exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

MyBB Visual Editor 1.8.18 Cross Site Scripting
Posted Sep 22, 2018
Authored by Numan OZDEMIR

MyBB Visual Editor versions 1.8.18 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-17128
SHA-256 | 9135e598bbd2a86b784c9a282b8fa7393bcf7cdd4921fee77ebf9059e9713571

Related Files

Debian Security Advisory 2522-1
Posted Aug 6, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2522-1 - Emilio Pinna discovered a cross site scripting vulnerability in the spellchecker.php page of FCKeditor, a popular html/text editor for the web.

tags | advisory, web, php, xss
systems | linux, debian
advisories | CVE-2012-4000
SHA-256 | da1a2bf303b76bf5b59ef18ad2eeec728100c65453b3bc10e1110a4736295ee6
Secunia Security Advisory 50136
Posted Aug 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for fckeditor. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
systems | linux, debian
SHA-256 | 7bf6bc4e7b7eaeae7a073dec020d9076ddaa4777bf448c516ac29b445b170dac
Red Hat Security Advisory 2012-1136-01
Posted Aug 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1136-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way OpenOffice.org processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-2665
SHA-256 | b59bd2e586688730a92ac126349c089bef1303f0b4131b5918f5c095da0db017
Red Hat Security Advisory 2012-1135-01
Posted Aug 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1135-01 - LibreOffice is an open source, community-developed office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way LibreOffice processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in a LibreOffice application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-2665
SHA-256 | ef5af1d4129c97a023a0cc2e74caaa7ad86b3ab37d19926858984185cae82c3c
WordPress Chenpress Shell Upload
Posted Jul 21, 2012
Authored by Am!r | Site irist.ir

WordPress ChenPress plugin suffers from a remote shell upload vulnerability via a FCKEditor.

tags | exploit, remote, shell
SHA-256 | 87588ece4e4b307e709c22fc6b0a03904e7c6d41b7c446f2bbe71bdd5b1344e2
Secunia Security Advisory 49822
Posted Jul 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Front-end Editor plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | ae9492f46bc53cc9b8bdf42e5a76318fefe3c2f60f4fb5201aeaf233693d6937
Umbraco CMS Remote Command Execution
Posted Jul 6, 2012
Authored by juan vazquez, Toby Clarke | Site metasploit.com

This Metasploit module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorised file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path traversal vulnerability, allowing code to be placed into the web-accessible /umbraco/ directory. The module writes, executes and then overwrites an ASPX script; note that though the script content is removed, the file remains on the target. Automatic cleanup of the file is intended if a meterpreter payload is used. This Metasploit module has been tested successfully on Umbraco CMS 4.7.0.378 on a Windows 7 32-bit SP1. In this scenario, the "IIS APPPOOL\ASP.NET v4.0" user must have write permissions on the Windows Temp folder.

tags | exploit, web, asp, file upload
systems | windows
SHA-256 | a969edd9061df64ff92c55db7b277da617626bfa9448eab4978dfbd56a0d42bb
Secunia Security Advisory 49606
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Emilio Pinna has discovered two vulnerabilities in FCKeditor, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 090a8ed3b25fd3e44538f03afd6e51c47a7cefa135a4e62e91ce1fce226b8c0a
Silverstripe Pixlr Image Editor 1.0.4 Shell Upload
Posted Jun 23, 2012
Authored by Sammy FORGIT

Silverstripe Pixlr Image Editor third party module version 1.0.4 suffers from an unauthenticated remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 92892941f615b9e1625148e66de6d4d5988ac58f60888dc1ef2d18d0ebbf6912
Secunia Security Advisory 49624
Posted Jun 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Lotus Expeditor, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

tags | advisory, vulnerability, xss
SHA-256 | 3bf0a630d1d5bb9ff8a615621ec4cc16294ff72c179e36688e0e1f60f6ad2c26
Joomla IDoEditor 1.6.16 Shell Upload
Posted Jun 12, 2012
Authored by Sammy FORGIT

Joomla IDoEditor version 1.6.16 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 84f6b1ba62776a3052dc34fb2f18dc5729761377185ae557186ffa6dd1057744
Secunia Security Advisory 49422
Posted Jun 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Audio Editor Master, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 166184546641d35f54b018dc4af673f13166413c2251678187b2728f812a49f8
Audio Editor Master 5.4.1.217 Denial Of Service
Posted Jun 6, 2012
Authored by Onying

Audio Editor Master version 5.4.1.217 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | b6930c08d1b40f2adf2de7921d89da8214fff73ac57df097378d448e1c3d2690
Red Hat Security Advisory 2012-0705-01
Posted Jun 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0705-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an invalid Escher graphics records length in Microsoft Office PowerPoint documents. An attacker could provide a specially-crafted Microsoft Office PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-1149, CVE-2012-2334
SHA-256 | 6a657f9b42a90e909284ccc79fb9187564b90245173cbab2a1f6851f0a6a3370
Secunia Security Advisory 47229
Posted May 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the eZ Style Editor extension for eZ Publish, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 16ed60ba0dec2bb46082dfc398ee4580eb59450303cf96fc25e27a51246884ff
GSM SIM Editor 5.15 Buffer Overflow
Posted Apr 18, 2012
Authored by Ruben Alejandro | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in GSM SIM Editor 5.15. When opening a specially crafted .sms file in GSM SIM Editor a stack-based buffer overflow occurs which allows an attacker to execute arbitrary code.

tags | exploit, overflow, arbitrary
SHA-256 | 451d9fa4a2e617e48ce85c48c985cb871ef37c17216ab0ee454a7063cff0d329
WordPress Deans With Pwwangs Code Shell Upload
Posted Mar 29, 2012
Authored by T0xic

WordPress Deans with Pwwangs Code plugin suffers from a FCKeditor remote file upload vulnerability.

tags | exploit, remote, file upload
SHA-256 | 0c816792c3ca6a0b7d63857f24ed1e793ca83dd33846e3484963e4614bb59655
Drupal FCKEditor/CKEditor PHP Execution
Posted Mar 24, 2012
Authored by Patroscan

Drupal FCKEditor/CKEditor module remote PHP code execution exploit.

tags | exploit, remote, php, code execution
SHA-256 | 9e74376ea72715e60cb7ca770018968f4efbcf2157614024104a526a99df39c9
Red Hat Security Advisory 2012-0411-01
Posted Mar 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0411-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If OpenOffice.org were to open a specially-crafted file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running OpenOffice.org had access to. A bug in the way Raptor handled external entities could cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org.

tags | advisory, remote, arbitrary, local, xxe
systems | linux, redhat
advisories | CVE-2012-0037
SHA-256 | 9a0a4f543457fc7348795ef6b90c507f9cb100611358fcad986b6f701a4bd297
Microsoft Bing Flash Editor Cross Site Scripting
Posted Mar 16, 2012
Authored by Aditya Gupta, Subho Halder, Dev Kar, Vulnerability Laboratory | Site vulnerability-lab.com

Microsoft Bing's Flash editor suffers from an input validation vulnerability that can lead to cross site scripting attacks.

tags | exploit, xss
SHA-256 | 7db7ba6f70e95039239d765d4aeb5b8090c822c565c7ff69ae6a471fe19d3fcc
Secunia Security Advisory 48435
Posted Mar 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in the CKEditor and FCKeditor modules for Drupal, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 70bea56e02dbc26a69e840cf0e033b69a0b2282d7355f55191fb3974c32ec641
Drupal CKEditor / FCKeditor XSS / XSRF / Code Execution
Posted Mar 15, 2012
Authored by Heine Deelstra | Site drupal.org

CKEditor and FCKeditor modules in Drupal versions 6.x and 7.x suffer from PHP code execution, cross site request forgery, and cross site scripting vulnerabilities.

tags | advisory, php, vulnerability, code execution, xss, csrf
SHA-256 | aaa6ea9e677ff1cded922b9064a43bda0cfc2a65959bfa6b93813933823bdbd6
AlegroCart FCKEditor Command Execution
Posted Mar 11, 2012
Authored by KedAns-Dz

AlegroCart FCKEditor remote command execution proof of concept exploit that leverages the vulnerability found by T0x!c.

tags | exploit, remote, proof of concept
SHA-256 | 171191b6b9e949736304584375831cd8fde697a49bae29a16126d5d68d7ed190
Red Hat Security Advisory 2012-0141-01
Posted Feb 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0141-01 - SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor. A heap-based buffer overflow flaw was found in the way SeaMonkey handled PNG images. A web page containing a malicious PNG image could cause SeaMonkey to crash or, possibly, execute arbitrary code with the privileges of the user running SeaMonkey. All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.

tags | advisory, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3026
SHA-256 | f1267c41db6a862799ec7a24f82bdf3f9e615c43178f198aa66dbb317e17b034
Chicago Tribune Cross Site Scripting
Posted Feb 15, 2012
Authored by Janne Ahlberg

The mobile.chicagotribune.com site suffers from a cross site scripting vulnerability. Editor's note 01/04/2013: Per the advisory author, Chicago Tribune has addressed this vulnerability.

tags | exploit, xss
SHA-256 | cb5868295d95e6e2adccde2d047576233388b74c94df149c189b172e92430175
Page 1 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close