exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

Online Book Store 1.0 SQL Injection
Posted Aug 29, 2020
Authored by Moaaz Taha

Online Book Store version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 889485056ea0278e03e33c2e37637e47e02417c5c9ffd5e84492bdf987f9cc93

Related Files

MyStore Tienda Virtual SQL Injection
Posted Jan 3, 2012
Authored by Arturo Zamora

MyStore Tienda Virtual suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 09b2314ebc737d06bdb61c9ad31c23f7b65c4fe044ea8d749e7a3fa83974af01
Winn Guestbook 2.4.8c Cross Site Scripting
Posted Dec 29, 2011
Authored by G13

Winn Guestbook version 2.4.8c suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2011-5026
SHA-256 | 76441a300785f9b23fe2dd495a0b22b826a7a86b7d54df31233b683bc976d1a8
Zero Day Initiative Advisory 11-353
Posted Dec 22, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-353 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPAUploader.dll file. An extended length string can be passed into scripts within the management website on port 80 (the 'uploadfile' multipart form data 'filename' parameter in Default.asp) and ultimately to MPAUploader.dll. As a static stack allocation is used to store the buffer and the string length is not handled properly, a remote attacker may overwrite the stack and ultimately execute remote code.

tags | advisory, remote, arbitrary, asp
advisories | CVE-2011-4167
SHA-256 | 5cb9d7c743d97359533a6a87e86ceb46ffdb1c08c4b3556a2c176533ab6a35a5
Google Hack DB Tool 1.5
Posted Dec 22, 2011
Authored by SecPoint | Site secpoint.com

Google Hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google.

Changes: Friendly output and examples. Database update.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | 12b7469e4b9b834912c6f00c0fee5914c6b1ade79491520bd138743b393b095e
Tiki Wiki CMS Groupware 8.1 / 6.4 LTS Cross Site Scripting
Posted Dec 20, 2011
Authored by Stefan Schurtz

Tiki Wiki CMS Groupware versions 8.1 and 6.4 LTS suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2011-4551
SHA-256 | b6a4a107433a40e17f0035aef8bc745879ef539726e9eb3576090bc83cbb1b15
Websense Triton 7.6 Stored Cross Site Scripting
Posted Dec 15, 2011
Authored by Ben Williams | Site ngssoftware.com

Various Websense products suffer from a stored cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | bbf08900d088b14d88e0a2bf6321e7fe7ce0f120eeab7eab72fd4e100ce42413
FCMS 2.7.2 Cross Site Scripting
Posted Dec 10, 2011
Authored by Ahmed Elhady Mohamed

FCMS versions 2.7.2 and below suffer from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 5641389ba4d46095b9cb16cfd6582c834a7e0be27ded10a9f7f640eb355e4bf4
Restorepoint 3.2-Evaluation Remote Root Command Execution
Posted Dec 8, 2011
Authored by Tavaris Desamito | Site trustmatta.com

The 3.2 evaluation image of Restorepoint is vulnerable to a remote command execution vulnerability in the remote_support.cgi script prior to license activation.

tags | exploit, remote, cgi
advisories | CVE-2011-4201, CVE-2011-4202
SHA-256 | 2ba071b3366e0b276ade67905a48b2cefde4a0fc3b57bab0aa5fac1af8e646c1
Samhain File Integrity Checker 3.0.1
Posted Dec 7, 2011
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: This release fixes a memory leak in the code for inotify support, as well as a potential deadlock. Bugs in the suid.check and port check modules have been fixed, and compile problems on FreeBSD have been resolved. .
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 485bfcfb0c90f53608da9a29dc0a85f0ebc26baf7ddc6a466e32b6d65b33beff
HP Device Access Manager Memory Corruption
Posted Dec 3, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

HP Device Access Manager for Protect Tools Information Store versions prior to 6.1.0.1 suffer from a heap memory corruption vulnerability.

tags | exploit
SHA-256 | 8c5130001eada0160e3dd77d56ccf4b9801e81f2792039461e1bebc3eb0b5821
Tripwire 2.4.2
Posted Nov 23, 2011
Site sourceforge.net

Tripwire is a very popular system integrity checker, a utility that compares properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email and pager reporting. Support files (databases, reports, etc.) are cryptographically signed.

Changes: This release updates version revision in reports and all, adds experimental policy creation (see policy/policy_generator_readme.txt), fixes report formatting and sendmail issues, adds Debian patches for crypto and hostnames, fixes a compiling issue on recent GCC compilers (-fpermissive), and adds an experimental policy generator file which should become standard once it has been tested properly.
tags | tool, intrusion detection
systems | unix
SHA-256 | af89a368ed25a0edd7283fffa05a3b659e06f693626b947644dec60d0dc482b7
SAP GUI BAPI Explorer Cross Site Scripting
Posted Nov 17, 2011
Authored by Dmitriy Chatuchin

SAP GUI BAPI Explorer suffers from a stored cross site scripting vulnerability that can lead to code execution.

tags | advisory, code execution, xss
SHA-256 | f6883239887dfc0459693dd45a90be345741e71f87d44c9a5702b07adc70a47b
Support Incident Tracker 3.65 Remote Command Execution
Posted Nov 13, 2011
Authored by Secunia Research, juan vazquez | Site metasploit.com

This Metasploit module combines two separate issues within Support Incident Tracker versions 3.65 and below to upload arbitrary data and thus execute a shell. The two issues exist in ftp_upload_file.php. The first vulnerability exposes the upload dir used to store attachments. The second vulnerability allows arbitrary file upload since there is no validation function to prevent from uploading any file type. Authentication is required to exploit both vulnerabilities.

tags | exploit, arbitrary, shell, php, vulnerability, file upload
advisories | CVE-2011-3829, CVE-2011-3833, OSVDB-76999, OSVDB-77003
SHA-256 | dbc7a2ae369700f4243579f8576c1fb42786b65ea5a9ec60c838072b7d4ea678
Zero Day Initiative Advisory 11-328
Posted Nov 12, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-328 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ProFTPd server. Authentication is required to exploit this vulnerability in order to have access to the ftp command set. The specific flaw exists within how the server manages the response pool that is used to send responses from the server to the client. When handling an exceptional condition the application will fail to restore the original response pointer which will allow there to be more than one reference to the response pointer. The next time it is used, a memory corruption can be made to occur which can allow for code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
SHA-256 | b042b6cfefe59bf1569e922d7012f959d2ae5e85844b6ddcc1fa014ac415dd41
Secunia Security Advisory 46725
Posted Nov 10, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - muuratsalo has discovered multiple vulnerabilities in LabStoRe, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 080f06b8d2ae4388e7989c529a997d30996269e1c4149f8332d41f387d568237
Samhain File Integrity Checker 3.0.0a
Posted Nov 9, 2011
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: This release adds support for inotify on Linux, to enable immediate reports on file changes and reduce I/O load. Debugging output for IPv6 issues is more complete now, and a problem with the combination of prelink support and the suid file check has been fixed
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 1090a1afff1ba600c1cbdca7e39f45bef8e7d219ab2aee212c069989219b4b5c
LabStoRe 1.5.4 SQL Injection
Posted Nov 6, 2011
Authored by muuratsalo

LabStoRe versions 1.5.4 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d2a976002a9de2dd096de2f0a30429197bfcd8fa3bb5c7c8332133f5f1c2ac0b
WordPress Classipress Theme 3.1.4 Cross Site Scripting
Posted Oct 30, 2011
Authored by Paul Loftness

WordPress Classipress Theme versions 3.1.4 and below suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e74ca6cbe19df29e6142f0244318d744e50bbe6676a127b217cb1096037d4190
Zero Day Initiative Advisory 11-299
Posted Oct 26, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-299 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe 2D.x3d PICT image parsing routines. When Adobe Reader parses an PICT image it uses a static buffer to store certain image header values. Due to insufficient checks for the end of the buffer it is possible to write outside the stack buffer. The resulting stack overflow could result in remote code execution under the context of the current user.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2011-2435
SHA-256 | 5dc9c58b3cea78921a78163458edd743c68322a03eaccfabc9a632cc1d2e2788
Core Security Technologies Advisory 2011.0810
Posted Oct 24, 2011
Authored by Core Security Technologies, Matthew Bergin, Matias Blanco | Site coresecurity.com

Core Security Technologies Advisory - When the install script for e107 CMS has not been removed, an attacker can "reinstall" the application using arbitrary parameters. If the attacker puts a valid MySql server followed a semicolon and PHP code, this will be executed when the config file gets requested. This parameters are stored in the config file "e107_config.php". Version 0.7.24 is affected.

tags | exploit, arbitrary, php
advisories | CVE-2011-1513
SHA-256 | f1aa6364a9b7aec87affa0e57cc0ec5d09d69d9a12a32fe5e884c8288d964039
Cyclope Internet Filtering Proxy Cross Site Scripting
Posted Oct 20, 2011
Authored by loneferret

Cyclope Internet Filtering Proxy suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2ae6988217abbff9103711510b40b94c33812480a0cbdbb90ceefbd299e54ed1
Metasploit 4.1.0 Web UI Cross Site Scripting
Posted Oct 20, 2011
Authored by Stefan Schurtz

The Web UI in Metasploit version 4.1.0 suffers from a stored cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | 52ef03907b06a53b203a4e0f97b5e303c2199dd0b475cf6d74c7c993198f3050
Mac App Store Man-In-The-Middle / Remote Command Execution
Posted Oct 15, 2011
Authored by Aaron Sigel, Brian Mastenbrook

Mac App Store suffers from a man-in-the-middle vulnerability that allows for remote command execution.

tags | exploit, remote
advisories | CVE-2011-3224
SHA-256 | e88209a3e289c622603bd43b938bcfbf92e5160cdf3d50166e1221374865b7e6
GotoCode Online Bookstore Privilege Escalation / Database Disclosure
Posted Oct 4, 2011
Authored by Nathaniel Carew

GotoCode Online Bookstore suffers from remote privilege escalation and database disclosure vulnerabilities.

tags | exploit, remote, vulnerability, info disclosure
SHA-256 | 90a7a83b55c7c863452d6585c83c8eaed4fb83827ef5f85372924dbb9c3497bb
CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection
Posted Oct 4, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits an sql injection flaw in CA Total Defense Suite R12. When supplying a specially crafted soap request to '/UNCWS/Management.asmx', an attacker can abuse the reGenerateReports stored procedure by injecting arbitrary sql statements into the ReportIDs element. NOTE: This Metasploit module was tested against the MS SQL Server 2005 Express that's bundled with CA Total Defense Suite R12. CA's Total Defense Suite real-time protection will quarantine the default framework executable payload. Choosing an alternate exe template will bypass the quarantine.

tags | exploit, arbitrary, sql injection
advisories | CVE-2011-1653, OSVDB-74968
SHA-256 | 59f34d37d37b405a3dd87eeca325a737d7f8ec08d171027a83a944479ce1cfcd
Page 4 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close