exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

CMS Made Simple 2.2.14 Shell Upload
Posted Aug 13, 2020
Authored by Roel van Beurden

CMS Made Simple version 2.2.14 suffers from an authenticated shell upload vulnerability.

tags | exploit, shell
SHA-256 | dfec683841667f70218145ec3220e0b1035d7cd217d4a78f597b5fdeafa9b894

Related Files

GNU Transport Layer Security Library 3.1.0
Posted Aug 17, 2012
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: This release adds support for using and storing cryptographic keys in the system's TPM module and several other improvements.
tags | protocol, library
SHA-256 | 4fdb58572fb91fc0afbdfcd7845d4467d4b13ef2f9141bdaa955b959a319f8cc
Secunia Security Advisory 50208
Posted Aug 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - loneferret has reported some vulnerabilities in the SimpleMail plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | f83e5e65043670becdc42a9b437540aa6f27a980121590167a6dcb2bdef541bf
GetSimple CMS 3.1.2 Local File Inclusion / Path Disclosure
Posted Aug 5, 2012
Authored by PuN!Sh3r

GetSimple CMS version 3.1.2 suffers from local file inclusion and path disclosure vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | 31b1e57fbf7f937f77d9784291e1782b0f12b663027604cdcf7b49912b6578e3
Secunia Security Advisory 50016
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in the Simple Video Flash Player for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 9df20f91497034cf913395b05a7fb43d08018c030260a70ebd99396fa8c979e2
JW Player / SVFP / Poodll / RokBox Cross Site Scripting
Posted Jul 29, 2012
Authored by MustLive

Various flash players, such as JWPlayer for MODx, Simple video flash player for Joomla, Poodll for Moodle, RokBox for Joomla, and RokBox for WordPress all suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 260067c1b6a7935399c21b2621857237ac79808b7df319270dbb7fa906648b17
Simple Web Server Connection Header Buffer Overflow
Posted Jul 23, 2012
Authored by mr.pr0n, juan | Site metasploit.com

This Metasploit module exploits a vulnerability in Simple Web Server 2.2 rc2. A remote user can send a long string data in the Connection Header to cause an overflow on the stack when function vsprintf() is used, and gain arbitrary code execution. The module has been tested successfully on Windows 7 SP1 and Windows XP SP3.

tags | exploit, remote, web, overflow, arbitrary, code execution
systems | windows
SHA-256 | ef2c81d5811597767d04bfb232a9ea85a237262aae453dc634269ab733bcb34c
SimpleWebServer 2.2-rc2 Remote Buffer Overflow
Posted Jul 19, 2012
Authored by mr.pr0n

SimpleWebServer version 2.2-rc2 remote buffer overflow exploit that achieves code execution.

tags | exploit, remote, overflow, code execution
SHA-256 | d479bd8f4fea4bdf5c0972e056189d54814dde491f87ef49ea5a3093231a8ef1
DNS Denial Of Service Tool
Posted Jul 19, 2012

This is a simple snippet of c code that can be used for creating a denial of service condition against a DNS server.

tags | denial of service
SHA-256 | 23d955165e262da83e17e578062db6045a5487a02f461e22bbd4b3d9d5a162af
Simple Packet Sender 3.0
Posted Jul 17, 2012
Authored by Hohlraum | Site sourceforge.net

Simple Packet Sender (SPS) is a Linux packet crafting tool. It supports IPv4, IPv6 (but not extension headers yet), and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+. Both source and binaries are included. Features include packet crafting and sending one, multiple, or flooding packets of type TCP, ICMP, or UDP. All values within ethernet frame can be modified arbitrarily. Supports TCP, ICMP and UDP data as well, with input from either keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. Various other features exist as well.

Changes: Various additions and bug fixes.
tags | tool, udp, scanner, tcp
systems | linux, unix
SHA-256 | 3e2b136f015fae19c61b2b118d1d58402b2d75b2f9c0c22031532788387ffcbe
Magento eCommerce Platform XXE Injection
Posted Jul 13, 2012
Authored by Kestutis Gudinavicius | Site sec-consult.com

Magento eCommerce platform uses a vulnerable version of Zend framework which is prone to XML eXternal Entity Injection attacks. The SimpleXMLElement class of Zend framework (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections.

tags | exploit, arbitrary, php, tcp, xxe
SHA-256 | 89d448f5823f6c330e5a4b53e23014a5b1fe003dd4087081ff3c078b9e4d3271
Mandriva Linux Security Advisory 2012-096-1
Posted Jul 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-096 - Multiple vulnerabilities has been discovered and corrected in python. The _ssl module would always disable the CBC IV attack countermeasure. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file. A race condition was found in the way the Python distutils module set file permissions during the creation of the.pypirc file. Various other issues were also addressed.

tags | advisory, vulnerability, xss, python
systems | linux, mandriva
advisories | CVE-2011-3389, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150
SHA-256 | 6519f45b66e8e91380ebd2fe36730ada9b3c9fe8a02948e6fcc43d7e69bb6a64
Secunia Security Advisory 49786
Posted Jul 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Items Manager plugin for GetSimple CMS, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | bac3348b2a4f3591e49f5a2cf12251641e00d52ca7be21a7931e5738f34470c1
Mod_auth_pubtkt 0.8
Posted Jun 28, 2012
Site neon1.net

mod_auth_pubtkt is a simple Web single sign-on (SSO) solution for Apache. It validates authentication tickets provided by the client in a cookie using public-key cryptography (DSA or RSA). Thus, only the login server that generates the tickets needs to possess the private key, while Web servers can verify tickets given only the public key. The implementation of the login server is left to the user, but an example and a library in PHP are provided with the distribution.

Changes: A new option and corresponding field in the ticket ("bauth") make it possible to specify the Basic authorization username/password in the ticket (e.g., when reverse proxying to a third party system which cannot use mod_auth_pubtkt). The credentials can optionally be encrypted in the ticket.
tags | web, php
systems | unix
SHA-256 | 6243e220a650147a49269970cfc1491e6c727f6e9ef4eb34673909783bc258b2
Mandriva Linux Security Advisory 2012-097
Posted Jun 21, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-097 - Multiple vulnerabilities has been discovered and corrected in python. A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. Various other issues have also been addressed. The updated packages have been patched to correct these issues.

tags | advisory, vulnerability, python
systems | linux, mandriva
advisories | CVE-2011-3389, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150
SHA-256 | ea9f72137a552f0a45271fbb9a2d3f3aee9113cb46971ef47821e194f3b4801e
Mandriva Linux Security Advisory 2012-096
Posted Jun 21, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-096 - Multiple vulnerabilities has been discovered and corrected in python. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. Various other issues have also been addressed. The updated packages have been patched to correct these issues.

tags | advisory, vulnerability, python
systems | linux, mandriva
advisories | CVE-2011-3389, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150
SHA-256 | a875f61d4323d9bd3fdd15f37616b7c52da1e10355b2f976bd21d77e7714133c
Red Hat Security Advisory 2012-0876-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0876-04 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base subtree handled by the "extend" directive could use this flaw to crash snmpd via a crafted SNMP GET request.

tags | advisory, remote, perl, protocol
systems | linux, redhat
advisories | CVE-2012-2141
SHA-256 | 0c8e59b5862b260540cb82b2f28c910e34cfe4e663196688dfe6b2ae3d270f8b
Simple Document Management System 1.1.5 / 2.0 SQL Injection
Posted Jun 16, 2012
Authored by JosS | Site hack0wn.com

Simple Document Management System versions 1.1.5 and 2.0 suffer from remote SQL injection and bypass vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 942eed47d424ad17988a30166d09e420d52d423237a5a96fc57f378242d92bd8
Secunia Security Advisory 49498
Posted Jun 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Vulnerability Lab has reported two vulnerabilities in Simple Forum PHP, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, php, vulnerability, sql injection
SHA-256 | b310487f85c895c2908d936488eea902e2984d3ee32c99e5ac573759ed482de3
Simple Forum PHP 2.1 SQL Injection
Posted Jun 14, 2012
Authored by Hubert Wojciechowski, Vulnerability Laboratory | Site vulnerability-lab.com

Simple Forum PHP version 2.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, sql injection
SHA-256 | 978cef328c0e2e191c9abf9210cb467e76ca8ebb5b1975c8eebb5db09da71a2d
Drupal SimpleMeta 6.x Cross Site Request Forgery
Posted Jun 14, 2012
Authored by Nicholas Thompson | Site drupal.org

Drupal SimpleMeta third party module version 6.x suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | 559caf9547f39a2aeed5b0f1830e8ad64accf5a1df871e48df2290bd93d06919
Joomla Simple SWFUpload 2.0 Shell Upload
Posted Jun 12, 2012
Authored by Sammy FORGIT

Joomla Simple SWFUpload component version 2.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | ddcd612e618f2d645241ee933cc9cf982cee677684cec299c14d74bf974a5e60
Wisimple SQL Injection
Posted Jun 12, 2012
Authored by Taurus Omar

Wisimple suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8232fd0fd5264b0082caedefa68913f85cd0efd1eefd8895458bd162bdc61e25
Secunia Security Advisory 49462
Posted Jun 11, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Simple Download Button Shortcode plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | e1a460c937f6f04c09d9dd0c5160dec2552f2c01757a653a5eb1f1b32c732f5f
WordPress Simple Download Button Shortcode 1.0 File Disclosure
Posted Jun 8, 2012
Authored by Sammy FORGIT

WordPress Simple Download Button Shortcode plugin version 1.0 suffers from a remote file disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | e4ea7bd25d10fdaf89c8e656cdfa5028c177aa91fd04a159e38b67fb23e04e98
Drupal Simplenews 6.x / 7.x Information Disclosure
Posted Jun 7, 2012
Authored by Sascha Grossenbacher, Laza | Site drupal.org

Drupal Simplenews third party module versions 6.x and 7.x suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
SHA-256 | c6685213ac066fa6bc378bac975fe3b4f3589d5f1e3d5de4ed106c5fa290eb9a
Page 1 of 4
Back1234Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close