what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 66 RSS Feed

Files

ACJWEB DESIGNER 1.0 SQL Injection
Posted Jun 22, 2023
Authored by indoushka

ACJWEB DESIGNER version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1476b83d361f5d3b12a5630e5e0b2a06fcf04b60ef0362ae9f733f5b20894725

Related Files

ACJWEB DESIGNER 1.0 Cross Site Scripting
Posted Jun 23, 2023
Authored by indoushka

ACJWEB DESIGNER version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e4b3ec1618ec99bb023305b043d262222b6dd51759fd74b2e6e5b2ff52883ea1
A Vulnerability In Implementations of SHA-3, SHAKE, EdDSA, And Other NIST-Approved Algorithms
Posted Mar 7, 2023
Authored by Nicky Mouha, Christopher Celi | Site eprint.iacr.org

This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective.

tags | paper, overflow, cryptography, php, python
advisories | CVE-2022-37454
SHA-256 | e5ce94c802fc96b96a37593074295283819a7abf859a04a1c1cbfcdb566dcdb1
WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting
Posted Jan 19, 2022
Authored by Chloe Chamberland | Site wordfence.com

WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-0218
SHA-256 | 2daac954d0f1c688550129f35862a338821ee9c20becb99aa75ebc8c3fabb72e
Pentaho Business Analytics / Pentaho Business Server 9.1 Remote Code Execution
Posted Nov 5, 2021
Authored by Altion Malka, Alberto Favero

Pentaho allows users to create and run Pentaho Report Bundles (.prpt). Users can create PRPT reports by utilizing the Pentaho Designer application and can include BeanShell Script functions to ease the production of complex reports. However, the BeanShell Script functions can allow for the execution of arbitrary Java code when Pentaho PRPT Reports are run by Pentaho Business Analytics. This functionality allows any user with sufficient privileges to upload or edit an existing Pentaho Report Bundle (through Pentaho Designer) and execute arbitrary code in the context of the Pentaho application user running on the web server.

tags | exploit, java, web, arbitrary
advisories | CVE-2021-31599
SHA-256 | 9f8cbd9f5ed4747e5a6fd8e34452cf38b7608a4e96f8f1551a4a3068ced96949
WordPress Fancy Product Designer For WooCommerce 4.5.1 File Upload
Posted Nov 18, 2020
Authored by Jonathan Gregson

WordPress Fancy Product Designer for WooCommerce plugin versions 4.5.1 and below suffer from an unauthenticated arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 844ca1d83aa4d76c3672b1a8922c9d8024975940f595d849d240dc34d1d9305e
WordPress Fancy Product Designer For WooCommerce Cross Site Scripting
Posted Nov 18, 2020
Authored by Jonathan Gregson

WordPress Fancy Product Designer for WooCommerce plugin versions prior to 4.5.1 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c2c7ecac4f728b70f667e20bd8ac5b7a0fdfdb834ec7d79083882c4dfa3d69b4
Studio 5000 Logix Designer 30.01.00 Unquoted Service Path
Posted Nov 19, 2019
Authored by Luis Martinez

Studio 5000 Logix Designer version 30.01.00 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | d5c9a3aa2846731f4e0eb8e5d62991cf05802b071f53a98e372cb7a74f1237c1
CMS Made Simple 2.2.8 Remote Code Execution
Posted Nov 13, 2019
Authored by Daniele Scanu | Site metasploit.com

An issue was discovered in CMS Made Simple version 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible to reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection. This Metasploit module has been successfully tested on CMS Made Simple versions 2.2.6, 2.2.7, 2.2.8, 2.2.9 and 2.2.9.1.

tags | exploit, php
advisories | CVE-2019-9055
SHA-256 | 89958144f8e021770610570a9f70bd342705de89876594b1eeaf56a68799f77d
Microsoft Designer Bluetooth Desktop Insufficient Memory Protection
Posted Oct 10, 2019
Authored by Matthias Deeg | Site syss.de

SySS GmbH found out that the embedded flash memory of the Microsoft Designer Bluetooth Desktop keyboard can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC as the flash memory is not protected by the offered readback protection feature.

tags | advisory
SHA-256 | a5148241981394c2a24fc78dd0e069153a14fc48069935d8f1b62a025fbcf8aa
WordPress wp-contactpage-designer 1.0 Database Disclosure
Posted Dec 4, 2018
Authored by KingSkrupellos

WordPress wp-contactpage-designer plugin version 1.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | db14c0b13112b3acfe40e657e26c6830ce9b924516c21dde3f3b229924e2ca04
Case Study: Security Of Modern Bluetooth Keyboards
Posted Jun 22, 2018
Authored by Matthias Deeg, Gerhard Klostermeier

This whitepaper is a case study that analyzes the security of modern bluetooth keyboards. In the course of this research project, SySS GmbH analyzed three currently popular wireless keyboards using Bluetooth technology that can be bought on the Amazon marketplace for security vulnerabilities. The following three devices were tested for security issues from different attacker perspectives: 1byoneKeyboard, LogitechK480, and MicrosoftDesignerBluetoothDesktop (Model1678 2017).

tags | paper, vulnerability
SHA-256 | c3809eac9d774959095aaa64f57d5970b03ee8190b8247907992919c1953a04e
WordPress FancyProductDesigner 3.4.2 Stored XSS
Posted May 2, 2017
Authored by Project Insecurity, MLT | Site insecurity.zone

WordPress FancyProductDesigner plugin versions prior to 3.4.2 suffer from a persistent cross site scripting vulnerability due to improper sanitization, allowing malicious .svg file uploads.

tags | exploit, xss, file upload
SHA-256 | e06356cf348ec440bf9bde069022db59898d3360eefbd1156c6c4aaf4c07d21c
PHP Product Designer Script Arbitrary File Upload
Posted Jan 31, 2017
Authored by Ihsan Sencan

PHP Product Designer Script suffers from a remote file upload vulnerability.

tags | exploit, remote, php, file upload
SHA-256 | 7d790c1ec21fded17dacbbc17620efc38ecb001d6fc9c52edfe9851c78357a60
PHP Logo Designer Script Arbitrary File Upload
Posted Jan 31, 2017
Authored by Ihsan Sencan

PHP Logo Designer Script suffers from a remote file upload vulnerability.

tags | exploit, remote, php, file upload
SHA-256 | 316e2dade3a9f46160380b992df148227d68aff8a4b8be881d2dc40f153f042c
Phrack Magazine Issue 69
Posted May 7, 2016
Authored by phrack | Site phrack.org

Phrack Magazine Issue 69 - Articles include Phrack Prophile on Solar Designer, Revisiting Mac OS X Kernel Rootkits, Modern Objective-C Exploitation Techniques, and much more.

tags | kernel, magazine
systems | unix, apple, osx
SHA-256 | b58a20cf3e17aa3041c7015488649dc35bf1feb01bcdeb3ddd009e2bc71986fc
IPv6 Extension Headers In The Real World
Posted Aug 22, 2014
Authored by Fernando Gont

This is a draft of IPv6 Extension Headers in the Real World. IPv6 Extension Headers allow for the extension of the IPv6 protocol, and provide support for some core functionality such as IPv6 fragmentation. However, IPv6 Extension Headers are deemed to present a challenge to IPv6 implementations and networks, and are known to be intentionally filtered in some existing IPv6 deployments. This summarizes the issues associated with IPv6 extension headers, and presents real-world data regarding the extent to which packets with IPv6 extension headers are filtered in the public Internet, and where in the network such filtering occurs. Additionally, it provides some guidance to operators in troubleshooting IPv6 blackholes resulting from the use of IPv6 extension headers. Finally, this document provides some advice to protocol designers, and discusses areas where further work might be needed.

tags | paper, protocol
SHA-256 | 4f100808cfb77d0cea54d4c5b190d179c17b9bd141d9d61bb6013c9766d28960
Green Lights Forever: Analyzing The Security Of Traffic Infrastructure
Posted Aug 21, 2014
Authored by J. Alex Halderman, Branden Ghena, William Beyer, Jonathan Pevarnek, Allen Hillaker

The safety critical nature of traffic infrastructure requires that it be secure against computer-based attacks, but this is not always the case. The authors investigate a networked traffic signal system currently deployed in the United States and discover a number of security flaws that exist due to systemic failures by the designers. They leverage these flaws to create attacks which gain control of the system, and we successfully demonstrate them on the deployment in coordination with authorities. Their attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage. They make recommendations on how to improve existing systems and discuss the lessons learned for embedded systems security in general.

tags | paper
SHA-256 | 7eb72c4fe42431b49f23e36bae8a9024cdacfdd85d7d3cab51bf021cdf47aca7
Secunia Security Advisory 51003
Posted Oct 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle Central Designer, which can be exploited by malicious people to potentially compromise a vulnerable system.

tags | advisory
SHA-256 | ac764d6b8875f5786b1c8a605fc9c67c9f45c54316fca6fb8c6d3726f70e2d1a
PD Professional Designer SQL Injection
Posted Jun 20, 2012
Authored by Taurus Omar

PD Professional Designer suffers from remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 9f5934b17c5182b1d95681fb1236314992f1471da0a40bd350e53a158f7cb095
Mandriva Linux Security Advisory 2012-092
Posted Jun 16, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-092 - Multiple vulnerabilities has been discovered and corrected in postgresql. Fix incorrect password transformation in contrib/pgcrypto's DES crypt() function (Solar Designer). If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much weaker than it appeared. With this fix, the rest of the string is properly included in the DES hash. Any stored password values that are affected by this bug will thus no longer match, so the stored values may need to be updated. Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler (Tom Lane). Applying such attributes to a call handler could crash the server. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2012-2143, CVE-2012-2655
SHA-256 | 1edfeb5c298d59aca21fc94dd3d94074bf90df118aaad1545a26a577513db22c
Lattice Semiconductor PAC-Designer 6.21 Symbol Value Buffer Overflow
Posted Jun 14, 2012
Authored by unknown, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Lattice Semiconductor PAC-Designer 6.21. As a .pac file, when supplying a long string of data to the 'value' field under the 'SymbolicSchematicData' tag, it is possible to cause a memory corruption on the stack, which results in arbitrary code execution under the context of the user.

tags | exploit, arbitrary, code execution
advisories | CVE-2012-2915, OSVDB-82001
SHA-256 | 4f39a6ba7a1c027c53d6c89df81d4f572dc43a0a4728c3bef5f6473a11849cc1
Lattice Semiconductor PAC-Designer 6.21 Overflow
Posted Jun 8, 2012
Authored by b33f

Lattice Semiconductor PAC-Designer version 6.21 suffers from a stack-based buffer overflow.

tags | exploit, overflow
advisories | CVE-2012-2915
SHA-256 | 520230c976f66176275e60d6714d34242413e22d709e7dd05023f8285270adbe
Secunia Security Advisory 48741
Posted May 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in PAC-Designer, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 3354c447b224af91a8015f2f7f60e555f83fd2b3a7ee82faaa9b2113abae2669
PHP Designer 2007 PE SQL Injection
Posted Mar 30, 2012
Authored by Mr.XpR

PHP Designer 2007 PE suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 7f5cd0d29463fed33d4ae2fd9962cde7c0185b25d1e0b37c8635ac96d1105fcd
Pre Studio Business Card Designer SQL Injection
Posted Dec 25, 2011
Authored by r45c4l

Pre Studio Business Card Designer suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c794f54bab399b0c0633492d18f99b818df6ffbe8246ade34257f886b2c02046
Page 1 of 3
Back123Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    27 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close