what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 84 RSS Feed


Posted Apr 23, 2002
Authored by eSDee, netric | Site netric.org

Posadis m5pre2 local format string exploit.

tags | exploit, local
SHA-256 | 025e81c77e339b0490a61b132dcf3996293528d7e06703be59938c0e883873e7

Related Files

PostgreSQL 11.7 Remote Code Execution
Posted Mar 30, 2022
Authored by b4keSn4ke

PostgreSQL versions 9.3 through 11.7 remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2019-9193
SHA-256 | e597a53141013a6e5aaeefcbb4e28ade73077b7f1f7b8c7994ae9d9031e1d2ff
Post-it 5.0.1 Denial Of Service
Posted Jun 14, 2021
Authored by Geovanni Ruiz

Post-it version 5.0.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 045d20c2f40be03dd32b582455b780a332aae216893f855b38db7e2efb6ec2f2
Postbird 0.8.4 XSS / LFI / Insecure Data Storage
Posted Jun 1, 2021
Authored by Tridentsec | Site tridentsec.io

Postbird version 0.8.4 suffers from cross site scripting, local file inclusion, and insecure data storage vulnerabilities. Included in this archive is a whitepaper and proof of concept exploit.

tags | exploit, local, vulnerability, xss, proof of concept, file inclusion
advisories | CVE-2021-33570
SHA-256 | 2fe1bba3a63538bc31c8f324c6075a4d7a94d198f0d2cc9c21a732f03fedcf03
Postbird 0.8.4 Cross Site Scripting / Local File Inclusion
Posted May 27, 2021
Authored by Debshubra Chakraborty

Postbird version 0.8.4 suffers from a javascript injection vulnerability that allows for cross site scripting and local file inclusion.

tags | exploit, local, javascript, xss, file inclusion
advisories | CVE-2021-33570
SHA-256 | a50f986fffa593ec901590f6e7af89c7caa33805339e420f6058a47850eb4854
Point Of Sale System 1.0 Cross Site Scripting
Posted Dec 21, 2020
Authored by Saeed Bala Ahmed

Point of Sale System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 82235f5a46c27e9ce9ad9e865d03451b03de110f26066c725582c2f262736726
Point Of Sale System 1.0 SQL Injection
Posted Dec 18, 2020
Authored by Saeed Bala Ahmed

Point of Sale System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 596041ae8cbbc85b9ca314b28ed7b2500dcc7ec7e8554b5e0528440f9a3adb54
Point Of Sales 1.0 Cross Site Scripting
Posted Oct 29, 2020
Authored by Ankita Pal

Point of Sales version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b1abcd5d7eb0894c7563e29ca9a278b410be32cd7afa181ae98954a8747fbcb7
Point Of Sales 1.0 SQL Injection
Posted Oct 28, 2020
Authored by Jyotsna Adhana

Point of Sales version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 14479cfedac75e0485e20fa319e6a41519d81d62f71e316b0d6e690a943c2987
PostgreSQL COPY FROM PROGRAM Command Execution
Posted May 7, 2019
Authored by Jacob Wilkin | Site metasploit.com

Installations running Postgres 9.3 and above have functionality which allows for the superuser and users with 'pg_execute_server_program' to pipe to and from an external program using COPY. This allows arbitrary command execution as though you have console access. This module attempts to create a new table, then execute system commands in the context of copying the command output into the table. This Metasploit module should work on all Postgres systems running version 9.3 and above. For Linux and OSX systems, target 1 is used with cmd payloads such as: cmd/unix/reverse_perl. For Windows Systems, target 2 is used with powershell payloads such as: cmd/windows/powershell_reverse_tcp. Alternatively target 3 can be used to execute generic commands, such as a web_delivery meterpreter powershell payload or other customized command.

tags | exploit, arbitrary
systems | linux, windows, unix, apple
advisories | CVE-2019-9193
SHA-256 | c46a7605f2f59df142894ab93e39c6fbb9ceb49da8db00d316382c22458faf6e
VA MAX 8.3.4 Remote Code Execution
Posted Feb 11, 2019
Authored by Cody Sixteen

VA MAX version 8.3.4 suffers from a post-authentication remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 83895e02490abd5dff21baf3e6cb7ef84abf36fa23f4bc7a4401f14daf917e92
Point Of Sales (POS) In VB.Net MYSQL Database 1.0 SQL Injection
Posted Oct 29, 2018
Authored by Ihsan Sencan

Point of Sales (POS) in VB.Net MySQL Database version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-18805
SHA-256 | 059e000d8a964af4883dd582a58ddb946307352e6bc2b0bcd0a1960c647826fa
PostgreSQL 9.4-0.5.3 Privilege Escalation
Posted Aug 13, 2018
Authored by Johannes Segitz

PostgreSQL version 9.4-0.5.3 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2017-14798
SHA-256 | 308106e2003f646f01a29df431f7b53f3dab08e577ddcc862552e62694904c88
PostgreSQL 10 Installer For Windows DLL Hijacking
Posted Oct 10, 2017
Authored by Stefan Kanthak

The PostgreSQL 10 installer for Windows suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 53508de2e1b750287c30bbe3c9bca27c1d738c50051878d731c03da7ff37006c
Posty 1.0 SQL Injection
Posted Aug 28, 2017
Authored by Ali BawazeEer

Posty version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 6aac32b2b95d9b88395dda6d01793a7227412fd7fa133fa0f854618d81b1a38e
POSNIC 1.03 Shell Upload
Posted Feb 6, 2017
Authored by Rony Das

POSNIC version 1.03 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | b0659cc1ef1702e8795081214734b821aa8dc6052f86b9ec6400a8635f7f89ef
POSNIC Unauthenticated Remote Code Execution
Posted Feb 1, 2017
Authored by Manish Tanwar

POSNIC versions prior to 1.03 suffer from a code execution vulnerability when set up to trust data from a compromised mysql instance.

tags | exploit, code execution
SHA-256 | 6b1d8a0103ae8c1d7b1d530a97bb15e67e0c90b1715bc898577bf76f338778cd
Post Indexer Man-In-The-Middle
Posted Nov 19, 2016
Authored by Glyn Wintle

Post Indexer version suffers from a man-in-the-middle vulnerability that may allow for arbitrary code execution.

tags | advisory, arbitrary, code execution
SHA-256 | ae251345f938c977f6f946b8a67e335ec898d22c843c43fc210bb0cdd04d4b34
Post Indexer SQL Injection
Posted Nov 19, 2016
Authored by Glyn Wintle

Post Indexer version suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
SHA-256 | 29834485d983a58f496acf14a03989b41aa447ba1ef4b268ba5ec7b3d8676a83
PoShFoTo - PowerShell Forensics Toolkit
Posted May 30, 2016
Authored by Mark Osborne

PoShFoTo is the PowerShell Forensics Toolkit, which contains a dozen PowerShell tools that allow you to do basic incident response and malware forensics. It includes Hex Dumper, Registry timeline generator, File timeline generator, and PE-block analyzer.

tags | tool, registry, forensics
SHA-256 | 2516e4a082ce0e53db6d6ba8ddfba777505de06d31bfefcccdabcff2c0057a2b
Posted Apr 9, 2016
Authored by Micheal Cottingham, midnitesnake, Nixawk | Site metasploit.com

Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To execute system commands, loading the "untrusted" version of the language is necessary. This requires a superuser. This is usually postgres. The execution should be platform-agnostic, and has been tested on OS X, Windows, and Linux. This Metasploit module attempts to load Perl or Python to execute system commands. As this dynamically loads a scripting language to execute commands, it is not necessary to drop a file on the filesystem. Only Postgres 8 and up are supported.

tags | exploit, perl, python
systems | linux, windows, apple, osx
SHA-256 | 35a6a49124ad62dab21bd8ac5c63333438e1b0e3ebfa9c2ae8f568b3ec88f1c1
Postfix SMTP Shellshock
Posted Oct 6, 2014
Authored by fattymcwopr

Postfix SMTP with procmail shellshock exploit that affects versions 4.2.x up through 4.2.48.

tags | exploit
advisories | CVE-2014-6271
SHA-256 | 2defb18f0a8b00ec8fed37883f8a633b4382c93a3edfdbab3f7778291f08879a
POSNIC 1.02 Directory Listing / File Upload
Posted Sep 27, 2014
Authored by indoushka

POSNIC version 1.02 suffers from directory listing and file upload exposure vulnerabilities.

tags | exploit, vulnerability, file upload
SHA-256 | ca1313a59105d7e4fb14cfff488765f623bb0fbcd07ff8b06039cfb663615a8d
PostgreSQL 8.4.1 Denial Of Service Integer Overflow
Posted Jun 13, 2014
Authored by Bernt Marius Johnsen

PostgreSQL versions 8.4.1 suffer from a JOIN hashtable size integer overflow denial of service vulnerability.

tags | exploit, denial of service, overflow
advisories | CVE-2010-0733, OSVDB-63208
SHA-256 | 9db855da789a69d025877c1caa3bc529eab23d8f2f93cbb52a56e90ac26c8bba
Post XSS Exploitation: Advanced Attacks And Remedies
Posted Mar 1, 2013
Authored by Kritika Sobti, Adwiteeya Agrawal, Nishtha Jatana

This paper presents an in depth study of the dangers of XSS vulnerabilities and vulgarizes its exploitation, it also showcases the remedies of post XSS attacks that can be adopted as a safeguard. Further, they exploit a vulnerability and develop a novel module for one of the popular tools of post XSS exploitation. This module can be used to make a SIP (Session Initiation Protocol) call. It has been developed with the intention of being included into the new release of the XSSF framework.

tags | paper, vulnerability, protocol, xss
SHA-256 | 7dbbd574b496be79c52c8e911121efacadc66a405c4adb8ada6c3d26422c99a3
PostgreSQL for Linux Payload Execution
Posted Dec 15, 2012
Authored by egypt, todb, midnitesnake | Site metasploit.com

On some default Linux installations of PostgreSQL, the postgres service account may write to the /tmp directory, and may source UDF Shared Libraries from there as well, allowing execution of arbitrary code. This Metasploit module compiles a Linux shared object file, uploads it to the target host via the UPDATE pg_largeobject method of binary injection, and creates a UDF (user defined function) from that shared object. Because the payload is run as the shared object's constructor, it does not need to conform to specific Postgres API versions.

tags | exploit, arbitrary
systems | linux
SHA-256 | c51dddadd2b2d88c86fc65284de0c6ecc7a31786c8b947b7ba7c753e87036e3f
Page 1 of 4

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By