what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed


OneNav Beta 0.9.12 Cross Site Scripting
Posted Aug 7, 2021
Authored by nu11secur1ty

OneNav Beta version 0.9.12 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-38138
SHA-256 | 803274adb5909b1835e04650d9e1edee51c3d4b28380326211d5666dde18f8ee

Related Files

MagyCMS 2.0.1121 BETA Blind SQL Injection
Posted Aug 12, 2012
Authored by Akastep, BOT_25, CAMOUFL4G3

This is a blind SQL injection exploit written in AutoIt3 that takes advantage of MagyCMS version 2.0.1121 BETA.

tags | exploit, sql injection
SHA-256 | 7bb2ad445113e3b10884ac186a263b5ff015ba59fe813ee16a5c886a16e1e7ef
phpProfiles 4.5.4 Beta XSS / RFI / SQL Injection
Posted Jul 24, 2012
Authored by L0n3ly-H34rT

phpProfiles version 4.5.4 Beta suffers from cross site scripting, remote file inclusion, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection, file inclusion
SHA-256 | 92e4557c8dfd2512631cffd63a7f3429b58378e9c7e4e1db2aed8b3c92c252ab
Pligg CMS 0.9 / 1.x Command Execution
Posted Jul 22, 2012
Authored by BlackHawk

Pligg CMS versions 0.9 BETA and 1.1.1 suffer from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 72aab94afd362e20d942a993b2e306717c522e0cdd8ca6fb1b866dc08d964f0e
Airdroid 1.0.4 Beta Implementation Weaknesses
Posted Jul 13, 2012
Authored by Tobias Glemser, Dominique Dewitt, Kathrin Schaberle

Airdroid version 1.0.4 Beta suffers from multiple security design implementation weaknesses.

tags | advisory, info disclosure
advisories | CVE-2012-3884, CVE-2012-3885, CVE-2012-3886, CVE-2012-3887, CVE-2012-3888
SHA-256 | e6777f2cf37fd0cc0c4fad4bc5839eb4b7f717137929dae19f8b618c9f4dfd25
Drupal Book Block 6.x-1.0-beta1 Cross Site Scripting
Posted Jul 11, 2012
Authored by Zach Alexander

Drupal version 6.26 with Book Block version 6.x-1.0-beta1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f9634f63ca64e4955a6dcb078fc3edf1f92c7055f4d7d300f83c4c36269e47a6
Zend Framework XXE Injection
Posted Jun 26, 2012
Authored by Kestutis Gudinavicius | Site sec-consult.com

Zend Framework versions 1.11.11, 1.12.0 RC1, and 2.0.0 beta4 suffer from remote file disclosure via an XXE injection vulnerability.

tags | exploit, remote, xxe
SHA-256 | c3bbf3eadcb973470c3821625d1d343feeac92ba6e51810c867cb80422569cac
ComSndFTP 1.3.7 Beta USER Format String (Write4)
Posted Jun 14, 2012
Authored by Rick, corelanc0d3r, mr_me, ChaoYi Huang | Site metasploit.com

This Metasploit module exploits the ComSndFTP FTP Server version 1.3.7 beta by sending a specially crafted format string specifier as a username. The crafted username is sent to to the server to overwrite the hardcoded function pointer from Ws2_32.dll!WSACleanup. Once this function pointer is triggered, the code bypasses dep and then repairs the pointer to execute arbitrary code. The SEH exit function is preferred so that the administrators are not left with an unhandled exception message. When using the meterpreter payload, the process will never die, allowing for continuous exploitation.

tags | exploit, arbitrary
SHA-256 | 8ca8af4598071a83d2552f14b027f3fdb8f361c95b01bacf03d39857c306caea
ComSndFTP 1.3.7 Beta Format String Overflow
Posted Jun 8, 2012
Authored by demonalex

ComSndFTP server version 1.3.7 Beta suffers from a format string denial of service vulnerability.

tags | exploit, denial of service, overflow
SHA-256 | 3dd29f6ba19c152cfdc941d25317dd129231fd8200a350bc6ba8338881502fa1
YDFramework 2.0-Beta1 File Disclosure
Posted May 23, 2012
Authored by L3b-r1'z

YDFramework version 2.0-Beta1 suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
SHA-256 | 30af9929c9f3964f827f0a5fca1c7df7ea29edae703cfdfcf3fc2c41f7adfd54
RuubikCMS 1.1.0 Beta XSS / Disclosure / Directory Traversal
Posted May 23, 2012
Authored by Akastep

RuubikCMS version 1.1.0 Beta suffers from cross site scripting, information disclosure, and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion, info disclosure
SHA-256 | deb663d308e32b6666af67c1933589bdef38a45778db4b991eadf3895df60329
OpenOffice.org 3.3.0 Powerpoint Denial Of Service
Posted May 17, 2012
Authored by Sven Jacobias

A review of the code in filter/source/msfilter msdffimp.cxx in OpenOffice.org versions 3.3 and 3.4 Beta revealed some unchecked memory allocations, which could be exploited via malformed Powerpoint graphics records ("escher") to cause bad_alloc exceptions. From this vulnerability a denial of service attack is possible.

tags | advisory, denial of service
advisories | CVE-2012-2334
SHA-256 | 37ba90753876b3352a8f998736c035b6682c16dcc663dc0b8448e6d9efb6e4d3
OpenOffice.org Memory Overwrite
Posted May 16, 2012
Authored by Kestutis Gudinavicius

OpenOffice.org versions 3.3 and 3.4 Beta suffer from a memory overwrite vulnerability.

tags | advisory
advisories | CVE-2012-2149
SHA-256 | 8835dab05febe30ee3df1bb4c48de2c02504156f840dc2d1d9c1e0014179f8ce
OpenOffice.org vclmi.dll Integer Overflow
Posted May 16, 2012
Authored by TieLei Wang

A vulnerability is caused due to an integer overflow error in the vclmi.dll module when allocating memory for an embedded image object. This can be exploited to cause a heap-based buffer overflow via, for example using a specially crafted JPEG object within a DOC file. OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.

tags | advisory, overflow
advisories | CVE-2012-1149
SHA-256 | 9b9385109737f1c4e076d9b046209fed8fd0d8cc5001274e0f5a3f2bbb355d40
PHP Ticket System Beta 1 SQL Injection
Posted Apr 24, 2012
Authored by G13

PHP Ticket System Beta 1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | f331b153861f4c95d8694429e29e08f749646cec6c2de5b128d953c29eb07810
Snort 2 DCE/RPC Preprocessor Buffer Overflow
Posted Apr 10, 2012
Authored by Neel Mehta | Site metasploit.com

This Metasploit module allows remote attackers to execute arbitrary code by exploiting the Snort service via crafted SMB traffic. The vulnerability is due to a boundary error within the DCE/RPC preprocessor when reassembling SMB Write AndX requests, which may result a stack-based buffer overflow with a specially crafted packet sent on a network that is monitored by Snort. Vulnerable versions include Snort 2.6.1, 2.7 Beta 1 and SourceFire IDS 4.1, 4.5 and 4.6. Any host on the Snort network may be used as the remote host. The remote host does not need to be running the SMB service for the exploit to be successful.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2006-5276, OSVDB-67988
SHA-256 | 4831463187a96ae8a63ec6bde91a0cbca65b38578ad54e60da0525ce6c81e52a
WebPortal CMS Beta Arbitrary File Upload
Posted Mar 29, 2012
Authored by HELLBOY

WebPortal CMS Beta suffers from a shell upload vulnerability.

tags | exploit, shell
SHA-256 | 0a16776905892f9932c6a81532948beda759b23fb0a1ebd44a1a250d6589aa23
OpenOffice.org Data Leakage
Posted Mar 23, 2012
Authored by Timothy D. Morgan | Site apache.org

An XML External Entity (XXE) attack is possible in OpenOffice.org versions 3.3 and 3.4 Beta. This vulnerability exploits the way in which external entities are processed in certain XML components of ODF documents.

tags | advisory, xxe
advisories | CVE-2012-0037
SHA-256 | 8eebd992aa35f4faf62775e9bf55d28de394b1f4f67b8928b0375d38ba17a838
Minify 2.1.3 Cross Site Scripting
Posted Mar 21, 2012
Authored by Ayoub Aboukir

Minify versions 2.1.3 and 2.1.4-Beta suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dde8807eda13d801c3fb76f0e068de308ad81fb83bad0e3eb929e084e6b943dc
Gentoo Linux Security Advisory 201203-10
Posted Mar 6, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-10 - Multiple buffer overflow vulnerabilities in libmikmod may allow an attacker to execute arbitrary code or cause a Denial of Service condition. Versions less than 3.2.0_beta2-r3 are affected.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-2546, CVE-2010-2971
SHA-256 | dabf13a93eead13d95d3728608051ef4b42c78528c35570c2f5af336866b7a7d
phxEventManager 2.0 Beta 5 SQL Injection
Posted Mar 2, 2012
Authored by skys

phxEventManager version 2.0 beta 5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6ad7d38cfeb4e1e5de32c062417e982cb2b1c0e061735419cc1e6d5826869f6e
Mandriva Linux Security Advisory 2011-197
Posted Dec 30, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-197 - Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service by sending many crafted parameters. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary, php
systems | linux, mandriva
advisories | CVE-2011-4566, CVE-2011-4885
SHA-256 | 65c4b018cdfd49592c9f7dbcf34ecabd28e6273c44adf4c53cd71a54905612c5
vBulletin 4.1.7 Beta 1 Remote File Inclusion
Posted Oct 30, 2011
Authored by indoushka

vBulletin version 4.1.7 Beta 1 suffers from multiple remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | b9073b76bf88aeb821fd3141de1ab8b03da0bb2cfe3d0d757b0ea42b61faab30
1024 CMS 1.1.0 Beta Local File Inclusion
Posted Oct 19, 2011
Authored by Sangyun YOO

1024 CMS version 1.1.0 Beta suffers from a local file inclusion vulnerability in force_download.php.

tags | exploit, local, php, file inclusion
SHA-256 | c5ee1836f34737277d9dda98295f796a10de494c307edcbf334527f5915761b2
Filmis 0.2 Beta Cross Site Scripting / SQL Injection
Posted Oct 12, 2011
Authored by M.Jock3R

Filmis version 0.2 Beta suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 635cc0c5fedf63470616e91144d46f5e705d459606e1f8eeb7bcad7f9a9506eb
Elgg 1.8 beta2 SQL Injection
Posted Aug 16, 2011
Authored by Lostmon | Site lostmon.blogspot.com

Elgg version 1.8 beta2 and versions prior to 1.7.11 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c950639fc029e83218a2070a2423cbfcde8e8fa6a471276241db1b8f809a07dc
Page 1 of 4

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By