what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Super Store Finder 3.7 Remote Command Execution
Posted Sep 19, 2023
Authored by Etharus

Super Store Finder versions 3.7 and below suffer from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 59708f67b0915cf1156ee9e02ad60df7ef019793a0e335e432949ea847133ec7

Related Files

WebRTC Layer Info Out-Of-Bounds Write
Posted Apr 23, 2020
Authored by Google Security Research, natashenka

WebRTC suffers from an out-of-bounds memory write in the method RtpFrameReferenceFinder::UpdateLayerInfoH264. This occurs when updating the layer info with the frame marking extension.

tags | exploit
SHA-256 | 06971daf4e8e1b40696e457b7e355f90460b37a0e0308f2559ba4a2fa0af726f
GTalk Password Finder 2.2.1 Denial Of Service
Posted Jan 17, 2020
Authored by Ismail Tasdelen

GTalk Password Finder version 2.2.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 184769acddcba4b7da8b9827b611c276819e38e9e258de8913756bdc44c76ab9
APKF Product Key Finder 2.5.8.0 Denial Of Service
Posted Jan 17, 2020
Authored by Ismail Tasdelen

APKF Product Key Finder version 2.5.8.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | f3f319133c9bdfeb656a8d117ac52f61f46e3c7e66e30d0f3c6abc1b5ed63786
Office Product Key Finder 1.5.4 Denial Of Service
Posted Jan 6, 2020
Authored by Gokkul

Office Product Key Finder version 1.5.4 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 768c9c34532ff10d0b99e34292f56d64b06b8953e10a1b1d8624fa5859ec59e0
Flawfinder 2.0.10
Posted Jun 24, 2019
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Uses binary mode when reading a diffhitlist.
tags | tool
systems | unix
SHA-256 | f1dcb1ec3e35685e46a8512137b8062daa1d0327900177998a405feab608adeb
Flawfinder 2.0.9
Posted May 20, 2019
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Fixes a serious defect in --diffhitlist.
tags | tool
systems | unix
SHA-256 | d7aefd002cb63e125ff20bc2960388cf63e202b7e7f971e47129f2214faca90a
elFinder PHP Connector exiftran Command Injection
Posted Mar 12, 2019
Authored by Brendan Coles, Thomas Chauchefoin, q3rv0 | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is not validated, allowing shell metacharacters. When performing image operations on JPEG files, the filename is passed to the exiftran utility without appropriate sanitization, causing shell commands in the file name to be executed, resulting in remote command injection as the web server user. The PHP connector is not enabled by default. The system must have exiftran installed and in the PATH. This module has been tested successfully on elFinder versions 2.1.47, 2.1.20, and 2.1.16 on Ubuntu.

tags | exploit, remote, web, shell, php
systems | linux, ubuntu
SHA-256 | 5222268c0c1677f7e0637fd6b8a807ef9ea4bfb24107aadeb85ce45155354bc3
elFinder 2.1.47 Command Injection
Posted Mar 5, 2019
Authored by q3rv0

elFinder versions 2.1.47 and below suffer from a command injection vulnerability in the PHP connector.

tags | exploit, php
advisories | CVE-2019-9194
SHA-256 | c18a99273f5751aac3069a948d7904a72a24ff8573296cdae06be2c2d58ce090
JobFinder Cross Site Scripting
Posted Feb 16, 2019
Authored by Deyaa Muhammad

JobFinder suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9fc309ccb2ac29082296e34cd17392802909c507adfbc8f7c5edc92b800474a0
Flawfinder 2.0.8
Posted Jan 22, 2019
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: A number of bugs were addressed as well as some small improvements. Documentation has been tweaked.
tags | tool
systems | unix
SHA-256 | 65e05788c2e57b4037de58a42b787abd1e3f249656660cf6a3c1e9ad98a46b37
Joomla Com_Finder 4.0.0 Database Disclosure
Posted Dec 4, 2018
Authored by KingSkrupellos

Joomla Com_Finder component version 4.0.0 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 4cc2fc0b26fcd0409e0fced3cb36825ec78707753cd792b709cccc81021dbc27
IP Finder 1.5 Denial Of Service
Posted Aug 13, 2018
Authored by Shubham Singh

IP Finder version 1.5 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | b6e772e5a3cd36883b40370930d36f067059418e9dcf4a596b51bf9c800bfe06
Flawfinder 2.0.6
Posted Apr 4, 2018
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Small fixes. Updated cwe.mitre.org URLs to use https.
tags | tool
systems | unix
SHA-256 | d33caeb94fc7ab80b75d2a7a871cb6e3f70e50fb835984e8b4d56e19ede143fc
WordPress Service Finder Booking Local File Disclosure
Posted Jan 11, 2018
Authored by telahdihapus

WordPress Service Finder Booking plugin versions prior to 3.2 suffer from a file disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 2f783b7627e401cd58c5d554ccc0889ab631b7fba1ee89ee6e4be091445d8f69
Flawfinder 2.0.5
Posted Nov 17, 2017
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Added detection of crypt_r function. Added detection of errant equal, mismatch, and is_permutation. Updated CWE, risk, and discussion for C++14 STL functions. Fixed hit count reporting. Updated www.dwheeler.com URLs to use https.
tags | tool
systems | unix
SHA-256 | dcfecaf6c83e4933fc64d1fc7de757768d8f250762c08bbfa07c241fa6f2193b
Flawfinder 2.0.4
Posted Sep 4, 2017
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Now directly supports pip installs. Switched from distutils to setuptools.
tags | tool
systems | unix
SHA-256 | 43ffe3bd19cafbc4f24c53c6d80810297ebfbf9a72b693e58e59775813ee66ec
Flawfinder 2.0.2
Posted Aug 28, 2017
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Flawfinder can now run on either Python 2.7 or 3. Added more tests. Implemented additional code cleanups recommended by Pylint. Modified documentation in various ways to clarify things.
tags | tool
systems | unix
SHA-256 | 2ca96b106cbf6af495fe558e5111838c74cab0492e9b5d376f567b430e57052f
BuilderEngine Arbitrary File Upload / Execution
Posted May 17, 2017
Authored by Marco Rivoli, metanubix | Site metasploit.com

This Metasploit module exploits a vulnerability found in BuilderEngine 3.5.0 via elFinder 2.0. The jquery-file-upload plugin can be abused to upload a malicious file, which would result in arbitrary remote code execution under the context of the web server.

tags | exploit, remote, web, arbitrary, code execution
SHA-256 | 5ba5bb643f31ecc62484733644b0696342aaba16644737ef5bd5784d1a739d0d
Joomla JE Property Finder 1.6.3 SQL Injection
Posted Feb 14, 2017
Authored by Ihsan Sencan

Joomla JE Property Finder component version 1.6.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ce1ccd67bbdee68551538a7ac5bc64fa24e4338b7ab9c2125ccc75d84b63bf15
Multitech RightFax Faxfinder Credential Disclosure
Posted Nov 21, 2016
Authored by Joshua Platz

Multitech RightFax Faxfinder versions prior to 4.1.2 suffer from a clear-text credential disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2016-10512
SHA-256 | 4cba9fb5d18c9d4697ebdd1ee70bdbba03e52490e9c35b8c78903bbc2933d69e
Apache Mina 2.0.13 Remote Command Execution
Posted Sep 15, 2016
Authored by Gregory Draperi

Apache Mina 2.0.13 uses the OGNL library in the "IoSessionFinder" class. Its constructor takes into parameter one OGNL expression. Then this expression is executed when the method "find" is called. This class seems to be only used in the JMX MINA component "IoServiceMBean". When the IOServiceMBean is exposed trough JMX it is possible to abuse the function to execute an arbitrary command on the server.

tags | exploit, arbitrary
SHA-256 | 5dca9550346e53b4b4b1f76ec51319517cdbd8e4a939ec303316d56728bfe74d
Tiki Wiki 15.1 Unauthenticated File Upload
Posted Jul 12, 2016
Authored by Mehmet Ince | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Tiki Wiki versions 15.1 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The issue comes with one of the 3rd party components. Name of that components is ELFinder -version 2.0-. This components comes with default example page which demonstrates file operations such as upload, remove, rename, create directory etc. Default configuration does not force validations such as file extension, content-type etc. Thus, unauthenticated user can upload PHP file. The exploit has been tested on Debian 8.x 64-bit and Tiki Wiki 15.1.

tags | exploit, web, arbitrary, php, file upload
systems | linux, debian
SHA-256 | f88afc6f681b7accefabd167d71cdc67a68314ed8f27fa9389816223e5aa4fb6
FinderView Path Traversal / Cross Site Scripting
Posted Jun 23, 2016
Authored by HaHwul

FinderView suffers from path traversal and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion
SHA-256 | 6f0343e72d022fbf8ca84c53fac312b430c2903c7ac17c64256d39c5523fe9ab
Dropbox FinderLoadBundle OS X Local Root Exploit
Posted Oct 1, 2015
Authored by cenobyte

The setuid root FinderLoadBundle that was included in older DropboxHelperTools versions for OS X allows loading of dynamically linked shared libraries that are residing in the same directory. The directory in which FinderLoadBundle is located is owned by root and that prevents placing arbitrary files there. But creating a hard link from FinderLoadBundle to somewhere in a directory in /tmp circumvents that protection thus making it possible to load a shared library containing a payload which creates a root shell.

tags | exploit, arbitrary, shell, root
systems | apple, osx
SHA-256 | 2fe41a90799fee4a1fce5da2d6dcba950035afb15b2c3fe6f1dcec5f37e1a3a0
elFinder 2 Remote Command Execution
Posted May 7, 2015
Authored by TUNISIAN CYBER

elFinder 2 suffers from a remote command execution vulnerability via file creation.

tags | exploit, remote
SHA-256 | 57884d86d295df818f1cab870ceaf073323f6d2bc260384a3aeccee8ff36816f
Page 1 of 4
Back1234Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close