what you don't know can hurt you
Showing 1 - 25 of 50 RSS Feed

Files

Piwigo 2.9.5 Cross Site Request Forgery / Cross Site Scripting
Posted Sep 13, 2019
Authored by Rodolfo Tavares

Piwigo version 2.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2019-13363, CVE-2019-13364
MD5 | 3c7069e96e000fdbcb03ee3f7ec38aed

Related Files

Piwigo 2.9.5 Cross Site Scripting / SQL Injection / Command Execution
Posted Sep 23, 2019
Authored by James Bercegay | Site gulftech.org

Piwigo versions 2.9.5 and below suffer from cross site scripting, command execution, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | d7bfbdd2fe5f80541115d580e6a6a0d9
G DATA TOTAL SECURITY 25.4.0.3 Active-X Buffer Overflow
Posted Jul 13, 2018
Authored by Felipe Xavier Oliveira

G DATA TOTAL SECURITY version 25.4.0.3 suffers from an active-x buffer overflow vulnerability.

tags | exploit, overflow, activex
advisories | CVE-2018-10018
MD5 | 90c8424162c88e3a300d66cb5666405a
Total AV 4.6.19 Insecure Permissions
Posted Jul 13, 2018
Authored by Felipe Xavier Oliveira

A vulnerability allows local attackers to escalate privilege on TotalAV versions 4.1.7 through 4.6.19 because of weak "C:\Program Files\TotalAV" permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM.

tags | exploit, arbitrary, local
advisories | CVE-2018-5313
MD5 | faa27411003777a314b1bfe60253a563
ISS For Business 14.0.1400.2029 Blue Screen Of Death
Posted Jul 13, 2018
Authored by Felipe Xavier Oliveira

In MicroWorld eScan Internet Security Suite (ISS) for Business version 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD).

tags | advisory, denial of service
advisories | CVE-2018-10018, CVE-2018-10098
MD5 | e43f0732680669dac8762679657968d3
Panda Global Security 17.0.1 NULL DACL Grants Full Access
Posted Mar 8, 2018
Authored by Felipe Xavier Oliveira

Panda Global Security version 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through the use of an insecurely created named pipe.

tags | exploit, denial of service, local
advisories | CVE-2018-6322
MD5 | 78a633d42e79810dad6911634f7b45e9
WPS Free Office 10.2.0.5978 NULL DACL Grants Full Access
Posted Mar 8, 2018
Authored by Felipe Xavier Oliveira

WPS Free Office version 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through the use of an insecurely created named pipe.

tags | exploit, denial of service, local
advisories | CVE-2018-6400
MD5 | 9632d24c8cfec8d732dcac81951c9a47
Panda Global Security 17.0.1 Unquoted Service Path
Posted Mar 8, 2018
Authored by Felipe Xavier Oliveira

Panda Global Security version 17.0.1 suffers from an unquoted service path vulnerability.

tags | exploit
advisories | CVE-2018-6321
MD5 | 13cfd6979af78b1bf0f9385013a7115d
BitDefender Total Security 2018 Insecure Pipe Permissions
Posted Mar 8, 2018
Authored by Felipe Xavier Oliveira

BitDefender Total Security 2018 suffers from an insecure pipe permissions vulnerability.

tags | advisory
advisories | CVE-2018-6183
MD5 | 9677f45e40c72ee291b90a48afee28cf
10-Strike Network Monitor 5.4 Unquoted Service Path
Posted Mar 8, 2018
Authored by Felipe Xavier Oliveira

10-Strike Network Monitor version 5.4 suffers from an unquoted service path vulnerability.

tags | exploit
advisories | CVE-2018-6016
MD5 | 76d354f866dec2773e1d08ee03b36139
Hola VPN 1.79.859 Insecure Service Permissions
Posted Mar 8, 2018
Authored by Felipe Xavier Oliveira

Hola VPN version 1.79.859 suffers from an insecure service permission vulnerability.

tags | exploit
advisories | CVE-2018-6623
MD5 | 1876f7351ffbf17ac8b728051bcb8ddc
Rapid Scada 5.5.0 Insecure Permissions
Posted Mar 6, 2018
Authored by Felipe Xavier Oliveira

Rapid Scada version 5.5.0 suffers from an insecure permission vulnerability.

tags | exploit
advisories | CVE-2018-5313
MD5 | c81b2a59f24e59822c91601bace1421d
TSiteBuilder 1.0 SQL Injection
Posted Jan 28, 2018
Authored by Ihsan Sencan

TSiteBuilder version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 496b92a8e463e0e72fd600a2082013e6
Piwigo 2.8.2 / 2.9.2 Cross Site Scripting
Posted Jan 12, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Piwigo CMS versions 2.8.2 and 2.9.2 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 56e16aae7f141f2c2e9cbdac157b0e43
Handy Password 4.9.3 Buffer Overflow
Posted Jan 11, 2018
Authored by Felipe Xavier Oliveira

Tempest Security Intelligence ADV-12/2018 - A buffer overflow in Handy Password version 4.9.3 allows remote attackers to execute arbitrary code via a long "Title name" field in "mail box" data that is mishandled in an "Open from mail box" action.

tags | advisory, remote, overflow, arbitrary
MD5 | 7353f4100afbf7c53aa46495663168d5
Piwigo 2.9.1 SQL Injection
Posted Dec 15, 2017
Authored by Akityo

Piwigo version 2.9.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-10682
MD5 | 7dcb87848320df6b3827d114d752b690
Sync Breeze 10.1.16 Buffer Overflow
Posted Oct 31, 2017
Authored by Felipe Xavier Oliveira

Sync Breeze version 10.1.16 is vulnerable to a buffer overflow vulnerability, which can be exploited remotely or locally to achieve arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" path of the application.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2017-15950
MD5 | f4f002630a2eed34a39911ef0c7be183
Piwigo User Tag 0.9.0 Cross Site Scripting
Posted Aug 10, 2017
Authored by Touhid M.Shaikh

Piwigo User Tag plugin version 0.9.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6701bf24df1ab48886dd811413896284
Piwigo Facetag 0.0.3 SQL Injection
Posted May 31, 2017
Authored by Touhid M.Shaikh

Piwigo Facetag plugin version 0.0.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 265f571ac1465bf00b85cfdccc57cffc
Ghost Blog 0.11.3 Cross Site Scripting
Posted Jan 20, 2017
Authored by Patrick Costa

Tempest Security Intelligence Advisory ADV-9/2017 - Ghost Blog version 0.11.3 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | be5b3a306042b6294633f1d980b7b7ab
Atlassian Jira 7.1.7 Cross Site Scripting
Posted Jan 17, 2017
Authored by Roberto Soares

Tempest Security Intelligence Advisory ADV-2/2016 - Atlassian Jira version 7.1.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-6285
MD5 | e6472969a5940d87f287d0be2baf9fe3
Atlassian Confluence 5.9.12 Cross Site Scripting
Posted Jan 4, 2017
Authored by Jodson Santos

Tempest Security Intelligence Advisory ADV-3/2016 - Atlassian Confluence version 5.9.12 is vulnerable to persistent cross site scripting because it fails to securely validate user controlled data, thus making it possible for an attacker to supply crafted input in order to harm users. The bug occurs at pages carrying attached files, even though the attached file name parameter is correctly sanitized upon submission, it is possible for an attacker to later edit the attached file name property and supply crafted data (i.e HTML tags and script code) without the occurrence of any security checks, resulting in an exploitable persistent cross site scripting injection.

tags | exploit, xss
advisories | CVE-2016-6283
MD5 | e811f22000dd04cc3f47ebdb47e52dfb
Telegram Desktop 0.10.1 DLL Hijacking
Posted Jan 4, 2017
Authored by Felipe Xavier Oliveira

Tempest Security Intelligence Advisory ADV-6/2016 - Telegram Desktop version 0.10.1 is vulnerable to dll hijacking as it tries to load "COMBASE.dll" without supplying the absolute path, thus relying upon the presence of such dll on the system directory.

tags | advisory
MD5 | 171558ee8417ad73202f1b8bdbaf1480
Akamai NetSession 1.9.3.1 DLL Hijacking
Posted Jan 4, 2017
Authored by Felipe Xavier Oliveira

Tempest Security Intelligence Advisory ADV-8/2016 - Akamai Netsession 1.9.3.1 is vulnerable to dll hijacking as it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned dll is missing from its installation. Thus making it possible to hijack the dll and subsequently inject code within the Akamai NetSession process space.

tags | advisory
MD5 | da85249731ae041efb5a09c61f89382b
Audacity 2.1.2 DLL Hijacking
Posted Jan 4, 2017
Authored by Felipe Xavier Oliveira

Tempest Security Intelligence Advisory ADV-7/2016 - Audacity version 2.1.2 is vulnerable to dll hijacking as it tries to load avformat-55.dll without supplying the absolute path, thus relying upon the presence of such dll on the system directory. This behavior results in an exploitable dll hijacking vulnerability, even if the SafeDllSerchMode flag is enabled.

tags | advisory
MD5 | a7907f7aa84259c696d23ab7126e138b
Piwigo 2.7.3 SQL Injection
Posted Feb 18, 2015
Authored by Sven Schleier

Piwigo version 2.7.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-1517
MD5 | 03b7af3a848336af964088f6ffb8b9ac
Page 1 of 2
Back12Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close