exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 85 RSS Feed

Files

Port Forwarding Wizard 4.8.0 Buffer Overflow
Posted Jul 27, 2020
Authored by Sarang Tumne

Port Forwarding Wizard version 4.8.0 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | d80cc71d902a2f8063701473c1de716c02b83a3515108e0fc11a2f1b0d52a54e

Related Files

File Sharing Wizard 1.5.0 Denial Of Service
Posted Jan 7, 2024
Authored by Fernando Mengali

File Sharing Wizard version 1.5.0 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 667473f176052af85e5964dc11bf0155cbeb4a2f3ac28591ecdd6ccc9f8c3e4e
MiniTool Partition Wizard ShadowMaker 12.7 Unquoted Service Path
Posted Jul 11, 2023
Authored by Idan Malihi

MiniTool Partition Wizard ShadowMaker version 12.7 suffers from multiple unquoted service path vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2023-36164, CVE-2023-36165
SHA-256 | b65c7f242f90cef498d3dec84608658f583d76707f10f01c7ede7b38725ddd96
Fortinet FortiNAC keyUpload.jsp Arbitrary File Write
Posted Mar 15, 2023
Authored by jheysel-r7, Zach Hanley, Gwendal Guegniaud | Site metasploit.com

This Metasploit module uploads a payload to the /tmp directory in addition to a cron job to /etc/cron.d which executes the payload in the context of the root user. The core vulnerability is an arbitrary file write issue in /configWizard/keyUpload.jsp which is accessible remotely and without authentication. When you send the vulnerable endpoint a ZIP file, it will extract an attacker controlled file to a directory of the attackers choice on the target system. This issue is exploitable on FortiNAC versions 9.4 prior to 9.4.1, FortiNAC versions 9.2 prior to 9.2.6, FortiNAC versions 9.1 prior to 9.1.8, all versions of FortiNAC 8.8, all versions of FortiNAC 8.7, all versions of FortiNAC 8.6, all versions of FortiNAC 8.5, and all versions of FortiNAC 8.3.

tags | exploit, arbitrary, root
advisories | CVE-2022-39952
SHA-256 | b72056fdc9840a37268bab3325c1941ddb0082c5918cf14fec39001b268b461d
Nagios XI 5.7.5 Remote Code Execution
Posted Feb 8, 2023
Authored by Matthew Mathur | Site metasploit.com

This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 as the apache user. Valid credentials for a Nagios XI user are required. This module has been successfully tested against official NagiosXI OVAs versions 5.5.6 through 5.7.5.

tags | exploit, remote, vulnerability, code execution
advisories | CVE-2021-25296, CVE-2021-25297, CVE-2021-25298
SHA-256 | e1e14a22eb63b8baf6d8bc7b7a7a42d07a444dd4ad650863cfe3c7cce4239771
MiniTool Partition Wizard 12.0 Unquoted Service Path
Posted Apr 11, 2022
Authored by Saud Alenazi

MiniTool Partition Wizard version 12.0 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 9564c84c9c680a2e3b84d7e006b54b17112ceb1af52c126a8b5cd5386a345955
Audio Conversion Wizard 2.01 Buffer Overflow
Posted Mar 9, 2022
Authored by Hejap Zairy

Audio Conversion Wizard version 2.01 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 605f74098a9e1207ebaa626a713a4b35b630680fc268c569f358559bb81db913
SAP JAVA Configuration Task Execution
Posted Apr 5, 2021
Site onapsis.com

A malicious unauthenticated user could abuse the lack of authentication check on a particular web service exposed by default in SAP Netweaver JAVA stack, allowing them to fully compromise the targeted system. Affected components include SAP Netweaver JAVA versions 7.30 through 7.50 and LM CONFIGURATION WIZARD versions 7.30 SP019 Patch 0000, 7.30 SP020 Patch 0000, 7.31 SP023 Patch 0000, 7.31 SP024 Patch 0000, 7.31 SP025 Patch 0000, 7.31 SP026 Patch 0000, 7.40 SP018 Patch 0000, 7.40 SP019 Patch 0000, 7.40 SP020 Patch 0000, 7.40 SP021 Patch 0000, 7.50 SP012 Patch 0001 and lower, 7.50 SP013 Patch 0002 and lower, 7.50 SP014 Patch 0001 and lower, 7.50 SP015 Patch 0001 and lower, 7.50 SP016 Patch 0001 and lower, 7.50 SP017 Patch 0001 and lower, and 7.50 SP018 Patch 0000.

tags | advisory, java, web
advisories | CVE-2020-6287
SHA-256 | 978750433543ec4b63047fcf6b6926f902e63282e32e39e3576f962e8997c767
Cayin Signage Media Player 3.0 Root Remote Command Injection
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

CAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.

tags | exploit, web, arbitrary, shell, cgi, root
SHA-256 | 8227decab2e3303eb2fd3fd07c388f1eab6298ce3df14f3c461ac9bd2a02e376
Microsoft Windows WizardOpium Local Privilege Escalation
Posted Mar 6, 2020
Authored by Piotr Florczyk

Microsoft Windows WizardOpium local privilege escalation exploit.

tags | exploit, local
systems | windows
advisories | CVE-2019-1458
SHA-256 | 8f4ff290f618c7ae82d5e4a5c6a3a8d15528402a776ef0a67b0092135caef4a2
File Sharing Wizard 1.5.0 POST SEH Overflow
Posted Oct 8, 2019
Authored by x00pwn, Dean Welch | Site metasploit.com

This Metasploit module exploits an unauthenticated HTTP POST SEH-based buffer overflow in File Sharing Wizard version 1.5.0.

tags | exploit, web, overflow
advisories | CVE-2019-16724
SHA-256 | 5ba4934d2c6e2bc26de53ab037769cf889d219ee535dd367281aadff1d2fbd42
File Sharing Wizard 1.5.0 SEH Buffer Overflow
Posted Sep 24, 2019
Authored by x00pwn

File Sharing Wizard version 1.5.0 POST SEH buffer overflow exploit.

tags | exploit, overflow
advisories | CVE-2019-16724
SHA-256 | 241a76ac0e6d69be0753a743ecf0138c986af056b02442e8e5a4e9b4c2299b78
RICOH SP 4520DN Printer HTML Injection
Posted May 9, 2019
Authored by Ismail Tasdelen

An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.

tags | exploit, web, cgi
advisories | CVE-2019-11844
SHA-256 | 8aa24d5f0536dc8ab8ba5a04208bb67d10be44f374d522d992546b0c6b964e41
RICOH SP 4510DN Printer HTML Injection
Posted May 9, 2019
Authored by Ismail Tasdelen

An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.

tags | exploit, web, cgi
advisories | CVE-2019-11845
SHA-256 | 1e92ae0c5278fc1a1ef7d635b6034490e6b56ed89def0c3158b907b154633917
IPSet List 3.7.2
Posted Feb 14, 2019
Authored by AllKind | Site sourceforge.net

ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.

Changes: Various updates.
tags | tool, firewall, bash
systems | linux, unix
SHA-256 | 4aaf94db4e589d54ade6361b661410c42198d5fa12a1169521022005f49c9622
IPSet List 3.7.1
Posted Feb 12, 2019
Authored by AllKind | Site sourceforge.net

ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.

Changes: Various updates.
tags | tool, firewall, bash
systems | linux, unix
SHA-256 | e7a7e35d19eb00c27d3e5a83f49a37732228ab8b9169c402dd0fc23ea9477c79
IPSet List 3.7
Posted Nov 5, 2017
Authored by AllKind | Site sourceforge.net

ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.

Changes: Various updates.
tags | tool, firewall, bash
systems | linux, unix
SHA-256 | 8c3bf8eacd72ce4aa2ac52d22f3e789d9459dc63c18d2e1bc0e23a7ae549264d
Jungo DriverWizard WinDriver 12.4.0 Overflow
Posted Sep 12, 2017
Authored by mr_me

Jungo DriverWizard WinDriver versions 12.4.0 and below suffer from a kernel pool overflow vulnerability.

tags | exploit, overflow, kernel
advisories | CVE-2017-14344
SHA-256 | a9ede77e400c88f06f5967153face06cc5dd84995cae8db5727593ad0988cae3
Jungo DriverWizard WinDrive Overflow
Posted Sep 7, 2017
Authored by mr_me

Jungo DriverWizard WinDrive suffers from a kernel pool overflow vulnerability.

tags | exploit, overflow, kernel
advisories | CVE-2017-14153
SHA-256 | dca515772a97244268c6a74660ac805849667ca4797270d13edabd00dd2a3754
Jungo DriverWizard WinDrive OOB Write Privilege Escalation
Posted Sep 7, 2017
Authored by mr_me

Jungo DriverWizard WinDriver suffers from a kernel out-of-bounds write privilege escalation vulnerability.

tags | exploit, kernel
advisories | CVE-2017-14075
SHA-256 | 3f35127cf2e468c00ca30d9820ac92892af0f635d478118670c971a69fe4071b
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
Posted Aug 18, 2017
Authored by Mehmet Ince, Cody Sixteen | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. WizardSetting_sys.imss endpoint takes several user inputs and performs LAN settings. After that it use them as argument of predefined operating system command without proper sanitation. It's possible to inject arbitrary commands into it. InterScan Messaging Security prior to 9.1.-1600 affected by this issue.

tags | exploit, web, arbitrary, root
SHA-256 | 50f31837beea28b6c9830ae6763884d12cce54426a4afac257f09c46574b30b4
IPSet List 3.6
Posted Apr 17, 2016
Authored by AllKind | Site sourceforge.net

ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.

Changes: The query result can now also be saved in ipset save, or xml format. When saving the query result, the output can now be sent to stdout. An exit handler was added. Some usability improvements were done. A command line parser and a documentation bug were fixed.
tags | tool, firewall, bash
systems | linux, unix
SHA-256 | 8ddb1a945ada9b3f2ebf3b8e336bdc88bf5149693c808df3c19f3707231f2f4d
IP-Array IPTables Firewall Script 1.2.2
Posted Mar 28, 2016
Authored by AllKind | Site ip-array.sourceforge.net

A Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.

Changes: This is a bugfix only release. One critical, a few major, and some minor bugs have been fixed.
tags | tool
systems | linux, unix
SHA-256 | 4c747ff421514b04d85a245812dc63289687125e8c22e296fad9d732501c0200
IPSet List 3.5.1
Posted Mar 28, 2016
Authored by AllKind | Site sourceforge.net

ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.

Changes: Added option -Gp. Added an install and an uninstall script. Various other fixes.
tags | tool, firewall, bash
systems | linux, unix
SHA-256 | a91e75b6cb8cb107cb890a35522795d33084b9d4aeb07cc15981c44268ec81ef
IP-Array IPTables Firewall Script 1.2.1
Posted Mar 21, 2016
Authored by AllKind | Site ip-array.sourceforge.net

A Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.

Changes: The old /proc filesystem PROC_* variable configuration system has been removed. Now the system settings are done using the sysctl program. The sysctl rules are now written in XML. A sysctl builder has been added to the interactive mode, allowing to create sysctl rule files easily. A bash completion compspec has been added. An uninstall script has been added. Parsing of XML files by category is now possible even if not in parse-xml mode. Various fixes and improvements.
tags | tool
systems | linux, unix
SHA-256 | de001b81914740972faf4bd4d0ea388e8757a9bfd02dd6b63707be348929904a
IPSet List 3.4
Posted Mar 13, 2016
Authored by AllKind | Site sourceforge.net

ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.

Changes: A new option (-T) was introduced, allowing to test for existence of elements. This option can be used multiple times over multiple ipset sets in one query. An interactive wizard based mode has been added. It allows to select the options for the query interactively. Additionally the command line for the search can be composed (-G). In order to run the wizards, the dialog and whiptail programs are supported. One bug was fixed: usage output did not display some valid combinations. Also some minor tweaks have been done. A man page has been included. Script options can now be set from a configuration file.
tags | tool, firewall, bash
systems | linux, unix
SHA-256 | 831fe3a7c0e35af7cc62968e2a73dcad829835caaddc1d8a3592e280d606280b
Page 1 of 4
Back1234Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close