what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

Online Book Store 1.0 SQL Injection
Posted Aug 29, 2020
Authored by Moaaz Taha

Online Book Store version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 889485056ea0278e03e33c2e37637e47e02417c5c9ffd5e84492bdf987f9cc93

Related Files

Secunia Security Advisory 49459
Posted Jun 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the wpStoreCart plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | f6765c73c607e4615a2713c64165768a93dac89b055b41e4c5de0327818624a0
WordPress wpStoreCart 2.5.29 Shell Upload
Posted Jun 8, 2012
Authored by Sammy FORGIT

WordPress wpStoreCart plugin versions 2.5.27 through 2.5.29 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 2879124f9e34b74a175df0aba3fe9bd4adeece2c2ded06294e0f3929f28853de
Secunia Security Advisory 49391
Posted Jun 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and a vulnerability have been discovered in the Google Maps Via Store Locator Plus plugin for WordPress, which can be exploited by malicious people to disclose system information and conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 8c68474892194fb7925c80512cabd2ea19841d51613387806f1621a6a4b191d8
Zero Day Initiative Advisory 12-084
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-084 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within the RV10 encoded data in the rv10.dll component. When encountering an invalid encoded height or width field the process miscalculates an offset while preparing to decode the data packets which constitute the stream. The process attempts to store data at this location. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0926
SHA-256 | e5150c82d73cc84c7bac0c2ef829f0a287bb6936a0e3495f3879c41d5fc6830d
Vanilla kPoll 1.2 Stored Cross Site Scripting
Posted Jun 6, 2012
Authored by Henry Hoggard

Vanilla kPoll plugin version 1.2 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9577d4d05fd0c60f1a6495210bcf2770b8279ce9336ad0be687891c55b8a2283
WordPress Google Maps Via Store Locator Plus Email Spool / SQL Injection
Posted Jun 5, 2012
Authored by Sammy FORGIT

WordPress Google Maps via Store Locator plugin versions 2.7.1 through 3.0.1 suffer from information disclosure, email spoofing, and remote blind SQL injection vulnerabilities.

tags | exploit, remote, spoof, vulnerability, sql injection, info disclosure
SHA-256 | 31c1d5f297d45ac15c06cb7eb1dbdb7a479046ff9ac8bbbf91a56cb7357ef596
PyroCMS 2.1.1 CRLF Injection / Stored Cross Site Scripting
Posted Jun 4, 2012
Authored by LiquidWorm | Site zeroscience.mk

PyroCMS version 2.1.1 suffers from CRLF injection and stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 5053cd5681c7e2370439dde2d747575873c3c5195878aafc31db53687d0ef75e
Vanilla Forums 2.0.18.4 Poll 0.9 Stored Cross Site Scripting
Posted Jun 3, 2012
Authored by Henry Hoggard

Vanilla Forums version 2.0.18.4 with Poll plugin version 0.9 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a408ce9aa9af401f24352b114d4ed5818119c20a20fca851015d35ddf810795d
Vanilla Forums 2.0.18.4 Tagging Enhanced 1.0.1 Stored Cross Site Scripting
Posted Jun 3, 2012
Authored by Henry Hoggard

Vanilla Forum version 2.0.18.4 with Tagging Enhanced plugin version 1.0.1 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c59d56201622ca23f8ad0eb1662b9275648b4df0df01ad02f9b7265184590d2c
Vanilla Forums 2.0.18.4 Tagging Stored Cross Site Scripting
Posted Jun 3, 2012
Authored by Henry Hoggard

Vanilla Forums version 2.0.18.4 suffers from a tagging stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0f371657deecbd48c8bbec28c7079c8bcbda4099fdb04b0064ae8496267bbbb2
Mod_Auth_OpenID Session Stealing
Posted May 23, 2012
Authored by Peter Ellehauge

mod_auth_openid versions prior to 0.7 insecurely store session ids in /tmp/mod_auth_openid.db unencrypted.

tags | exploit
advisories | CVE-2012-2760
SHA-256 | 38e86ab74026a3ed1cc80b4676aa4ecb3b7863107daed098dea57ce009b8de2c
Red Hat Security Advisory 2012-0677-01
Posted May 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0677-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. CREATE TRIGGER did not do a permissions check on the trigger function to be called. This could possibly allow an authenticated database user to call a privileged trigger function on data of their choosing.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0866, CVE-2012-0868
SHA-256 | 99eb758e26ad01db7e3e088f497dd8ec98005e8f4fdef7cb43e51787e609733a
Red Hat Security Advisory 2012-0678-01
Posted May 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0678-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. When configured to do SSL certificate verification, PostgreSQL only checked the first 31 characters of the certificate's Common Name field. Depending on the configuration, this could allow an attacker to impersonate a server or a client using a certificate from a trusted Certificate Authority issued for a different name.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0866, CVE-2012-0867, CVE-2012-0868
SHA-256 | a11a5493acd610cf7f4bfdc27b2eba1d9d44ea753011012d38733b38292f077e
Ubuntu Security Notice USN-1444-1
Posted May 18, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1444-1 - It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-5081
SHA-256 | 359bdbb94093049e72426ec798a95cfc4d4baea1ae5e0d2cd86c4ac125e3c152
SoftHSM 1.3.3
Posted May 15, 2012
Authored by Rickard Bellgrim | Site wiki.opendnssec.org

SoftHSM is an implementation of a cryptographic store accessible through a PKCS#11 interface. You can use it to explore PKCS#11 without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations.

Changes: This release increases performance by adding more indexes to the database, describes the usage of SO and the user PIN in the README, and detects whether a C++ compiler is missing.
tags | library
systems | unix
SHA-256 | da49d971f971ef35f420da7ccf4f3213c7266f61b1fcdf41e09d8886cfb7804c
WordPress 3.2.2 Stored Cross Site Scripting
Posted May 6, 2012
Authored by L3b-r1'z

WordPress version 3.2.2 may suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2ebcbd38023e368339ade1b119d6971e1e6b68217c6ad6a2682302840b7da0a9
Android 2.3.7 SQLite Disclosure
Posted May 3, 2012
Authored by Roee Hay

SQLite databases stored on Android suffer from an insecure permission vulnerability. Version 2.3.7 is affected.

tags | advisory, info disclosure
SHA-256 | 84d02b3ee9f88069270f1d55a7a0419db6f4ee552b8001ed7d46641a2a66e816
Baby Gekko CMS 1.1.5c Cross Site Scripting
Posted May 2, 2012
Authored by LiquidWorm | Site zeroscience.mk

Baby Gekko CMS version 1.1.5c suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | a5fcee0693b218f40f4f7c0aa125ca42007c1ffa22f03debf065e8b9580c5c8a
Websense (Triton 7.6) Stored Cross Site Scripting
Posted May 2, 2012
Authored by Ben Williams | Site ngssoftware.com

Websense (Triton version 7.6) suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d95e2e527117d8f43289052a25656bb74a06860ac147a2a7878d7156ade95f33
PHP-Pastebin Cross Site Scripting
Posted May 2, 2012
Authored by L3b-r1'z

PHP-Pastebin suffers from a stored cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | bd8124b2c0662976f2e6bbe3f8cb44ed726c94256c967ea342aa0c1b6c87a746
Samhain File Integrity Checker 3.0.4
Posted May 1, 2012
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: This release fixes inotify-related bugs leading to extraneous "file not found" reports.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 94dad2184e4ccfe8bb52bebf3d33dc6d653dfad67dc23d4198e3f1a6deb8463b
WordPress Zingiri Web Shop 2.4.0 Cross Site Scripting
Posted Apr 26, 2012
Authored by Mehmet Ince

WordPress Zingiri Web Shop plugin versions 2.4.0 and below suffer from reflective and stored cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | 18ed50d1ec24690a1dd37bbe47a05297e810a1d475db1cbd2c532a9a4dbb6838
Oracle GlassFish Server 3.1.1 Build 12 Cross Site Scripting
Posted Apr 21, 2012
Authored by Roberto Suggi Liverani | Site security-assessment.com

Security-Assessment.com has discovered that components of the Oracle GlassFish Server administrative web interface are vulnerable to both reflected and stored cross site scripting attacks. All pages where cross site scripting vulnerabilities were discovered require authentication. Oracle GlassFish Server version 3.1.1 build 12 is affected.

tags | exploit, web, vulnerability, xss
advisories | CVE-2012-0551
SHA-256 | 483308f8a564fa501d764b451f997bd57808a2fe9a67f2ce80beea114ee97f8c
Microsoft SQL Server Privilege Escalation / SQL Injection
Posted Apr 12, 2012
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - Microsoft SQL Server versions 2005, 2008, and 2008 R2 suffer from a SQL injection vulnerability in the RESTORE DATABASE command that can lead to privilege escalation.

tags | advisory, sql injection
SHA-256 | b64d5300f1a7ad77731e4342eabd0820c75171ca63e4b9ccb158653ee331263e
BGS CMS 2.2.1 Cross Site Scripting
Posted Apr 11, 2012
Authored by LiquidWorm | Site zeroscience.mk

BGS CMS version 2.2.1 suffers from multiple stored and reflected cross site scripting vulnerabilities when parsing user input to several parameters via GET and POST method (post-auth). Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

tags | exploit, arbitrary, vulnerability, xss
SHA-256 | 1a474163f17dc1462181f57315dc71f8d56003df79de9b6b8db2e147abf40c76
Page 2 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close