exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

Asterisk Project Security Advisory - AST-2021-003
Posted Feb 19, 2021
Authored by Alexander Traud, gjoseph | Site asterisk.org

An unauthenticated remote attacker could replay SRTP packets which could cause an Asterisk instance configured without strict RTP validation to tear down calls prematurely.

tags | advisory, remote
advisories | CVE-2021-26712
MD5 | 0f76303538e81a54f1a8afa8eb908e23

Related Files

CuteFlow 2.11.2 Arbitrary File Upload
Posted Jul 27, 2012
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in CuteFlow version 2.11.2 or prior. This application has an upload feature that allows an unauthenticated user to upload arbitrary files to the 'upload/___1/' directory and then execute it.

tags | exploit, arbitrary
MD5 | 22b6219aee828f29e8809b75f2c45aa5
Cisco Security Advisory 20120711-ctsman
Posted Jul 12, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.

tags | advisory, remote, denial of service, arbitrary, vulnerability, code execution, protocol
systems | cisco
MD5 | 8084622abcbf8b2f61b2b4b738ed9f4e
Cisco Security Advisory 20120711-ctms
Posted Jul 12, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.

tags | advisory, remote, denial of service, arbitrary, vulnerability, code execution, protocol
systems | cisco
MD5 | 9e8925bd165368df9fc03393d5f9c88f
Cisco Security Advisory 20120711-cts
Posted Jul 12, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco TelePresence Endpoint devices contain multiple vulnerabilities. Exploitation of the API Remote Command Execution vulnerability could allow an unauthenticated, adjacent attacker to inject commands into API requests. The injected commands will be executed by the underlying operating system in an elevated context. Exploitation of the Remote Command Execution vulnerability could allow an authenticated, remote attacker to inject commands into requests made to the Administrative Web interface. The injected commands will be executed by the underlying operating system in an elevated context. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.

tags | advisory, remote, web, arbitrary, vulnerability, code execution, protocol
systems | cisco
MD5 | c26b7bd15aff0172056dc20d6fb16fa3
Cisco Security Advisory 20120711-ctrs
Posted Jul 12, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow a remote, unauthenticated attacker to create a denial of service condition, preventing the product from responding to new connection requests and potentially causing some services and processes to crash. Exploitation of the Cisco TelePresence Web Interface Command Injection may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released updated software that resolves the command and code execution vulnerabilities. There are currently no plans to resolve the malformed IP packets denial of service vulnerability, as this product is no longer being actively supported. There are no workarounds that mitigate these vulnerabilities. Customers should contact their Cisco Sales Representative to determine the Business Unit responsible for their Cisco TelePresence Recording Server.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability, code execution, protocol
systems | cisco
MD5 | 6d0c6a3f56c54f775ca5c9f4ee008266
Basilic 1.5.14 diff.php Arbitrary Command Execution
Posted Jul 6, 2012
Authored by Larry W. Cashdollar, sinn3r, juan vasquez | Site metasploit.com

This Metasploit module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account.

tags | exploit, arbitrary, php
MD5 | 9d16ea294133914f3b79a69c57218572
Uploadify-amazon-s3 1.01 Shell Upload
Posted Jun 23, 2012
Authored by Sammy FORGIT

Uploadify-amazon-s3 version 1.01 suffers from an unauthenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | b3c8ab14d86b03e5f146ec8a6c8984e8
WordPress Fancy Gallery 1.2.4 Shell Upload
Posted Jun 23, 2012
Authored by Sammy FORGIT

WordPress Fancy Gallery third party module version 1.2.4 suffers from an unauthenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 66f8b65377d7fd4874b2c38cb1f5f5c1
Silverstripe Pixlr Image Editor 1.0.4 Shell Upload
Posted Jun 23, 2012
Authored by Sammy FORGIT

Silverstripe Pixlr Image Editor third party module version 1.0.4 suffers from an unauthenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 183cdba6a88f1378f62e4596f2c29f3c
WordPress Flip Book 1.0 Shell Upload
Posted Jun 23, 2012
Authored by Sammy FORGIT

WordPress Flip Book third party module version 1.0 suffers from an unauthenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | aff354633467c33276bfc37585c009c3
Wolf CMS / Frog CMS BD uploadR Shell Upload
Posted Jun 23, 2012
Authored by Sammy FORGIT

Wolf CMS / Frog CMS BD uploadR third party module suffers from an unauthenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | d968ee9ee08fed9f682fc57d590c00a6
e107 Articulate 1.1.1 Shell Upload
Posted Jun 23, 2012
Authored by Sammy FORGIT

e107 Articulate third party module version 1.1.1 suffers from an unauthenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | e5a90b7d2c959d4fbc8f8a610a5334b8
WordPress Ajax Multi Upload 1.1 Shell Upload
Posted Jun 23, 2012
Authored by Sammy FORGIT

WordPress Ajax Multi Upload third party module version 1.1 suffers from an unauthenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | f4020a27ac86f8171a4293a6fa7dbb4c
Cisco Security Advisory 20120620-asaipv6
Posted Jun 21, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) and Cisco Catalyst 6500 Series ASA Services Module (Cisco ASASM) contain a vulnerability that may allow an unauthenticated, remote attacker to cause the reload of the affected device. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote
systems | cisco
MD5 | 004875d2818c9f7466b710c718f91c6b
PHPCollab 2.5 Unauthenticated File Upload
Posted May 23, 2012
Authored by team ' and 1=1--

PHPCollab version 2.5 suffers from an unauthenticated file upload vulnerability.

tags | exploit, file upload
MD5 | 1b7459efe1a8274c10aa92fb7e82792b
PHPCollab 2.5 Database Backup Disclosure
Posted May 23, 2012
Authored by team ' and 1=1--

PHPCollab version 2.5 suffers from an unauthenticated database backup download vulnerability.

tags | exploit, info disclosure
MD5 | 623f9337b445786a8bea01daf76fcf2c
SAP Netweaver 7.0 EHP1/EHP2 Buffer Overflows
Posted May 8, 2012
Authored by Core Security Technologies, Martin Gallo | Site coresecurity.com

Core Security Technologies Advisory - SAP Netweaver is a technology platform for building and integrating SAP business applications. Multiple vulnerabilities have been found in SAP Netweaver that could allow an unauthenticated, remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered sending specially crafted SAP Diag packets to remote TCP port 32NN (being NN the SAP system number) of a host running the "Dispatcher" service, part of SAP Netweaver Application Server ABAP. By sending different messages, the different vulnerabilities can be triggered.

tags | exploit, remote, denial of service, arbitrary, tcp, vulnerability
advisories | CVE-2011-1516, CVE-2011-1517, CVE-2012-2511, CVE-2012-2512, CVE-2012-2513, CVE-2012-2514
MD5 | df4617546b9fe705981c0eafdf162672
Websense (Triton 7.6) Remote Command Execution
Posted May 2, 2012
Authored by Ben Williams | Site ngssoftware.com

Websense (Triton version 7.6) suffers from an unauthenticated remote command execution vulnerability as SYSTEM.

tags | exploit, remote
MD5 | 5b920b1d1d54d946744dca36ca5eb9b8
ACTi Web Configurator cgi-bin Directory Traversal
Posted Apr 26, 2012
Authored by Digital Defense, r@b13$, Shmoov | Site digitaldefense.net

The ACTi Web Configurator 3.0 for ACTi IP Surveillance Cameras contains a directory traversal vulnerability within the cgi-bin directory. An unauthenticated remote attacker can use this vulnerability to retrieve arbitrary files that are located outside the root of the web server.

tags | advisory, remote, web, arbitrary, cgi, root
MD5 | 532e6e641a0c8ade262cbaa881911f2b
Debian Security Advisory 2450-1
Posted Apr 12, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2450-1 - It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection.

tags | advisory, remote, code execution
systems | linux, debian
advisories | CVE-2012-1182
MD5 | 0232dbfbe2509b6299efda8f897c809f
Cisco Security Advisory 20120328-ssh
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Secure Shell (SSH) server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service (DoS) vulnerability in the SSH version 2 (SSHv2) feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted username. Successful exploitation of this vulnerability could allow an attacker to create a DoS condition by causing the device to reload. Repeated exploits could create a sustained DoS condition. The SSH server in Cisco IOS Software and Cisco IOS XE Software is an optional service, but its use is highly recommended as a security best practice for the management of Cisco IOS devices. Devices that are not configured to accept SSHv2 connections are not affected by this vulnerability. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, denial of service, shell
systems | cisco, osx
advisories | CVE-2012-0386
MD5 | a91d87508705fbbed4ab6cf5e057b000
Cisco Security Advisory 20120328-mace
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS Software contains a denial of service (DoS) vulnerability in the Wide Area Application Services (WAAS) Express feature that could allow an unauthenticated, remote attacker to cause the router to leak memory or to reload. Cisco IOS Software also contains a DoS vulnerability in the Measurement, Aggregation, and Correlation Engine (MACE) feature that could allow an unauthenticated, remote attacker to cause the router to reload. An attacker could exploit these vulnerabilities by sending transit traffic through a router configured with WAAS Express or MACE. Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to cause the router to leak memory or to reload. Repeated exploits could allow a sustained DoS condition. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | cisco
advisories | CVE-2012-1312, CVE-2012-1314
MD5 | 572bf3bd1463d3f5f39c3e7cb3451a2d
Cisco Security Advisory 20120328-smartinstall
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS Software contains a vulnerability in the Smart Install feature that could allow an unauthenticated, remote attacker to cause a reload of an affected device if the Smart Install feature is enabled. The vulnerability is triggered when an affected device processes a malformed Smart Install message on TCP port 4786. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

tags | advisory, remote, tcp
systems | cisco
advisories | CVE-2012-0385
MD5 | 56364bdccd84888832478cd172861079
Cisco Security Advisory 20120328-rsvp
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS Software and Cisco IOS XE Software contain a vulnerability in the RSVP feature when used on a device configured with VPN routing and forwarding (VRF) instances. This vulnerability could allow an unauthenticated, remote attacker to cause an interface wedge, which can lead to loss of connectivity, loss of routing protocol adjacency, and other denial of service (DoS) conditions. This vulnerability could be exploited repeatedly to cause an extended DoS condition. A workaround is available to mitigate this vulnerability. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco, osx
advisories | CVE-2012-1311
MD5 | d182e019ea73fd9bdbccadbfe1f02ac2
PHP Grade Book 1.9.4 SQL Database Export
Posted Mar 23, 2012
Authored by Mark Stanislav

PHP Grade Book version 1.9.4 suffers from an unauthenticated SQL database export vulnerability.

tags | exploit, php, sql injection
advisories | CVE-2012-1670
MD5 | f9f66b480deb9d5ff7295d77e771a506
Page 1 of 4
Back1234Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close