exploit the possibilities
Showing 1 - 25 of 38 RSS Feed

Files

Totemomail Encryption Gateway 6.0.0_Build_371 JSONP Hijacking
Posted May 15, 2018
Authored by Nicolas Heiniger

Totemomail Encryption Gateway version 6.0.0_Build_371 suffers from a JSONP hijacking vulnerability.

tags | exploit
advisories | CVE-2018-6562
MD5 | 6e6f06190a4a84cb2f21b0f6884348b4

Related Files

Froala WYSIWYG HTML Editor 3.1.1 Cross Site Scripting
Posted Jul 3, 2020
Authored by Emanuel Duss

Froala WYSIWYG HTML Editor versions 3.0.6 through 3.1.1 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-19935
MD5 | fb51f3219cdae4ef390670001545f686
Microsoft Windows Task Scheduler Security Feature Bypass
Posted May 15, 2020
Authored by Sylvain Heiniger

Compass Security identified a security feature bypass vulnerability in Microsoft Windows. Due to the absence of integrity verification requirements for the RPC protocol and in particular the Task Scheduler, a man-in-the-middle attacker can relay his victim's NTLM authentication to a target of his choice over the RPC protocol. Provided the victim has administrative privileges on the target, the attacker can execute code on the remote target.

tags | exploit, remote, protocol, bypass
systems | windows
advisories | CVE-2020-1113
MD5 | 9657b7615782fe7083c7fe7350cc206a
Apache Olingo OData 4.6.x XML Injection
Posted Dec 10, 2019
Authored by Archibald Haddock

Apache Olingo OData versions 4.x.x through 4.6.x suffer from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2019-17554
MD5 | 051e029f16764feddeb7a0590f43de8e
VMware VeloCloud 3.3.0 / 3.2.2 Authorization Bypass
Posted Oct 17, 2019
Authored by Silas Baertsch

VMware VeloCloud versions 3.3.0 and 3.2.2 suffer from an authorization bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2019-5533
MD5 | 12195b6551f517aa4bbe3b9c39469f0d
Siemens SICAM A8000 Series Denial Of Service
Posted Jan 17, 2019
Authored by Nicolas Heiniger, Emanuel Duss

Siemens SICAM A8000 Series suffers from an XML injection denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2018-13798
MD5 | 94b83feccca12141f97e4a4996b14321
ownCloud 0.1.2 User Impersonation Authorization Bypass
Posted Aug 31, 2018
Authored by Thierry Viaccoz

ownCloud version 0.1.2 suffers from a user impersonation authorization bypass vulnerability.

tags | exploit, bypass
MD5 | 6bc5693824d5901a03d83caf7dbc9ee2
ownCloud iOS Application 3.7.3 Cross Site Scripting
Posted Aug 15, 2018
Authored by Sylvain Heiniger

ownCloud version 3.7.3 for iOS suffers from a cross site scripting vulnerability.

tags | exploit, xss
systems | ios
MD5 | 5ae27cad5869c1d6ba868d900a0d55c8
Atmosphere 1.x / 2.x Cross Site Scripting
Posted Aug 15, 2018
Authored by Lukasz D.

Async-IO.org Atmosphere suffers from a cross site scripting vulnerability. Versions affected include 2.4.0 through 2.4.28, 2.3.0 through 2.3.9, 2.2.0 through 2.2.12, 2.1.0 through 2.1.13, 2.0.0 through 2.0.11, and 1.0.0 through 1.0.20.

tags | exploit, xss
MD5 | 9476e5ed3688706cc7814b7d361dc41c
Eclipse Vert.x 3.5.1 HTTP Header Injection
Posted Jun 13, 2018
Authored by Lukasz D.

Eclipse Vert.x versions 3.0.0 through 3.5.1 suffer from an HTTP header injection vulnerability.

tags | exploit, web
MD5 | b0bcdd2957a82518f6bc91174e6bea0c
Totemomail Encryption Gateway 6.0.0_Build_371 Cross Site Request Forgery
Posted May 15, 2018
Authored by Nicolas Heiniger

Totemomail Encryption Gateway version 6.0.0_Build_371 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2018-6563
MD5 | dddff35a0ad31ee3150a91121b2f0ea5
Microsoft Intune Design Weakness
Posted Mar 20, 2018
Authored by Stephan Sekula

Compass Security discovered a design weakness in Microsoft Intune's iOS Keychain management. This allows users to access company data even after the device has been unenrolled.

tags | advisory
systems | apple, ios
MD5 | 07ee7ba08f913665a8c31f611a99564a
Microsoft Intune App PIN Bypass
Posted Feb 13, 2018
Authored by Stephan Sekula

Compass Security discovered a design weakness in Microsoft Intune's app protection. This weakness allows a malicious user that gets hold of an employee's iOS device to access company data even without knowing the app PIN.

tags | exploit
systems | cisco, ios
MD5 | c46a3d6ea1c728f1cb1a8de7ee96f1f7
MyTy 5.1.7 Cross Site Scripting
Posted Nov 22, 2017
Authored by Nicolas Heiniger

MyTy versions 5.0.4 through 5.1.7 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a008300f781650c5d57bf9ca63e816ae
MyTy 5.1.6 Blind SQL Injection
Posted Nov 22, 2017
Authored by Nicolas Heiniger

MyTy versions 5.0.4 through 5.1.6 suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a13e0672e0e99854524ab58771d7fa5a
iText PDF Library 7.0.2 / 5.5.11 / 2.0.8 XXE Injection
Posted Nov 6, 2017
Authored by Benjamin Bruppacher

iText PDF Library versions 2.0.8, 5.5.11, and 7.0.2 suffer from an XML external entity injection vulnerability. The attack can be carried out by submitting a malicious PDF to an iText application that parses XML data. By providing a malicious XXE payloads inside the XML data that resides in the PDF, an attacker can for example extract files or forge requests on the server.

tags | advisory, xxe
advisories | CVE-2017-9096
MD5 | b4f4f5142c0c778840b48038c076d309
Mongoose Embedded Web Server Library 6.8 Buffer Overflow
Posted Sep 20, 2017
Authored by Dobin Rutishauser

Mongoose Embedded Web Server Library versions 6.8 and below suffer from a stack-based buffer overflow vulnerability.

tags | exploit, web, overflow
MD5 | 7a9669c25dc7bec6e80ff23d34fb2542
Sunell IPCAMERA IPR54/14AKDN(II)/13 Session ID Enumeration
Posted May 27, 2017
Authored by Stephan Sekula

Sunell IPCAMERA IPR54/14AKDN(II)/13 suffers from a session ID enumeration vulnerability.

tags | exploit
MD5 | 3d7b4df8fb17c45059d3a30f31f6cfd2
Sunell IPCAMERA IPR54/14AKDN(II)/13 Cross Site Scripting
Posted May 27, 2017
Authored by Stephan Sekula

Sunell IPCAMERA IPR54/14AKDN(II)/13 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
MD5 | cac4fb3c8a0231bc24e080283859ba02
Sunell IPR54/14AKDN(II)/13 Cross Site Scripting
Posted May 27, 2017
Authored by Stephan Sekula

Sunell IPR54/14AKDN(II)/13 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 19f2fab056e17a9b6e6e6ff2e9647e31
PingID MFA Cross Site Scripting
Posted May 17, 2017
Authored by Stephan Sekula

PingID MFA suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 56d9df23509ec94750aff3ba1e3827f4
Live Helper Chat 2.58v Cross Site Scripting
Posted Apr 27, 2017
Authored by Sylvain Heiniger

Live Helper Chat versions 2.06v through 2.58v suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | eac74b8c82e6af650a63fda1f1be2590
Mongoose OS 1.2 Use-After-Free / Denial Of Service
Posted Apr 3, 2017
Authored by Philipp Promeuschel, Stephan Sekula, Carel van Rooyen

Mongoose OS versions 1.2 and below suffers from use-after-free and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
advisories | CVE-2017-7185
MD5 | dbb7821c7270b918b6fa4489bcc6f330
ASP.NET Core 5-RC1 HTTP Header Injection
Posted Dec 23, 2016
Authored by Reto Schadler

ASP.NET Core version 5.-RC1 suffers from an HTTP header injection vulnerability.

tags | exploit, web, asp
MD5 | 28fbb855c6805f6d739cc89ce38fed04
OpenAM 9 / 10 Cross Site Scripting
Posted Feb 24, 2016
Authored by Stephan Sekula

OpenAM versions 9 through 9.5.5 and 10.0.0 through 10.0.2 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2c96adef7fee318232922ee072584e03
Adobe Experience Manager 6.1.0 Cross Site Scripting
Posted Feb 24, 2016
Authored by Damian Pfammatter

Adobe Experience Manager version 6.1.0 suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2015-0955
MD5 | 48218dfc38bed9401589b16f60e9d736
Page 1 of 2
Back12Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    11 Files
  • 12
    Aug 12th
    11 Files
  • 13
    Aug 13th
    17 Files
  • 14
    Aug 14th
    7 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close