what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

Joomla LMS King Professional 3.2.40 SQL Injection
Posted Aug 3, 2017
Authored by Ihsan Sencan

Joomla LMS King Professional component version 3.2.4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bda9c2d39254e0e4a59589b389ca75a51a3c49040cfd1a463888dffbb2304a11

Related Files

Joomla Eslamiat SQL Injection
Posted Jun 13, 2012
Authored by Siamak.Black

The Joomla Eslamiat component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5345e3258871af98e54ef30bb00a8cee90c8eddd639fd36ab983e60b6a77773b
Joomla Simple SWFUpload 2.0 Shell Upload
Posted Jun 12, 2012
Authored by Sammy FORGIT

Joomla Simple SWFUpload component version 2.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | ddcd612e618f2d645241ee933cc9cf982cee677684cec299c14d74bf974a5e60
Joomla Art Uploader 1.0.1 Shell Upload
Posted Jun 12, 2012
Authored by Sammy FORGIT

Joomla Art Uploader component version 1.0.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 8314dab233dbed40abe6c134430e9a683ba635b442b58eaff9adba753ccd25a8
Joomla DentroVideo 1.2 Shell Upload
Posted Jun 12, 2012
Authored by Sammy FORGIT

Joomla DentroVideo component version 1.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 23e681ded80b01ef603b08e83462a8fc05ce6b44e64567215de88df7d1691eaa
Joomla Easy Flash Uploader 2.0 Shell Upload
Posted Jun 12, 2012
Authored by Sammy FORGIT

Joomla Easy Flash Uploader component version 2.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 3cd37f8b8f1e6a5ed15a3399fafd3d04d6fea0cb869d2c9b9dc452bef9cde268
Joomla Joomsport SQL Injection / Shell Upload
Posted Jun 11, 2012
Authored by KedAns-Dz

The Joomla Joomsport component suffers from remote shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | e9a76ab29955a0166d426cadbc1fb84359eeca77c4401ff86095bc6d467591ee
Joomla Alphacontent SQL Injection
Posted Jun 10, 2012
Authored by xDarkSton3x

The Joomla Alphacontent component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 28b21ee58f3aee48c851f43f65980c93050683b261472e7aaf6d9ebe6072a792
Microsoft Windows OLE Object File Handling Remote Code Execution
Posted Jun 7, 2012
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a type confusion vulnerability in the OLE32 component of Windows XP SP3. The vulnerability exists in the CPropertyStorage::ReadMultiple function. A Visio document with a specially crafted Summary Information Stream embedded allows to get remote code execution through Internet Explorer, on systems with Visio Viewer installed.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2011-3400, OSVDB-77663
SHA-256 | 38a04eb9235c0ff6ef85f3b9bba40470be0f95a7efe95b58a475e3f84a0afc55
Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary code on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service. The service is exploitable even when RDS is configured to deny remote connections (handsafe.reg). The service is vulnerable to a heap overflow where the RDS DataStub 'Content-Type' string is overly long. Microsoft Data Access Components (MDAC) 2.1 through 2.6 are known to be vulnerable.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2002-1142, OSVDB-14502
SHA-256 | 5b8f51f6304db9028ffb31a8630bc9126a8b59e8dff7370fae1e12b8fd591199
Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary commands on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service using VbBusObj or AdvancedDataFactory to inject shell commands into Microsoft Access databases (MDBs), MSSQL databases and ODBC/JET Data Source Name (DSN). Based on the msadcs.pl v2 exploit by Rain.Forest.Puppy, which was actively used in the wild in the late Ninties. MDAC versions affected include MDAC 1.5, 2.0, 2.0 SDK, 2.1 and systems with the MDAC Sample Pages for RDS installed, and NT4 Servers with the NT Option Pack installed or upgraded 2000 systems often running IIS3/4/5 however some vulnerable installations can still be found on newer Windows operating systems. Note that newer releases of msadcs.dll can still be abused however by default remote connections to the RDS is denied. Consider using VERBOSE if you're unable to successfully execute a command, as the error messages are detailed and useful for debugging. Also set NAME to obtain the remote hostname, and METHOD to use the alternative VbBusObj technique.

tags | exploit, remote, arbitrary, shell
systems | windows
advisories | CVE-1999-1011
SHA-256 | 382234f494b3e6be1ceaa9dc39e8b06bf8faad703997a8f0eec9259b5d187113
Zero Day Initiative Advisory 12-085
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-085 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dmp4 component. If the width value is altered inside the esds atom, arithmetic instructions within RealPlayer code can result in a loop counter wrapping to a large value. This can cause the loop to run too many times while operating on heap memory. By exploiting this condition, an attacker can corrupt memory and leverage that to execute code under the context of the user running the application.

tags | advisory, remote, arbitrary
advisories | CVE-2011-4261
SHA-256 | efbe76fedf3296c7ef451c7b351df87ac87091b6a35538b7186d05716162501f
Zero Day Initiative Advisory 12-084
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-084 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within the RV10 encoded data in the rv10.dll component. When encountering an invalid encoded height or width field the process miscalculates an offset while preparing to decode the data packets which constitute the stream. The process attempts to store data at this location. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0926
SHA-256 | e5150c82d73cc84c7bac0c2ef829f0a287bb6936a0e3495f3879c41d5fc6830d
Zero Day Initiative Advisory 12-077
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-077 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QuickTimeVR.qtx component. A signedness error exists when processing a QTVRStringAtom having an overly large "stringLength" parameter. This can be exploited to cause a stack-based buffer overflow and execute arbitrary code under the context of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | apple
advisories | CVE-2012-0667
SHA-256 | e647f5ae4eb85ad14d26b00c977c80ec8a5dc2aab52bccbb59f7d9ad5c7dbddc
Access Road 0.7.2
Posted Jun 6, 2012
Authored by Patrick Thazard

Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added.

Changes: This release is mainly to fix a critical bug on the NoMore-NoLess views on Windows, and to allow use of the ORACLE JRE 7 with the previous bases from an old JRE.
tags | tool
systems | linux, unix
SHA-256 | 66fb5636308651b4c30914ee68b3d1dd0bb8281f93ba0f3b8d86229d271ee731
Access Road (Source Release) 0.7.2
Posted Jun 6, 2012
Authored by Patrick Thazard

Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added. This is the source release.

Changes: This release is mainly to fix a critical bug on the NoMore-NoLess views on Windows, and to allow use of the ORACLE JRE 7 with the previous bases from an old JRE.
tags | tool
systems | linux, unix
SHA-256 | 4887943b5dfe0cd8a8727842cf0bd736b62983162e36e137d3fa1390c6741a9b
Debian Security Advisory 2485-1
Posted Jun 5, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2485-1 - Multiple cross-site scripting (XSS) vulnerabilities were discovered in IMP, the webmail component in the Horde framework. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various crafted parameters.

tags | advisory, remote, web, arbitrary, vulnerability, xss
systems | linux, debian
advisories | CVE-2012-0791
SHA-256 | 78ff1a6b297a6acfa99730fd0f218b08efac99d83225398094c9aa822f41d9a5
Log1 CMS writeInfo() PHP Code Injection
Posted Jun 3, 2012
Authored by EgiX, sinn3r, Adel SBM | Site metasploit.com

This Metasploit module exploits the "Ajax File and Image Manager" component that can be found in log1 CMS. In function.base.php of this component, the 'data' parameter in writeInfo() allows any malicious user to have direct control of writing data to file data.php, which results in arbitrary remote code execution.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2011-4825, OSVDB-76928
SHA-256 | 5f8de96e6ea32234373a0a7a5100ed196a91a7eb2302465bc03aeaa9b7bfff70
GIMP script-fu Server Buffer Overflow
Posted Jun 2, 2012
Authored by juan vazquez, Joseph Sheridan | Site metasploit.com

This Metasploit module exploits a buffer overflow in the script-fu server component on GIMP <= 2.6.12. By sending a specially crafted packet, an attacker may be able to achieve remote code execution under the context of the user. This Metasploit module has been tested on GIMP for Windows from installers provided by Jernej Simoncic.

tags | exploit, remote, overflow, code execution
systems | windows
advisories | CVE-2012-2763, OSVDB-82429
SHA-256 | 639458a065dfbd4eece13f18e4a4a8606ca0ea7c1392c33c55adb20317d1bdad
GIMP 2.6 script-fu Buffer Overflow
Posted May 31, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

There is a buffer overflow in the script-fu server component of GIMP (the GNU Image Manipulation Program) in all 2.6 versions (Windows and Linux versions) affecting both the script-fu console and the script-fu network server. A crafted msg to the script-fu server overflows a buffer and overwrites several function pointers allowing the attacker to gain control of EIP and potentially execute arbitrary code. Proof of concept code included.

tags | exploit, overflow, arbitrary, proof of concept
systems | linux, windows
advisories | CVE-2012-2763
SHA-256 | 3314be7d12f71ac43757fa38c7b5d582d33d0a31d034dd7a8a87b9037b9edecb
Secunia Security Advisory 46365
Posted May 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in the JCE component for Joomla!, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | f78f7ebdc4e00d7222b5ce8dc0bfd8954efeb6dfd0ffdb18cd8d4b3759a851ea
Secunia Security Advisory 49206
Posted May 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in the JCE component for Joomla!, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 97a9ddc1423e3e4d739dba63b1f53c98cb9bd14a770f12ffd1962707d7de27b9
Symantec pcAnywhere Remote Code Execution
Posted May 2, 2012
Authored by Edward Torkington | Site ngssoftware.com

Symantec pcAnywhere versions 12.5 and below are vulnerable to a remote code execution vulnerability. A flaw exists in the authentication component listening on TCP port 5631 which does not sufficiently validate user-submitted data.

tags | exploit, remote, tcp, code execution
SHA-256 | 534ae58b85b416fd3014155bc1e9ede4be561699212190b743baf7a76964e41f
Secunia Security Advisory 49004
Posted Apr 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the nBill component for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 9116c188a9768e937e2cace1b8948477e94ff899fbfc784bb8abf1812af1e8a5
Joomla nBill Lite Cross Site Scripting
Posted Apr 26, 2012
Authored by HauntIT

The Joomla nBill Lite component suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 3606d2ac2ff13bcedaf6d21dda5490b013927a9fc7dfcf91b3f1c0e6828a97b7
Joomla Virtuemart 2.0.2 Information Disclosure
Posted Apr 26, 2012
Authored by HauntIT

The Joomla Virtuemart component version 2.0.2 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 153728b97365dba0696210ef2b2c2dbc759fa84723f30875758c96d6773044d8
Page 3 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close