what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

CS-2001-02
Posted May 30, 2001
Site cert.org

CERT Quarterly Summary for May, 2001. Since the last regularly scheduled CERT summary, issued in February 2001 (CS-2001-01), we have seen a significant increase in reconnaissance activity, a number of self-propagating worms, and active exploitation of vulnerabilities in snmpxdmid, BIND and IIS by intruders.

tags | worm, vulnerability
SHA-256 | 4a4c69c74f9f9dfbf99e62d106c6b336a191d5792a093ca4b01aa1079a25f3c2

Related Files

CSC-CMS 1.0.0 Insecure Settings
Posted Aug 15, 2023
Authored by indoushka

CSC-CMS version 1.0.0 suffers from an ignored default credential vulnerability.

tags | exploit
SHA-256 | b9b7d88201df987f68f4f94bc9586defedd0a450d1c101b01f60ef5a6953ce24
CSC-CMS 1.0.0 SQL Injection
Posted Aug 7, 2023
Authored by indoushka

CSC-CMS version 1.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ae1f929eee44c923aaf211504bbbdd43d54c37767bd9674ac5a38adfc59453a6
Coffee Shop Cashiering System 1.0 SQL Injection
Posted Jun 27, 2022
Authored by syad

Coffee Shop Cashiering System version 1.0 suffers from a remote time-based SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f964a4311244797b00b346857d8249aa0ed9e3ed4fbb20b2da7ac878fcd027a6
GridPro Request Management For Windows Azure Pack 2.0.7905 Directory Traversal
Posted Oct 25, 2021
Authored by Giulian Guran

GridPro Request Management for Windows Azure Pack versions 2.0.7905 and below suffer from a traversal vulnerability that can allow for arbitrary execution of Powershell scripts.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2021-40371
SHA-256 | 513dd9d3220aed0443768d76d63650e8af9dc973885a471803f11ba9b1c10d5c
Microsoft Windows Containers DP API Cryptography Flaw
Posted Mar 16, 2021
Authored by Marc Nimmerrichte

Microsoft Windows Containers suffers from a DP API design flaw where encryption keys are shared and reused between images.

tags | exploit
systems | windows
advisories | CVE-2021-1645
SHA-256 | 9ca89e4b58c712f3b5cd994828e6290959a5d09fa6b74c261d55967effb8af17
Apache MyFaces 2.x Cross Site Request Forgery
Posted Feb 20, 2021
Authored by Wolfgang Ettlinger

Apache MyFaces versions 2.2.13 and below, 2.3.7 and below, 2.3-next-M4 and below, and 2.1 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2021-26296
SHA-256 | 9496fb42b8d7b245393af79c43e00c9737bf7e2ce2f045cabe480e1ebae73876
PLANEX CS-QP50F-ING2 Remote Configuration Disclosure
Posted Jan 5, 2021
Authored by Todor Donev

PLANEX CS-QP50F-ING2 security surveillance smart camera remote configuration disclosure exploit.

tags | exploit, remote
SHA-256 | 3726f2fc1651bd0eeed4b2842077106b9266fafd2395f49bfb65b2d0d32d68f0
CSE Bookstore 1.0 SQL Injection
Posted Dec 22, 2020
Authored by Musyoka Ian

CSE Bookstore version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Alper Basaran in October of 2020.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | fc951b6ccd26f9e3555d4b13f66f6d079b229758376a158cab4a785dac9e81ef
CSE Bookstore 1.0 Cross Site Scripting
Posted Oct 30, 2020
Authored by Vyshnav NK

CSE Bookstore version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 43b48eac38ffbd3edb385a455b2a2eb549a7ebfca5a7d897033f98bd7f828bf3
CSE Bookstore 1.0 SQL Injection
Posted Oct 28, 2020
Authored by Alper Basaran

CSE Bookstore version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 22ade0807de506d719e10260a6706f161c23e19eabb44126ae5efb25be5761a3
CS-Cart 1.3.3 Local File Inclusion
Posted Oct 16, 2020
Authored by 0xmmnbassel

Details for performing a local file inclusion attack on CS-Cart version 1.3.3, a really old version.

tags | exploit, local, file inclusion
SHA-256 | ddf9554006d39786c262545673c21d61bb45fc6461be190a2232a46653661721
CS-Cart 1.3.3 Remote Code Execution
Posted Oct 16, 2020
Authored by 0xmmnbassel

Details for achieving remote code execution on CS-Cart version 1.3.3, a really old version.

tags | exploit, remote, code execution
SHA-256 | 4f690f72e60232a009b2067ca291afec05fa7b7866b7cdeba59bfcaa0b0084bc
CS Cart 4.6.2 Shell Upload
Posted Nov 23, 2017
Authored by oric one

CS Cart version 4.6.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2017-15673
SHA-256 | f1ee462ab8b8fb7db0ca71f0fe2dd6b5d840e12bdfd35c6ed9f2ecdcbed12fba
Counter Strike: Condition Zero Code Execution
Posted Jul 14, 2017
Authored by Grant Hernandez

Counter Strike: Condition Zero .BSP map file code execution exploit.

tags | exploit, code execution
SHA-256 | 1aaae42dcf775bae0172248b3082263a9ac732e19aa248d45bc4c3b2e68c7ed7
CS-Cart 4.3.10 Unauthenticated XXE Injection
Posted Nov 16, 2016
Authored by Ahmed Sultan

CS-Cart versions 4.3.10 and below suffer from an unauthenticated XML external entity (XXE) injection vulnerability.

tags | exploit, xxe
SHA-256 | d055752e041a2e34fe412240fa6a2df718f958b7dee0c4a6b2350b08ba38432a
CollabNet Subversion Edge Management CSRF
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend fails to implement any cross site request forgery protection. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory, csrf
SHA-256 | 51550678e302e308a0266d2824d45d664b115efd79d9d9699ff2ea9b8606149c
CollabNet Subversion Edge Management Missing Password Check
Posted Jun 30, 2015
Authored by otr

The management frontend does not require the old password for changing the password to a new one. An authenticated attacker may perform password setting attacks via XSRF without knowing the current password. An attacker that stole a Session ID (cookie) is able to gain persistent access by changing the password. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
SHA-256 | b01690bfbbc4be90118e3f7f950ff41e45b8a303eb3e13ca92e517d946087a0a
CollabNet Subversion Edge Management Unsalted Hashes
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management stores passwords as unsalted MD5 hashes. Unsalted MD5 hashes can easily be cracked by brute forcing the password. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
SHA-256 | 8cc3148316f4aa4c7d8a4758a7e89063b6e5b83abbe5c26a33241c18c888460c
CollabNet Subversion Edge Management Multiple Logins
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management web application does not restrict users to be logged in only once and does not provide a configuration option to configure this feature for admins and/or user accounts. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory, web
SHA-256 | 136cd2ad53bd137bb66b883f29da54e22164f5784ffa08198eb81b5bca4a4fac
CollabNet Subversion Edge Management Brute Forcing
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend does not protect against brute forcing accounts. An attacker has infinite tries to guess a valid user password. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory, cracker
SHA-256 | c4a5be8f15df488c6909bf4b2ac7dc41e0d49ed272885ca67e0b4f9bf8d4b650
CollabNet Subversion Edge Management listViewItem LFI
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "listViewItem" parameter of the "index" action. Fixed in version 5.0. Version 4.0.11 is affected.

tags | exploit, arbitrary, local, file inclusion
SHA-256 | 056057c0fb271eb7d3df3d949644529069ad9b220d3cea13dac2b89f6483c3e0
CollabNet Subversion Edge Management Clickjacking
Posted Jun 30, 2015
Authored by otr

CollabNet Subversion Edge Management Frontend does not implement clickjacking protection. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
SHA-256 | c207b180dc94d5a50e20b860125c9f73e2c49f364c17a3013f7603f8c6f2d141
CollabNet Subversion Edge Management Weak Password Policy
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management does not implement a strong passwordpolicy. Passwords like "aaaaa" are allowed as the only requirement is that the password is at least 5 characters long. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
SHA-256 | f122205e04ea0584d756f4c07ab8c745e0d178bd283e8cbc86963df7402628e9
CollabNet Subversion Edge Management Autocomplete Enabled
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge management frontend login page password field has autocomplete enabled. This may allow an attacker to retrieve a stored password from the browsers key store. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
SHA-256 | 020e15b4242216e2e5a8d794bda6b2c2bedd387d58410fbce5ecb455fa026919
CollabNet Subversion Edge Management downloadHook LFI
Posted Jun 29, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the "downloadHook" action. Fixed in version 5.0.

tags | exploit, arbitrary, local, file inclusion
SHA-256 | 37d936d9d7e63a4ff0e4d5ba93bd86e716a8d053ae486aae462f028a417603cc
Page 1 of 4
Back1234Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close