exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

Monstra CMS Authenticated Arbitrary File Upload
Posted Jul 11, 2018
Authored by Touhid M.Shaikh, Ishaq Mohammed | Site metasploit.com

Monstra CMS 3.0.4 allows users to upload arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against Monstra CMS 3.0.4.

tags | exploit, remote, arbitrary, php
advisories | CVE-2017-18048
MD5 | 7dbdf348dbb60d19f6dfcb69ab4f25d5

Related Files

Hack Box With DotDotPwn Directory Traversal Fuzzer
Posted Jul 6, 2012
Authored by Levi Francisco Pineda

This is a brief whitepaper that demonstrates using DotDotPwn for directory traversal fuzzing against the Lyric Xibelis CSF.

tags | paper
MD5 | 22dda8a606f285136aa86848323a6feb
Efficient Padding Oracle Attacks On Cryptographic Hardware
Posted Jun 27, 2012
Authored by Riccardo Focardi, Graham Steel, Joe-Kai Tsay, Lorenzo Simionato, Yusuke Kawamoto, Romain Bardou

This paper demonstrates how to exploit the encrypted key import functions of a variety of different cryptographic devices to reveal the imported key. The attacks are padding oracle attacks, where error messages resulting from incorrectly padded plaintexts are used as a side channel. This is the paper that made headlines regarding RSA tokens being cracked in 13 minutes.

tags | paper
MD5 | b4cecd687dccde3df469accca5075a65
Secunia Security Advisory 49691
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Monstra CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | 2eb0fa0e7dbf67b8c857443f921345ac
Monstra CMS 1.1.6 Cross Site Request Forgery
Posted Jun 27, 2012
Authored by the_cyber_nuxbie

Monstra CMS version 1.1.6 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | db0ee0bc78b0b187eaa30bdb087514b3
Apple QuickTime Security Bypass
Posted Jun 25, 2012
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations does not agree with Apple's evaluation of a vulnerability they reported. They have decided to release proof of concept code to demonstrate a bypass vulnerability in Apple QuickTime Java extensions.

tags | exploit, java, proof of concept, bypass
systems | linux, apple
MD5 | b455e16bcd79c5388b8972a887d86fc8
Windows XP Keyboard Layouts Pool Corruption Proof Of Concept
Posted May 23, 2012
Authored by Oleksiuk Dmytro

This proof of concept code demonstrates a Microsoft Windows XP keyboard layouts pool corruption vulnerability, post MS12-034. The vulnerability exists in the function win32k!ReadLayoutFile() that parses keyboard layout file data.

tags | exploit, proof of concept
systems | windows, xp
MD5 | 34eea03ff3e3df7878c5cf5571892884
RDP Exploitation Using Cain
Posted May 21, 2012
Authored by David J. Dodd

This paper demonstrates how to ARP poison a connection between Windows 7 and Windows 2008 R2 Server using Cain.

tags | paper
systems | windows, 7
MD5 | ef9266998c0a638d9a127633eb6b3263
Mandriva Linux Security Advisory 2012-065
Posted Apr 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-065 - The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. Insufficient validating of upload name leading to corrupted $_FILES indices. Various other issues have also been addressed.

tags | advisory, remote, web, denial of service, arbitrary, cgi, php, sql injection
systems | linux, mandriva
advisories | CVE-2012-0788, CVE-2012-0807, CVE-2012-0830, CVE-2012-0831, CVE-2012-1172
MD5 | d970a7f09cf0264c29f9c880d7bb0874
Ruxcon 2012 Call For Papers
Posted Apr 19, 2012
Site ruxcon.org.au

Ruxcon 2012 Call For Papers - Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations. This year the conference will take place over the weekend of 20th and 21st of October at the CQ Function Centre, Melbourne, Australia.

tags | paper, conference
MD5 | b80710263313a4cf99938ecf24e17bbc
The Source Is A Lie
Posted Apr 17, 2012
Authored by Andreas Nusser | Site sec-consult.com

Whitepaper called The Source Is A Lie. Backdoors have always been a concern of the security community. In recent years the idea of not trusting the developer has gained momentum and manifested itself in various forms of source code review. For Java, being one of the most popular programming languages, numerous tools and papers have been written to help during reviews. While these tools and techniques are getting developed further, they usually focus on traditional programming paradigms. Modern concepts like Aspect Oriented Programming or the Java Reflection API are left out. Especially the use of Java’s Reflection API in conjunction with the lesser known “string pool” can lead to a new kind of backdoor. This backdoor hides itself from unwary reviewer by disguising its access to critical resources like credential through indirection. To raise the awareness about this particular kind of backdoor, this paper will provide a short introduction to the string pool, show how reflection can be used to manipulate it, demonstrate how a backdoor can abuse this, and discuss how it can be uncovered.

tags | paper, java
MD5 | 95c7b6fb02b2acae134655f38d6826c1
Adobe Flash Player Information Leak
Posted Apr 10, 2012
Authored by Fermin J. Serna

Adobe Flash Player versions prior to 10.3.183.16 and 11.x before 11.1.102.63 suffer from an information disclosure vulnerability. This archive has research related to this issue, proof of concept source code, and a swf that demonstrates the issue.

tags | exploit, proof of concept, info disclosure
systems | linux
advisories | CVE-2012-0769
MD5 | 6be90ad746ffeeba186321995dcd9978
Drupal Activity 6.x XSS Proof Of Concept
Posted Mar 29, 2012
Authored by Justin C. Klein Keane | Site drupal.org

This file documents a proof of concept to demonstrate the cross site scripting vulnerability in the Drupal Activity module version 6.x.

tags | exploit, xss, proof of concept
MD5 | 06f0f6c9900b8d2e1c30702167cfbae9
Mandriva Linux Security Advisory 2012-040
Posted Mar 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-040 - gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. The updated packages have been patched to correct this issue. The GnuTLS packages for Mandriva Linux 2011 has been upgraded to the 2.12.8 version due to problems with the test suite while building it, additionally a new dependency was added on p11-kit for the PKCS #11 support.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-1573
MD5 | eff5bc41065a2ae7bbc8b34c9df3c8bc
STKeyGen BT HomeHub 2 Type A Credential Generator
Posted Mar 2, 2012
Authored by Kevin Devine, James Hall

STKeyGen demonstrates how default WPA keys and default Administrator passwords are created on BT HomeHub 2 Type A router in the UK which are based on Technicolor/Thomson hardware.

tags | tool, wireless
systems | unix
MD5 | 12bbaab39378637c8b5c35e34a520f45
Typsoft FTP Server 1.10 Denial Of Service
Posted Feb 7, 2012
Authored by Balazs Makany

Three proof of concept exploits that demonstrate denial of service vulnerabilities in Typsoft FTP server version 1.10.

tags | exploit, denial of service, vulnerability, proof of concept
MD5 | df9286e98ac358e8f0a5ed272a271e60
Android 2.2 Webkit Normalize
Posted Feb 2, 2012
Authored by MJ Keith

Proof of concept exploit that demonstrates the Webkit normalize bug for Android version 2.2.

tags | exploit, proof of concept
advisories | CVE-2010-1759
MD5 | 544c60d8472014aaaac1318b58c9c5cf
Reflection Scan Proof Of Concept
Posted Jan 18, 2012
Authored by Jan Wrobel

This proof of concept demonstrates how traffic load of a shared packet queue can be exploited as a side channel through which protected information leaks to an off-path attacker.

tags | exploit, proof of concept
MD5 | 64bc671666fc26d1a6fbcfea2dbc73f5
Reflection Scan: An Off-Path Attack On TCP
Posted Jan 18, 2012
Authored by Jan Wrobel

The paper demonstrates how traffic load of a shared packet queue can be exploited as a side channel through which protected information leaks to an off-path attacker. The attacker sends to a victim a sequence of identical spoofed segments. The victim responds to each segment in the sequence (the sequence is reflected by the victim) if the segments satisfy a certain condition tested by the attacker. The responses do not reach the attacker directly, but induce extra load on a routing queue shared between the victim and the attacker. Increased processing time of packets traversing the queue reveal that the tested condition was true. The paper concentrates on the TCP, but the approach is generic and can be effective against other protocols that allow to construct requests which are conditionally answered by the victim.

tags | paper, spoof, tcp, protocol, proof of concept
MD5 | 3f661f7510db6f7555090f64d98e634e
Reverse Engineering SEHOP Chain Validation
Posted Jan 11, 2012
Authored by x90c

This proof of concept reverse engineering code demonstrates SEHOP chain validation.

tags | exploit, proof of concept
MD5 | 51cce128eb69749ce5846a7d9b1c95f0
Plone / Zope Remote Command Execution
Posted Dec 21, 2011
Authored by Nick Miles | Site npenetrable.com

Proof of concept code that demonstrates a remote command execution in Plone versions 4.0 through 4.0.9, 4.1, 4.2 (a1 and a2) and Zope versions 2.12.x and 2.13.x.

tags | exploit, remote, proof of concept
advisories | CVE-2011-3587
MD5 | ec89b0342f557b51deb307f79245bb3d
ClickIt Proof Of Concept
Posted Dec 13, 2011
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

JavaScript allows you to exploit human cognitive abilities to a remarkable extent; tools such as window positioning, history.forward() and history.back(), open some scary possibilities that we are completely unprepared to deal with. This proof-of-concept aims to demonstrate this; while it is intentionally crude and makes no real effort to conceal its operation, the transitions can be made seamless and very difficult to perceive. Very accurate click prediction can be achieved by carefully measuring mouse velocity and distance to destination, too.

tags | exploit, javascript
MD5 | 753f7c9a5e2186e19dff5a73e9ae8583
Acpid Privilege Boundary Crossing
Posted Dec 10, 2011
Authored by otr

Local proof of concept exploit that demonstrates a privilege boundary crossing vulnerability in acpid. Written to work on Ubuntu 11.10 and 11.04.

tags | exploit, local, proof of concept
systems | linux, ubuntu
advisories | CVE-2011-2777
MD5 | 205d4ba29c892acdd7cdca5bba40eabe
Hacking iOS Devices
Posted Dec 7, 2011
Authored by Japson

Whitepaper called Hacking Dispositivos iOS. It demonstrates how dangerous it is to be connected to a wireless network with an iOS device that has OpenSSH enabled. Written in Spanish.

tags | paper
systems | apple, iphone
MD5 | ae05680dc6d82049bbe79bf2fac33be6
Firefox CSS :visited Proof Of Concept
Posted Dec 3, 2011
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

This code is a proof of concept that demonstrates history extraction in Firefox through non-destructive cache timing.

tags | exploit, proof of concept
systems | linux
MD5 | 40789638dd11c307730257784d663de0
Avid Media Composer 5.5 Stack Buffer Overflow
Posted Nov 30, 2011
Authored by Nick Freeman | Site security-assessment.com

The AvidPhoneticIndexer.exe network daemon that ships with Avid Media Composer version 5.5 suffers from a remote stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory and a Metasploit module.

tags | exploit, remote, overflow
systems | linux
MD5 | 05ba0f866778968b71f98de51b05bb15
Page 1 of 4
Back1234Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    10 Files
  • 23
    Apr 23rd
    22 Files
  • 24
    Apr 24th
    11 Files
  • 25
    Apr 25th
    15 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close