to .job files located in c:\windows\tasks because the scheduler does not use impersonation when checking this location. Since users can create files in the c:\windows\tasks folder, a hardlink can be created to a file the user has read access to. After creating a hardlink, the vulnerability can be triggered to set the DACL on the linked file. WARNING: The PrintConfig.dll (%windir%\system32\driverstor\filerepository\prnms003*) on the target host will be overwritten when the exploit runs. This Metasploit module has been tested against Windows 10 Pro x64.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2018-8440
SHA-256 | c95cd7c1a2ed4a550a27c66b7fcad45a1a61d5951227bc43830a853f611b7cd1
How We Micropatched A Publicly Dropped 0day In Task Scheduler
Posted Sep 10, 2018
Authored by Mitja Kolsek

Whitepaper called How We Micropatched A Publicly Dropped 0day In Task Scheduler.

tags | paper
SHA-256 | deb36065ff9819bcfd1cef3afaa4a9f94c43d49d8869f350b053313e7ada99d6
Page 1 of 4
Back1234Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close