what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

SmartFoxServer 2X 2.17.0 Credential Disclosure
Posted Feb 8, 2021
Authored by LiquidWorm | Site zeroscience.mk

SmartFoxServer 2X version 2.17.0 suffers from a credential disclosure vulnerability.

tags | exploit
advisories | CVE-2021-26550
SHA-256 | 66b040d7f471c336db6b082f84ee4e47694635e83ec3f1a46ad2526dfa0018c8

Related Files

Korenix Technology JetWave CSRF / Command Injection / Missing Authentication
Posted Feb 4, 2022
Authored by T. Weber | Site sec-consult.com

Korenix Technology JetWave products JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, and JetWave 3220 suffer from unauthenticated device administration, cross site request forgery, multiple command injection, and unauthenticated tftp action vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2020-12500, CVE-2020-12501, CVE-2020-12502, CVE-2020-12503, CVE-2020-12504, CVE-2021-39280
SHA-256 | 5a25ab12344f226941a56dbd876e476339306b241e827b61d60cb9042131e4b4
Grandstream UCM62xx IP PBX sendPasswordEmail Remote Code Execution
Posted Jan 25, 2022
Authored by jbaines-r7 | Site metasploit.com

This Metasploit module exploits an unauthenticated SQL injection vulnerability and a command injection vulnerability affecting the Grandstream UCM62xx IP PBX series of devices. The vulnerabilities allow an unauthenticated remote attacker to execute commands as root.

tags | exploit, remote, root, vulnerability, sql injection
advisories | CVE-2020-5722
SHA-256 | 4066544895b5150487b562aeb10cbead4ed40ccc1b2880b31c05f426293dbef2
Geutebruck instantrec Remote Command Execution
Posted Sep 17, 2021
Authored by Titouan Lazard, Ibrahim Ayadhi | Site metasploit.com

This Metasploit module exploits a buffer overflow within the 'action' parameter of the /uapi-cgi/instantrec.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions equal to 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user.

tags | exploit, remote, overflow, cgi, root, code execution
advisories | CVE-2021-33549
SHA-256 | c4e4d56427af88f4e0240499806563abb1fa94b80fc1c5bdc3ba921dbbbafb67
Geutebruck Remote Command Execution
Posted Sep 2, 2021
Authored by Titouan Lazard, Sebastien Charbonnier, Ibrahim Ayadhi | Site metasploit.com

This Metasploit module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions 1.12.0.27 and below as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user.

tags | exploit, remote, web, arbitrary, cgi, root, vulnerability, code execution
advisories | CVE-2021-33543, CVE-2021-33544, CVE-2021-33548, CVE-2021-33550, CVE-2021-33551, CVE-2021-33552, CVE-2021-33553, CVE-2021-33554
SHA-256 | cf7ad8dd0a73829d3346e2425a6d3d0e8426e0d758005a97a9748eb069e34e22
Care2x Open Source Hospital Information Management 2.7 Alpha XSS
Posted Aug 13, 2021
Authored by securityforeveryone.com

Care2x Open Source Hospital Information Management version 2.7 Alpha suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | fafe260191f7f33dbb5f9100375b9a94aff61fd839113d0ed42f615822e7e232
Care2x Integrated Hospital Info System 2.7 SQL Injection
Posted Jul 29, 2021
Authored by securityforeveryone.com

Care2x Integrated Hospital Info System version 2.7 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 813565cbac4fa2b60990827c97c4b6014e8013852af0c5279d6bbe5c159039f1
Ricon Industrial Cellular Router S9922XL Remote Command Execution
Posted Jul 5, 2021
Authored by LiquidWorm | Site zeroscience.mk

Ricon Industrial Cellular Router S9922XL suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the admin (root) user via the ping_server_ip POST parameter. It is also vulnerable to Heartbleed.

tags | exploit, arbitrary, shell, root
SHA-256 | 6bc26692f58719553d7c44565a9e32b962f1b7a0df1be48e3aa022a96cc9e0b5
SmartFoxServer 2X 2.17.0 Remote Code Execution
Posted Feb 8, 2021
Authored by LiquidWorm | Site zeroscience.mk

SmartFoxServer 2X version 2.17.0 suffers from a God Mode Console remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2021-26551
SHA-256 | 03b5281c632e520c856359db17d4f588b46523bd5c5fc5c6fb099c8c5708af45
SmartFoxServer 2X 2.17.0 God Mode Console WebSocket Cross Site Scripting
Posted Feb 8, 2021
Authored by LiquidWorm | Site zeroscience.mk

SmartFoxServer 2X version 2.17.0 suffers from a God Mode Console cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-26549
SHA-256 | 4a78410e31be1950c5b055d206a28996ba204fcef0bb0f2363e3e5942189b9eb
Geutebruck testaction.cgi Remote Command Execution
Posted Aug 17, 2020
Authored by Davy Douhine | Site metasploit.com

This Metasploit module exploits an authenticated arbitrary command execution vulnerability within the 'server' GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.25 as well as firmware versions 1.12.13.2 and 1.12.14.5 when the 'type' GET parameter is set to 'ntp'. Successful exploitation results in remote code execution as the root user.

tags | exploit, remote, arbitrary, cgi, root, code execution
advisories | CVE-2020-16205
SHA-256 | 36eafe3001f3ca469ca138d607db2a8d28a3cd271dba916710ce286aa162db48
Care2x 2.7 (HIS) Hospital Information System SQL Injection
Posted Jan 29, 2019
Authored by Carlos Avila

Care2x (HIS) Hospital Information System version 2.7 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 7fc5fdbcf20a9682fd649b4d323eef6cafd150b6aeb1e0ea568f52f70cce40de
Siglent Technologies SDS 1202X-E Digital Oscilloscope 5.1.3.13 Hardcoded Credentials
Posted Nov 30, 2018
Authored by T. Weber | Site sec-consult.com

Siglent Technologies SDS 1202X-E Digital Oscilloscope version 5.1.3.13 suffers from multiple security vulnerabilities including hardcoded backdoor accounts, missing authentication, and more.

tags | exploit, vulnerability
SHA-256 | 9c2308d462e08188151b5811bf316c27b479ee4b0ffda09667d3a3e6d83074a1
Moxa NPort W2x50A 2.1 OS Command Injection
Posted Nov 29, 2018
Authored by Maxim Khazov

Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS command injection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2017-12120, CVE-2018-19660
SHA-256 | 0f86dde8e1c44108d2214acb30772974903fb5e2efa4f23d272a62cd0ca53b09
Synaccess netBooter NP-02x / NP-08x 6.8 Authentication Bypass
Posted Nov 19, 2018
Authored by LiquidWorm | Site zeroscience.mk

Synaccess netBooter NP-02x and NP-08x version 6.8 suffer from an authentication bypass vulnerability due to a missing control check when calling the webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create an admin user account and bypass authentication giving her the power to turn off a power supply to a resource.

tags | exploit, cgi, bypass
SHA-256 | 2016e1b7fad384a5d33b446ff9f1776a9a363ae3b420b71f0e2afb27ee2b41be
Abine Blur Password Manager 7.8.242x Insecure Permissions
Posted Mar 16, 2018
Authored by RS Tyler Schroder

Abine Blur Password Manager versions 7.8.242x before 7.8.2428 suffer from an insecure permissions vulnerability.

tags | advisory
advisories | CVE-2018-8213
SHA-256 | d35ca9e58012e322460b49e0af6d4248438c8d2846cef5cfdd33bdffd671983f
ZeeBuddy 2x SQL Injection
Posted Sep 29, 2017
Authored by Ihsan Sencan

ZeeBuddy version 2x suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-15976
SHA-256 | a7c1ced652dcd3ddf53bb716966fe71c5928d74d2a85e0442128dde52c967342
HPE Security Bulletin HPESBGN03697 1
Posted Feb 15, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBGN03697 1 - A security vulnerability in DES/3DES block ciphers used in the TLS protocol could potentially impact HPE Business Service Management 9.2x and Application Performance Management (APM) 9.30 resulting in remote disclosure of information, also known as the SWEET32 attack. Revision 1 of this advisory.

tags | advisory, remote, protocol
advisories | CVE-2016-2183
SHA-256 | f0c06ebaec88aec23e84f37977d91e2eb98e5a99892aedf3a308541a60ec2218
PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference
Posted Apr 5, 2016
Authored by OrwellLabs | Site orwelllabs.com

PQI Air Pen Express router versions 6W51-0000R2 and 6W51-0000R2XXX suffer from cross site request forgery, cross site scripting, and various other vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | fe3ed62353addd89a40fbd3f085160b2cf16ac8091c7f26ac31a481f95b1c9bb
2xl Cross Site Scripting / SQL Injection
Posted Sep 21, 2012
Authored by Net.W0lf, Hack Center Security Team

Sites created by 2xl suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | ef461ed4e82b2f54e143459a318607a885d569d2f9757165e4c688d024c3de2f
2xpress CMS SQL Injection
Posted Sep 5, 2012
Authored by Am!r | Site irist.ir

2xpress CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 25be48e62ff0dfc86f603f600e50c9b7615c015e14b17d0f622b567d1c8bd8ca
Secunia Security Advisory 49029
Posted May 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in myCare2x, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 01c848ee60c549318c7b0853b8bfd3c35bd75f1fb5e194d2c6e6f1e81e8d3256
myCare2x CMS Cross Site Scripting / SQL Injection
Posted May 4, 2012
Authored by Benjamin Kunz Mejri, the_storm, Vulnerability Laboratory | Site vulnerability-lab.com

myCare2x CMS suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 9ecb32dcf987e31b96b1abb2f8d1884bb47ffc76aaef196236edae1a13d55dfb
2X Client For RDP 10.1.1204 Download / Execute
Posted Mar 19, 2012
Authored by rgod | Site retrogod.altervista.org

2X Client for RDP version 10.1.1204 suffers from a ClientSystem class active-x control download and execute vulnerability that affects TuxClientSystem.dll.

tags | exploit, activex
SHA-256 | 27227020ccb5074c6aa97e3a7d52d21c14c048d281d198b91a577d394154d6b4
2X Application Server 10.1 File Overwrite
Posted Mar 19, 2012
Authored by rgod | Site retrogod.altervista.org

2X Application Server version 10.x suffers from a TuxSystem class active-x control file overwrite involving TuxScripting.dll.

tags | exploit, activex
advisories | CVE-2012-1065
SHA-256 | 0ec15ada5f97ed20cc44237301fcfa9df7cde6ef19772eacaebffed8822def0e
Secunia Security Advisory 47661
Posted Mar 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in 2X Client TuxClientSystem ActiveX Control, which can be exploited by malicious people to compromise a user's system.

tags | advisory, activex
SHA-256 | 4fa63ca9d45fc7953b499401384ec69826335b002c828d9cd598d2a4aade9e03
Page 1 of 4
Back1234Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close