exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

Find A Place CMS Directory 1.5 SQL Injection
Posted Feb 16, 2019
Authored by Deyaa Muhammad

Find a Place CMS Directory version 1.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 187b86df8eeef1ecf89f4c226f6452add70c8665f8b7fd5f23a87c6818444c50

Related Files

ICS-CERT Advisory - Tridium Niagara Issues
Posted Aug 17, 2012
Authored by ICS-CERT | Site ics-cert.org

ICS-CERT Advisory ICSA-12-228-01 - Independent security researchers Billy Rios and Terry McCorkle have identified multiple vulnerabilities in the Tridium Niagara AX Framework software. The vulnerabilities include directory traversal, weak credential storage, session cookie weaknesses, and predictable session IDs, all of which can be exploited remotely. All known versions of the Tridium Niagara AX Framework software products are susceptible to these vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-4027, CVE-2012-4028, CVE-2012-3025, CVE-2012-3024
SHA-256 | a321597efe4a62df5a3a2266cf1f16eb392c55adffe8c8fa35b7747b79ea649b
Novell ZENworks Asset Management Remote Execution
Posted Aug 14, 2012
Authored by juan vazquez | Site metasploit.com

This Metasploit module exploits a path traversal flaw in Novell ZENworks Asset Management 7.5. By exploiting the CatchFileServlet, an attacker can upload a malicious file outside of the MalibuUploadDirectory and then make a secondary request that allows for arbitrary code execution.

tags | exploit, arbitrary, code execution
advisories | CVE-2011-2653, OSVDB-77583
SHA-256 | 0b8fb5d16df4fc969d43e3061660de06ffdf0cfc0581883a9f80e8a04b40a600
TestLink 1.9.3 Arbitrary File Upload
Posted Aug 14, 2012
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in TestLink versions 1.9.3 and prior. This application has an upload feature that allows any authenticated user to upload arbitrary files to the '/upload_area/nodes_hierarchy/' directory with a randomized file name. The file name can be retrieved from the database using SQL injection.

tags | exploit, arbitrary, sql injection
SHA-256 | d7801d84f2c0b381a4eab2c495d1007bc1e69f64d876b88ff24732a4755a2f71
NetDecision 4.2 TFTP Writable Directory Traversal Execution
Posted Aug 9, 2012
Authored by Rob Kraus, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in NetDecision 4.2 TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of user executing the TFTP Server.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2009-1730, OSVDB-54607
SHA-256 | 0d13cee7943b511e1894639ec337c177f0900b866756b484b6bf6fa8eab38bed
Secunia Security Advisory 50125
Posted Aug 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and a vulnerability have been reported in IBM Tivoli Directory Integrator, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.

tags | advisory, spoof, xss
SHA-256 | c59053b2c58f8fcf728d84f471a644f3c00a315c275ea3d09bd0467a85b2b1eb
WebPageTest Arbitrary PHP File Upload
Posted Aug 1, 2012
Authored by dun, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in WebPageTest's Upload Feature. By default, the resultimage.php file does not verify the user-supplied item before saving it to disk, and then places this item in the web directory accessable by remote users. This flaw can be abused to gain remote code execution.

tags | exploit, remote, web, php, code execution
advisories | OSVDB-83822
SHA-256 | 12ff7aba4342dfbb7f5a516aa01579569cbaf4c1cb86bb84f42047ca2ada8e0b
Secunia Security Advisory 50069
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in IBM Rational Directory Server, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
SHA-256 | 81d8fa4b238559d713ead309f268dca7c154ced8fef132a7488b38bcd2c022da
Microsoft Office SharePoint Server 2007 Remote Code Execution
Posted Jul 30, 2012
Authored by James Burton, juan, Oleksandr Mirosh | Site metasploit.com

This Metasploit module exploits a vulnerability found in SharePoint Server 2007 SP2. The software contains a directory traversal, that allows a remote attacker to write arbitrary files to the filesystem, sending a specially crafted SOAP ConvertFile request to the Office Document Conversions Launcher Service, which results in code execution under the context of 'SYSTEM'. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of SharePoint on Windows 2003 Servers. It has been successfully tested on Office SharePoint Server 2007 SP2 over Windows 2003 SP2.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2010-3964, OSVDB-69817
SHA-256 | 7ad8e7d26bc7d8213c68e74fdb77fb2a0f223d16965a4e6425e8d2f9797435cd
CuteFlow 2.11.2 Arbitrary File Upload
Posted Jul 27, 2012
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in CuteFlow version 2.11.2 or prior. This application has an upload feature that allows an unauthenticated user to upload arbitrary files to the 'upload/___1/' directory and then execute it.

tags | exploit, arbitrary
SHA-256 | 7e52dec1e5036e52df909f5beaef31339c50c613b21624d2406a52176b941892
Photodex ProShow Producer 5.0.3256 Buffer Overflow
Posted Jul 26, 2012
Authored by mr.pr0n, Julien Ahrens, juan | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Photodex ProShow Producer version 5.0.3256 in the handling of the plugins load list file. An attacker must send the crafted "load" file to victim, who must store it in the installation directory. The vulnerability will be triggered the next time ProShow is opened. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow
systems | windows
advisories | OSVDB-83745
SHA-256 | bf2514d474a7b08d3b8119c8f11509c92a1414014f2de791e9a5e94b2b9e0c03
EGallery PHP File Upload Vulnerability
Posted Jul 23, 2012
Authored by Sammy FORGIT, juan | Site metasploit.com

This Metasploit module exploits a vulnerability found in EGallery 1.2 By abusing the uploadify.php file, a malicious user can upload a file to the egallery/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 10.04.

tags | exploit, arbitrary, php, code execution
systems | linux, ubuntu
advisories | OSVDB-83891
SHA-256 | 526da632857518ba04c937502d05234c1849101abc35c576432b65f2a4fbe5d5
Red Hat Security Advisory 2012-1109-01
Posted Jul 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1109-01 - JBoss Application Server is the base package for JBoss Enterprise Portal Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
SHA-256 | 78dd41f8b5b34025ec971ccb9596f9551cde8d2534b3816a8c8e07e50a8da9ef
Ubuntu Security Notice USN-1503-1
Posted Jul 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1503-1 - Hans Spaans discovered that the Context plugin in Rhythmbox created a temporary directory in an insecure manner. A local attacker could exploit this to execute arbitrary code as the user invoking the program. The Context plugin is disabled by default in Ubuntu.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2012-3355
SHA-256 | df547307b999909e8ad311c8eb23837293bda1c1769f52bf417f2bfd35e2b199
Umbraco CMS Remote Command Execution
Posted Jul 6, 2012
Authored by juan vazquez, Toby Clarke | Site metasploit.com

This Metasploit module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorised file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path traversal vulnerability, allowing code to be placed into the web-accessible /umbraco/ directory. The module writes, executes and then overwrites an ASPX script; note that though the script content is removed, the file remains on the target. Automatic cleanup of the file is intended if a meterpreter payload is used. This Metasploit module has been tested successfully on Umbraco CMS 4.7.0.378 on a Windows 7 32-bit SP1. In this scenario, the "IIS APPPOOL\ASP.NET v4.0" user must have write permissions on the Windows Temp folder.

tags | exploit, web, asp, file upload
systems | windows
SHA-256 | a969edd9061df64ff92c55db7b277da617626bfa9448eab4978dfbd56a0d42bb
Tiki Wiki <= 8.3 unserialize() PHP Code Execution
Posted Jul 6, 2012
Authored by EgiX, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in Tiki Wiki <= 8.3 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the 'tiki-print_multi_pages.php' script, which is called with user controlled data from the 'printpages' parameter. The exploit abuses the __destruct() method from the Zend_Pdf_ElementFactory_Proxy class to write arbitrary PHP code to a file on the Tiki Wiki web directory. In order to run successfully three conditions must be satisfied (1) display_errors php setting must be On to disclose the filesystem path of Tiki Wiki, (2) The Tiki Wiki Multiprint feature must be enabled to exploit the unserialize() and (3) a php version older than 5.3.4 must be used to allow poison null bytes in filesystem related functions. The exploit has been tested successfully on Ubuntu 9.10 and Tiki Wiki 8.3.

tags | exploit, web, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2012-0911
SHA-256 | 04e6daabf6b6a5dba1b8fa576bc4f910b4df1c7b90652847142a832796744523
Hack Box With DotDotPwn Directory Traversal Fuzzer
Posted Jul 6, 2012
Authored by Levi Francisco Pineda

This is a brief whitepaper that demonstrates using DotDotPwn for directory traversal fuzzing against the Lyric Xibelis CSF.

tags | paper
SHA-256 | ff84469d0184c84c0a03b4b6268f4e4a0fc7743706154150f36511ad985f17fd
Webify Link Directory SQL Injection
Posted Jul 4, 2012
Authored by Daniel Godoy

Webify Link Directory suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 090d94e61eb549530245d1678eeefbb09bfeaba84464884f28284e1cfc741ad6
Python-wrapper Untrusted Search Path / Code Execution
Posted Jul 2, 2012
Authored by ShadowHatesYou

Python-wrapper executes any test.py script within the current working directory, when supplied with help('modules'). A non-privileged user may gain code execution by tricking root to help('modules') or help() and then modules from within python-wrapper while within a non-privileged user's work directory.

tags | exploit, root, code execution, python
SHA-256 | d58933fe94dc7d2c9f7f05b9dd9d6736fd4a43d5f37eee91e3e776a573bb8c24
WANGKONGBAO CNS-1000 / CNS-1100 Directory Traversal
Posted Jul 2, 2012
Authored by Dillon Beresford

WANGKONGBAO CNS-1000 and CNS-1100 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | d08faedbde9b8dbd524b59e4193f087991c4d236239f0b21829cb29d78dfe7f3
Mandriva Linux Security Advisory 2012-096-1
Posted Jul 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-096 - Multiple vulnerabilities has been discovered and corrected in python. The _ssl module would always disable the CBC IV attack countermeasure. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file. A race condition was found in the way the Python distutils module set file permissions during the creation of the.pypirc file. Various other issues were also addressed.

tags | advisory, vulnerability, xss, python
systems | linux, mandriva
advisories | CVE-2011-3389, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150
SHA-256 | 6519f45b66e8e91380ebd2fe36730ada9b3c9fe8a02948e6fcc43d7e69bb6a64
SpecView 2.5 Build 853 Directory Traversal
Posted Jun 29, 2012
Authored by Luigi Auriemma | Site aluigi.org

SpecView versions 2.5 build 853 and below suffer from a remote directory traversal vulnerability.

tags | exploit, remote
SHA-256 | 37c481c86f91ff979c1f2a14452d4bc1fc45aaf6d60f55ae0b180aa752d19d99
Zero Day Initiative Advisory 12-106
Posted Jun 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-106 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avaya IP Office Customer Call Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists because Avaya IP Office Customer Call Reporter allows unauthenticated users to upload files to the webserver through ImageUpload.ashx. The uploaded files will not be stripped of their file extensions and the directory where they are uploaded to has no scripting restrictions. This flaw can lead the remote code execution under the context of the user running the IP Office Customer Call Reporter, usually NETWORK SERVICE.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2012-3811
SHA-256 | c9875f083e981a649b82cd3fc96e172a5e7ead7522bb0fcbbb19128b2cc1d8b9
Ubuntu Security Notice USN-1485-1
Posted Jun 29, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1485-1 - Florian Weimer discovered that AccountsService incorrectly handled privileges when copying certain files to the system cache directory. A local attacker could exploit this issue to read arbitrary files, bypassing intended permissions.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2012-2737
SHA-256 | 98db492a84e65422f2ea894ff6cb2a226228331fe4e976ea60ea62427ba2e0ec
Sielco Sistemi Winlog 2.07.16 Code Execution / Directory Traversal
Posted Jun 27, 2012
Authored by Luigi Auriemma | Site aluigi.org

Sielco Sistemi Winlog versions 2.07.16 and below suffer from various code execution, stack overflow, and directory traversal vulnerabilities. Proof of concept utility included.

tags | exploit, overflow, vulnerability, code execution, proof of concept
systems | linux
SHA-256 | 2c3d3186116ed66592e68144dac18e5288896dc07ba9846d20cbd79b708917db
Secunia Security Advisory 49734
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and a vulnerability have been reported in Red Hat Directory Server, which can be exploited by malicious users to disclose sensitive information.

tags | advisory
systems | linux, redhat
SHA-256 | 6f4998a6c8579b1ce06e07cf1b17fcc9b3837d35f93522f707f77545b1df8586
Page 1 of 4
Back1234Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close