exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

Chamilo LMS 1.11.14 Cross Site Scripting / Account Takeover
Posted Feb 2, 2022
Authored by sirpedrotavares

Chamilo LMS version 1.11.14 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-37391
SHA-256 | 46aaae3bca75f14ca4182e929dd60940d30948fc966d3884b3e4d144172812eb

Related Files

Docebo LMS 6.9 Remote Code Execution
Posted Aug 2, 2016
Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

Docebo LMS version 6.9 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | f524c2d024645aff1cf52aac28d1e4b8f18581d220d14822fa0547416aaade37
Ubuntu Security Notice USN-2950-5
Posted May 25, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2950-5 - USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to version 4.3.9, which introduced a regression when using the ntlm_auth tool. This update fixes the problem. Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack. Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118
SHA-256 | a5115fbeb6574c22cf7909ecfb3b0b6ae9b4be9907873ac8ac4827c6e8dc2822
Ubuntu Security Notice USN-2950-2
Posted Apr 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2950-2 - USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages introduced a compatibility issue with NTLM authentication in libsoup. This update fixes the problem. Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, spoof, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118
SHA-256 | d00c71363fd9011b1911761bd598b570e7edef600cd48c0634d3cf0850df7357
Ubuntu Security Notice USN-2950-1
Posted Apr 18, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2950-1 - Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118
SHA-256 | 7e7ea9fcd4b1fd06b83c16d90cf9d03bcaa1f0afa52f3c19687b2dd2577594b2
Chamilo LMS 1.10.2 Cross Site Scripting
Posted Mar 16, 2016
Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

Chamilo LMS version 1.10.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 12f915c60ca619847a0cd7048a890848d0bc5b2449afdcc3e307a8cc7c233372
ATutor LMS 2.2.1 CSRF Remote Code Execution
Posted Mar 7, 2016
Authored by mr_me

ATutor LMS versions 2.2.1 and below cross site request forgery remote code execution exploit that leverages install_modules.php.

tags | exploit, remote, php, code execution, csrf
advisories | CVE-2016-2539
SHA-256 | a2979fb7ec37494a903eb30ee43ad91332dca8b48a2bc6b4adfe613fa9fc6001
Chamilo LMS Cross Site Scripting
Posted Feb 19, 2016
Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

Chamilo LMS suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | bc13f65de0792bdc1e2bb9fd29ab0d6fdffa9843148374f7b6d135c76354780c
Chamilo LMS Insecure Direct Object Reference
Posted Feb 19, 2016
Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

Chamilo LMS suffers from an insecure direct object reference vulnerability.

tags | exploit
SHA-256 | 45ca288b13f7415dfb28d2c6c6aa16e6f8a5baf6d21c4e8d7a1a099587d9f341
Docebo LMS 4.0.3 Cross Site Scripting
Posted Dec 7, 2015
Authored by indoushka

Docebo LMS version 4.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2051abc7ed5d46c9c6bb827fb812f09c9ba961b28a4de57bfe2f6a22eaa4025e
Red Hat Security Advisory 2015-2184-07
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2184-07 - The realmd DBus system service manages discovery of and enrollment in realms and domains, such as Active Directory or Identity Management. The realmd service detects available domains, automatically configures the system, and joins it as an account to a domain. A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response. It was found that the realm client would try to automatically join an active directory domain without authentication, which could potentially lead to privilege escalation within a specified domain.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2015-2704
SHA-256 | 981a9b0321ff21c29c033023f1fc5131026055ccb57948a3681f9525a4fe738d
Forma LMS 1.3 PHP Object Injection
Posted May 18, 2015
Authored by Filippo Roncari

Forma LMS version 1.3 suffer from multiple PHP object injection vulnerabilities.

tags | exploit, php, vulnerability
SHA-256 | 044bd18c774d1e1b75ddccdda5b4e979fd43e42126b0cd1f29509d053af5c02c
Realms Wiki Insecure Transport
Posted Mar 26, 2015
Authored by Javantea

Realms Wiki uses insecure transport during install and due to this an attacker in a privileged position could achieve remote code execution.

tags | advisory, remote, code execution
SHA-256 | 4f568ca2e277c33afd5ba0f09e55744f8174cc394efff4f5d14d96ff8cdee252
Realms Wiki Cross Site Request Forgery
Posted Mar 26, 2015
Authored by Javantea

Realms Wiki suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 76698182beabf946f364524d2347cb5198c06f12b7a17d4f24120c19c10ee709
Chamilo LMS 1.9.10 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 19, 2015
Authored by Rehan Ahmed

Chamilo LMS versions 1.9.10 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 230e777d25a2151f00153422fa704dbe817526a68723d31dcf7694a7df533d68
Chamilo LMS 1.9.8 Blind SQL Injection
Posted Feb 9, 2015
Authored by Kacper Szurek

Chamilo LMS version 1.9.8 suffers from remote blind SQL injection and cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
SHA-256 | ec57fb93efd3c6b7a858d17d03b5e0c158f84d570f58b7291ec988c1509bc7de
WordPress WPLMS 1.8.4.1 Privilege Escalation
Posted Feb 8, 2015
Authored by Evex

WordPress WPLMS theme version 1.8.4.1 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 20bf53d920b0b4f78e622fa2e701a7ebcd9399db4deb7cc6f801c67cb63a9873
Responder 2.1.3
Posted Nov 29, 2014
Authored by laurent gaffie | Site github.com

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

Changes: Several enhancements including analyze mode, inclusion of various rogue servers, and more.
tags | tool, web
systems | unix
SHA-256 | e556daa1f0a339ac90d98107c072ac75bc867a9e63f2f39b053bde5bf3acaa0b
Forma Lms 1.2.1 Cross Site Scripting
Posted Nov 5, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Forma Lms version 1.2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-5257
SHA-256 | a2fd82d89af099cb808bcdd5f234d0f2dc854c7a567c21ee470c8a2d419a4013
Red Hat Security Advisory 2014-1389-02
Posted Oct 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1389-02 - Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-1418, CVE-2013-6800, CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345
SHA-256 | c2947ddb91d4200d6e969ec8c1740f81beee6d987fb797c219ac8a48d6353a72
Red Hat Security Advisory 2014-1245-01
Posted Sep 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1245-01 - Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-1418, CVE-2013-6800, CVE-2014-4341, CVE-2014-4344
SHA-256 | dc9963bd6d74a1f7b5b9eb0c9ad8111607cf554b83071de41c6384916d9f5999
CAS Timing Attack
Posted Aug 3, 2014
Authored by Nathan Power

The Client Access Server (CAS) that services Autodiscover and Outlook Web App (OWA) has been found to be vulnerable to time-based authentication attacks. It has been discovered that when sending authentication requests to the CAS, behavior in the timing of the responses can be used to verify Active Directory (AD) realms and usernames within those realms. Authentication timing issues have been found in specific IIS file paths and OWA form-based authentication. This issue can allow an attacker to confirm the existence of a specific username in the directory, and will make other attacks such as password guessing or social engineering attacks more successful.

tags | advisory, web
SHA-256 | 061b94a5edc404d05361b21ffb528c06f80aa1cef15fbbc558442730005bf285
Responder 2.0.8
Posted Jun 10, 2014
Authored by laurent gaffie | Site github.com

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

Changes: Various additions and improvements.
tags | tool, web
systems | unix
SHA-256 | bd21c3071ebd2748be93ab69f92a2df8a758d1b418b5dfa81b16acb38bed7e83
eFront LMS 3.6.14 File Upload / Path Disclosure
Posted Dec 26, 2013
Authored by expl0i13r

eFront LMS version 3.6.14 suffers from arbitrary file upload, file read, and path disclosure vulnerabilities.

tags | exploit, arbitrary, vulnerability, info disclosure, file upload
SHA-256 | 236bf191a5b34718ed687f6cdf5729cb22931ec79eda5c590ecd278be5ac58d2
Debian Security Advisory 2825-1
Posted Dec 22, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2825-1 - Laurent Butti and Garming Sam discored multiple vulnerabilities in the dissectors for NTLMSSPv2 and BSSGP, which could lead to denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2013-7113, CVE-2013-7114
SHA-256 | 4f9dc7111dffc668e27622c001dc32140b102e279ada4684aed34cf1c75a993d
Mandriva Linux Security Advisory 2013-296
Posted Dec 22, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-296 - The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service via a crafted packet. Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service via a long domain name in a packet. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2013-7112, CVE-2013-7114
SHA-256 | 878776549c46a9bc09b3c25506054f13adcb45a498a6c50df1e5ca5ba1c9ffa9
Page 2 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close