what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Online Job Portal 1.0 Cross Site Scripting
Posted Oct 19, 2020
Authored by Akiner Kisa

Online Job Portal version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | d6642d1a84f86dc55e84952272e0564a

Related Files

Hotel Booking Portal 0.1 Cross Site Scripting / SQL Injection
Posted Aug 13, 2012
Authored by Yakir Wizman

Hotel Booking Portal version 0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 6681a356490ff44dcaab0358c4e61b55
ESCON SupportPortal Pro 3.0 Cross Site Scripting
Posted Aug 8, 2012
Authored by loneferret

ESCON SupportPortal Pro version 3.0 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-2590
MD5 | ee476706cb8cdc19f95724419630a01b
Packet Fence 3.5.0
Posted Aug 2, 2012
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This major release focuses on new features and enhancements. It adds a remediation module for SourceFire 3D, the ability to have different captive portals depending on the SSID you connect to, a new Web-based configuration tool which eases the installation and configuration process of a new PacketFence installation, and complete Suricata support.
tags | tool, remote
systems | unix
MD5 | 6a37889c02072ccc8a6fb731191bc477
Tekno.Portal 0.1b Blind SQL Injection
Posted Aug 1, 2012
Authored by Socket_0x03

Tekno.Portal version 0.1b suffers from a remote blind SQL injection vulnerability in link.php. This version was already known to have issues with SQL injection since 2010.

tags | exploit, remote, php, sql injection
MD5 | 577e392415ccfe6fa1824f15e00d21c4
ocPortal CMS 7.1.5 Open Redirect
Posted Jul 29, 2012
Authored by Aung Khant | Site yehg.net

ocPortal CMS versions 7.1.5 and below are vulnerable to open URL redirection.

tags | exploit
MD5 | 7a621a9b271953e210df9470cbd70e72
Red Hat Security Advisory 2012-1109-01
Posted Jul 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1109-01 - JBoss Application Server is the base package for JBoss Enterprise Portal Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
MD5 | fa06b75565e160f603b4610527cfa308
Secunia Security Advisory 49974
Posted Jul 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle Portal, which can be exploited by malicious people to manipulate certain data.

tags | advisory
MD5 | 86a8b8e7cb14ebbb1b75aed3430cddb1
Netsweeper Cross Site Scripting / Cross Site Request Forgery
Posted Jul 10, 2012
Authored by Jacob Holcomb

Netsweeper Internet Filter suffers from cross site scripting and cross site request forgery vulnerabilities in the WebAdmin portal.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2012-2446, CVE-2012-2447, CVE-2012-3859
MD5 | de90aef3bc4529cabc501848b23deaf4
Secunia Security Advisory 49855
Posted Jul 9, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Portal, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
MD5 | a1705ac1be185850ed0d3ff96dca427e
Secunia Security Advisory 49486
Posted Jun 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Vulnerability Laboratory Research has reported multiple vulnerabilities in Jobs Portal, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.

tags | advisory, vulnerability, sql injection
MD5 | 45568c5f36e9197f90abd9c4cec83489
Packet Fence 3.4.0
Posted Jun 14, 2012
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This major release focuses on new features and enhancements, including Brocade and H3C hardware support, Debian Squeeze support, more custom VLAN support, node bulk importation improvements, new bandwidth graphs, performance tweaks, stability improvements, and a security fix.
tags | tool, remote
systems | unix
MD5 | 5d3c2d88854b1b904d2813865e82fc7f
Jobs Portal 3.0 SQL Injection / Cross Site Scripting
Posted Jun 14, 2012
Authored by Ibrahim El-Sayed | Site vulnerability-lab.com

Jobs Portal version 3.0 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 6bab5326cb6d4333c2fa7a2d133be03d
Tom Sawyer Software GET Extension Factory Remote Code Execution
Posted Jun 11, 2012
Authored by rgod, Elazar Broad, juan vazquez | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in the tsgetx71ex553.dll ActiveX control installed with Tom Sawyer GET Extension Factory due to an incorrect initialization under Internet Explorer. While the Tom Sawyer GET Extension Factory is installed with some versions of VMware Infrastructure Client, this module has been tested only with the versions installed with Embarcadero Technologies ER/Studio XE2 / Embarcadero Studio Portal 1.6. The ActiveX control tested is tsgetx71ex553.dll, version 5.5.3.238. This Metasploit module achieves DEP and ASLR bypass using the well known msvcr71.dll rop chain. The dll is installed by default with the Embarcadero software, and loaded by the targeted ActiveX.

tags | exploit, remote, code execution, activex
advisories | CVE-2011-2217, OSVDB-73211
MD5 | 3e7aa29056921982fd5564fee15bd5aa
Secunia Security Advisory 49205
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Liferay Portal, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
MD5 | 0ffae5b3a4503cb52bed3bbfee66d15f
Secunia Security Advisory 49154
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Liferay Portal, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
MD5 | ada089c1ed301775f60c88ec98479939
Liferay Portal Privilege Escalation
Posted May 14, 2012
Authored by Jelmer Kuperus

Liferay Portal suffers from a privilege escalation issue due to an insufficient permissions check in the updateOrganizations method of UserService.

tags | exploit
MD5 | c1114907b2057f35a15e7d543ef826fd
Uiga Personal Portal SQL Injection
Posted Apr 27, 2012
Authored by Farbod Mahini

Uiga Personal Portal suffers from a remote SQL injection vulnerability in index2.php.

tags | exploit, remote, php, sql injection
MD5 | e59c9c4630ed5fbfefbc54cc2684ef83
FlirtPortal Script SQL Injection / Cross Site Scripting
Posted Apr 27, 2012
Authored by Farbod Mahini

FlirtPortal Script suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | d3520e6a26007e6bcf7d315ff82e6147
Secunia Security Advisory 49010
Posted Apr 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - the_storm has reported a vulnerability in Car Portal CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | 288db88590b942a5c69a103fa2dc0b5a
Car Portal CMS 3.0 CSRF / XSS / Shell Upload
Posted Apr 26, 2012
Authored by the_storm | Site vulnerability-lab.com

Car Portal CMS version 3.0 suffers from cross site request forgery, cross site scripting, and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, xss, csrf
MD5 | 269134f27fcc15434b5e140d8ad6cc69
Secunia Security Advisory 48954
Posted Apr 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Portal Platform. This fixes a security issue and two vulnerabilities, which can be exploited by malicious people to manipulate certain data and disclose potentially sensitive information.

tags | advisory, vulnerability
systems | linux, redhat
MD5 | a0b87c3ec4293c4732d543ef170bdd38
Red Hat Security Advisory 2012-0519-01
Posted Apr 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0519-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.1 serves as a replacement for JBoss Enterprise Portal Platform 5.2.0, and includes bug fixes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4314, CVE-2012-0818
MD5 | 189d8ae1b672374f456cbd82bbd8e382
Secunia Security Advisory 43687
Posted Apr 24, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Jelmer Kuperus has discovered a vulnerability in Liferay Portal, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | be1b2bbe656bc4cb4a7e45cb0ae4259a
Secunia Security Advisory 48883
Posted Apr 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle PeopleSoft Enterprise Portal, which can be exploited by malicious users to manipulate certain data.

tags | advisory
MD5 | 3da41731d12a4550b624621e1db8b799
Liferay 6.0.5 ce WebDAV File Reading
Posted Apr 21, 2012
Authored by Jelmer Kuperus

By creating a specially crafted webdav request that contains an external entity it is possible to read files from Liferay Portal version 6.0.5 ce. Proof of concept code included.

tags | exploit, proof of concept
systems | linux
MD5 | 94d5d9f05f2aca62c5b79765fd0eb61a
Page 1 of 4
Back1234Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close