what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Super Store Finder 3.3 Cross Site Scripting
Posted Nov 16, 2020
Authored by Eagle Eye

Super Store Finder versions 3.3 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f3054c541bd045c5e5cb66e6cb59003d

Related Files

WebRTC Layer Info Out-Of-Bounds Write
Posted Apr 23, 2020
Authored by Google Security Research, natashenka

WebRTC suffers from an out-of-bounds memory write in the method RtpFrameReferenceFinder::UpdateLayerInfoH264. This occurs when updating the layer info with the frame marking extension.

tags | exploit
MD5 | 8491bafa68aebbbeaeec3108e1ccc8fa
GTalk Password Finder 2.2.1 Denial Of Service
Posted Jan 17, 2020
Authored by Ismail Tasdelen

GTalk Password Finder version 2.2.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | c14df4ccfce3cc3df4cf376c17fd60d0
APKF Product Key Finder 2.5.8.0 Denial Of Service
Posted Jan 17, 2020
Authored by Ismail Tasdelen

APKF Product Key Finder version 2.5.8.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | a4fd0d8b8387153af14854fc66c93c19
Office Product Key Finder 1.5.4 Denial Of Service
Posted Jan 6, 2020
Authored by Gokkul

Office Product Key Finder version 1.5.4 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | b55838680b5f458d04d56c2eab2d5a69
Flawfinder 2.0.10
Posted Jun 24, 2019
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Uses binary mode when reading a diffhitlist.
tags | tool
systems | unix
MD5 | 2ccf5667a49ebd044bb81ae02729e5b6
Flawfinder 2.0.9
Posted May 20, 2019
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Fixes a serious defect in --diffhitlist.
tags | tool
systems | unix
MD5 | f891a16b888cca25c2dab0cae098d60b
elFinder PHP Connector exiftran Command Injection
Posted Mar 12, 2019
Authored by Brendan Coles, Thomas Chauchefoin, q3rv0 | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is not validated, allowing shell metacharacters. When performing image operations on JPEG files, the filename is passed to the exiftran utility without appropriate sanitization, causing shell commands in the file name to be executed, resulting in remote command injection as the web server user. The PHP connector is not enabled by default. The system must have exiftran installed and in the PATH. This module has been tested successfully on elFinder versions 2.1.47, 2.1.20, and 2.1.16 on Ubuntu.

tags | exploit, remote, web, shell, php
systems | linux, ubuntu
MD5 | 3664569f65ef2128717bd5e02f29d7b4
elFinder 2.1.47 Command Injection
Posted Mar 5, 2019
Authored by q3rv0

elFinder versions 2.1.47 and below suffer from a command injection vulnerability in the PHP connector.

tags | exploit, php
advisories | CVE-2019-9194
MD5 | 3d96dc64d2bfb5653afc37faeaeccf4b
JobFinder Cross Site Scripting
Posted Feb 16, 2019
Authored by Deyaa Muhammad

JobFinder suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | d7af768a26e6fc8bfc4c7a525735dd08
Flawfinder 2.0.8
Posted Jan 22, 2019
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: A number of bugs were addressed as well as some small improvements. Documentation has been tweaked.
tags | tool
systems | unix
MD5 | c0b40f0fe23d8afe7095a76ef63f34b1
Joomla Com_Finder 4.0.0 Database Disclosure
Posted Dec 4, 2018
Authored by KingSkrupellos

Joomla Com_Finder component version 4.0.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 186354a6e3d9e945ec6f0d231330bbcf
IP Finder 1.5 Denial Of Service
Posted Aug 13, 2018
Authored by Shubham Singh

IP Finder version 1.5 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | ea51ea54ea19e32d290d14376f7dfbfc
Flawfinder 2.0.6
Posted Apr 4, 2018
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Small fixes. Updated cwe.mitre.org URLs to use https.
tags | tool
systems | unix
MD5 | ba8ad461c8b30c04dcade87f6c1857cf
WordPress Service Finder Booking Local File Disclosure
Posted Jan 11, 2018
Authored by telahdihapus

WordPress Service Finder Booking plugin versions prior to 3.2 suffer from a file disclosure vulnerability.

tags | exploit, info disclosure
MD5 | eb1fec3edda863885a9a8ece334e0246
Flawfinder 2.0.5
Posted Nov 17, 2017
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Added detection of crypt_r function. Added detection of errant equal, mismatch, and is_permutation. Updated CWE, risk, and discussion for C++14 STL functions. Fixed hit count reporting. Updated www.dwheeler.com URLs to use https.
tags | tool
systems | unix
MD5 | e7b9a9c35661007fe5a9cb6aea8c865f
Flawfinder 2.0.4
Posted Sep 4, 2017
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Now directly supports pip installs. Switched from distutils to setuptools.
tags | tool
systems | unix
MD5 | 60f3a87102de4acdb79116ad9a744bec
Flawfinder 2.0.2
Posted Aug 28, 2017
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Flawfinder can now run on either Python 2.7 or 3. Added more tests. Implemented additional code cleanups recommended by Pylint. Modified documentation in various ways to clarify things.
tags | tool
systems | unix
MD5 | c9ce3115093bc3b8754b82603c8b2848
BuilderEngine Arbitrary File Upload / Execution
Posted May 17, 2017
Authored by Marco Rivoli, metanubix | Site metasploit.com

This Metasploit module exploits a vulnerability found in BuilderEngine 3.5.0 via elFinder 2.0. The jquery-file-upload plugin can be abused to upload a malicious file, which would result in arbitrary remote code execution under the context of the web server.

tags | exploit, remote, web, arbitrary, code execution
MD5 | 3d38091cb8623141a1878a0e108e06db
Joomla JE Property Finder 1.6.3 SQL Injection
Posted Feb 14, 2017
Authored by Ihsan Sencan

Joomla JE Property Finder component version 1.6.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 4fdd9dfdcbf9397b5f2b3d74a7ff292b
Multitech RightFax Faxfinder Credential Disclosure
Posted Nov 21, 2016
Authored by Joshua Platz

Multitech RightFax Faxfinder versions prior to 4.1.2 suffer from a clear-text credential disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2016-10512
MD5 | 0a8b01c601df546dae47c1bd0928acfc
Apache Mina 2.0.13 Remote Command Execution
Posted Sep 15, 2016
Authored by Gregory Draperi

Apache Mina 2.0.13 uses the OGNL library in the "IoSessionFinder" class. Its constructor takes into parameter one OGNL expression. Then this expression is executed when the method "find" is called. This class seems to be only used in the JMX MINA component "IoServiceMBean". When the IOServiceMBean is exposed trough JMX it is possible to abuse the function to execute an arbitrary command on the server.

tags | exploit, arbitrary
MD5 | 6a1d15c93ad05a4e23a938523dfc618f
Tiki Wiki 15.1 Unauthenticated File Upload
Posted Jul 12, 2016
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Tiki Wiki versions 15.1 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The issue comes with one of the 3rd party components. Name of that components is ELFinder -version 2.0-. This components comes with default example page which demonstrates file operations such as upload, remove, rename, create directory etc. Default configuration does not force validations such as file extension, content-type etc. Thus, unauthenticated user can upload PHP file. The exploit has been tested on Debian 8.x 64-bit and Tiki Wiki 15.1.

tags | exploit, web, arbitrary, php, file upload
systems | linux, debian
MD5 | 75ff5f78056283806bf48c4b08b4edfc
FinderView Path Traversal / Cross Site Scripting
Posted Jun 23, 2016
Authored by HaHwul

FinderView suffers from path traversal and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion
MD5 | 55e8044d9613e0998e4b943c11aa761f
Dropbox FinderLoadBundle OS X Local Root Exploit
Posted Oct 1, 2015
Authored by cenobyte

The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary files there. But creating a hard link from FinderLoadBundle to somewhere in a directory in /tmp circumvents that protection thus making it possible to load a shared library containing a payload which creates a root shell.

tags | exploit, arbitrary, shell, root
systems | apple, osx
MD5 | 04b4586c44bb0dd781367933375dfb86
elFinder 2 Remote Command Execution
Posted May 7, 2015
Authored by TUNISIAN CYBER

elFinder 2 suffers from a remote command execution vulnerability via file creation.

tags | exploit, remote
MD5 | a0d75473632129bbc156cf95f8509bf8
Page 1 of 4
Back1234Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close