exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Hardened-PHP Project Security Advisory 2005-21.80
Posted Nov 9, 2005
Authored by Christopher Kunz, Hardened-PHP Project | Site hardened-php.net

PHPKIT versions 1.6.1 R2 and below suffer from cross site scripting, SQL injection, information disclosure, password hash disclosure, local file disclosure, and arbitrary code execution flaws. Various sample exploitation details provided.

tags | exploit, arbitrary, local, code execution, xss, sql injection, info disclosure
SHA-256 | a91e4d42b773ee597b5ea0162d7a64232a6a053f5d7b8e1af72709197633e2f8

Related Files

CMS PHPKit WCMS 1.6.6 Cross Site Scripting
Posted Jan 13, 2015
Authored by Steffen Roesemann

CMS PHPKit WCMS version 1.6.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | bc631a532ede7f396bf10e2908c4f90fd2b39943a411c0476b46853b7947dd90
PHP Kit 1.0
Posted Feb 12, 2013
Authored by infodox

PHPkit is a simple PHP based backdoor, leveraging include() and php://input to allow the attacker to execute arbitrary PHP code on the infected server. The actual backdoor contains no suspicious calls such as eval() or system(), as the PHP code is executed in memory by include().

Changes: Code clean up.
tags | tool, arbitrary, php, rootkit
systems | unix
SHA-256 | 9ae6f1db9ff8c94146491368c999d0b4d6a0a9cfe7316a6f72a899025250bf36
PHP Kit 0.2a
Posted Jan 17, 2013
Authored by infodox

PHPkit is a simple PHP based backdoor, leveraging include() and php://input to allow the attacker to execute arbitrary PHP code on the infected server. The actual backdoor contains no suspicious calls such as eval() or system(), as the PHP code is executed in memory by include().

Changes: Shell client rewritten and a file upload client was added.
tags | tool, arbitrary, php, rootkit
systems | unix
SHA-256 | 3078b9daa99d887414dbe12584cdafa91a5f3554f05f8ad34cdf5d3ffe218a26
PHP Kit 0.1a
Posted Jan 6, 2013
Authored by infodox

PHPkit is a simple PHP based backdoor, leveraging include() and php:// input to allow the attacker to execute arbitrary PHP code on the infected server. The actual backdoor contains no suspicious calls such as eval() or system(), as the PHP code is executed in memory by include(). Includes a simple python client that gives a "shell" on the server.

tags | tool, shell, php, rootkit, python
systems | unix
SHA-256 | a0b89f7413840636a73320699e779bec747d2127f4e7880708cb96dae4596056
sudo 1.8.3p1 Format String
Posted Jan 30, 2012
Authored by joernchen | Site phenoelit.de

sudo versions 1.8.0 through 1.8.3p1 suffer from a format string vulnerability that allows for privilege escalation.

tags | exploit
SHA-256 | 81fb04538af951a21c660e19f143b2d360f83aa70ff21c86befc1fc8af952094
Gitorious Remote Command Execution
Posted Jan 28, 2012
Authored by joernchen | Site phenoelit.de

Gitorious versions prior to 2.1.1 suffer from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 6eaad22fe33effe3e4d1a3e355ffa9f4cb239465e6efdd17446f0304e8263e07
PHPKit 1.6.1 R2 SQL Injection
Posted Oct 29, 2010
Authored by Easy Laster

PHPKit versions 1.6.1 R2 and below remote SQL injection exploit that leverages overview.php.

tags | exploit, remote, php, sql injection
SHA-256 | 60f29fc5837355fd5ef838e4225260e314c73abe5d8f82833f62aba28fcff37f
PHPKIT WCMS 1.6.5 Reflected Cross Site Scripting
Posted Jul 28, 2010
Authored by David "Aesthetico" Vieira-Kurz | Site majorsecurity.de

PHPKIT WCMS vesion 1.6.5 suffers from a reflected cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4e462957f2e106b8bb64e9043371757932788cc4d9d401bc835d3d3f0cd266b0
PHPKIT WCMS 1.6.5 Cross Site Scripting
Posted Jul 27, 2010
Authored by David "Aesthetico" Vieira-Kurz | Site majorsecurity.de

PHPKIT WCMS version 1.6.5 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | ecd55597608e71646904db6946b845c4681b1cddfd49ad04710cd12a26efcbdf
Secunia Security Advisory 40754
Posted Jul 27, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - David Vieira-Kurz has discovered some vulnerabilities in PHPKIT, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
SHA-256 | 2f92acf6e156c1b9c43559eef5782c2ab94114691c3c22a9ff57da42720de674
Kaspersky Klim5.sys Advisory
Posted Feb 2, 2009
Authored by Ruben Santamarta | Site wintercore.com

KIS 2008 and Kaspersky AntiVirus for Workstations suffer from a local privilege escalation vulnerability in Klim5.sys.

tags | advisory, local
SHA-256 | 986d0ad816e789cda1a3b6e60acf76a92dd2c3e35c8b13cf6af11184f8f77d00
advisory_W021008.txt
Posted Oct 9, 2008
Authored by Ruben Santamarta

Microsoft Windows Kernel is prone to a local privilege escalation due to an integer overflow error within the IopfCompleteRequest function. This vulnerability may allow attackers to execute arbitrary code in the kernel context, thus allowing to escalate privileges to SYSTEM.

tags | advisory, overflow, arbitrary, kernel, local
systems | windows
SHA-256 | 83416b5326404b535c7aca5df86a5d9d9c86e01657b803c965feda37f7d987fa
phpkit-xsrf.txt
Posted Jan 30, 2008
Authored by NBBN

PHPKIT version 1.6.4 PL1 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | bd686a8d96632c15e6c574107869fd642622cbadb3de3bd820f5ae158927a167
phpkit-rfi.txt
Posted Nov 28, 2007
Authored by JosS | Site spanish-hackers.com

PHPkit version 1.6.1 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 673400a894bf744378440e29d2c810971d88724b774f606c4b331a80034588b7
phpkit-sql.txt
Posted Nov 27, 2007
Authored by shadowleet

PHPKIT version 1.64pl1 remote SQL injection exploit that makes use of article.php.

tags | exploit, remote, php, sql injection
SHA-256 | ca0c31027f6c298a77162e72a5c9a4aa71ff48b5029e5e57e130278a2364fb16
Secunia Security Advisory 27791
Posted Nov 26, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - shadowleet has discovered a vulnerability in PHPKIT, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 411e2716eae01f291ee33a6a3fc74b4431744b489233827137dea1cff6545a8a
advisory-2007-11-14.txt
Posted Nov 15, 2007
Site scanit.be

Microsoft Windows 2003 SP2 and Microsoft Windows 2000 SP4 Server suffer from a predictable DNS transaction ID vulnerability.

tags | advisory
systems | windows
advisories | CVE-2007-3898
SHA-256 | 17df89085333f3c12c52a302a32379289e5cde6b3d5bc244cb20b4eadc104298
advisory-2007-06-29.txt
Posted Jun 29, 2007
Authored by Susam Pal | Site susam.in

Google suffers from re-authentication a bypass vulnerability with the SID and LSID cookies.

tags | advisory, bypass
SHA-256 | 4f025da75376d5304616a5f06e5e0cbc824d41e86de0ab0e7ddad020d50ade61
KDE Security Advisory 2007-03-26.1
Posted Mar 28, 2007
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - The KDE FTP ioslave parses the host address in the PASV response of a FTP server response. mark from bindshell.net pointed out that this could be exploited via JavaScript for automated port scanning. It was not possible to demonstrate the vulnerability via JavaScript with Konqueror from KDE 3.5.x. However, other scenarios are possible. Systems affected are KDE up to and including KDE version 3.5.6.

tags | advisory, javascript
advisories | CVE-2007-1564
SHA-256 | 11a8b2185f26494437aee4a5b794dd9dfc7df3072b51c8db1a96b3d190915204
Hardened-PHP Project Security Advisory 2007-03.142
Posted Feb 24, 2007
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened PHP Project Security Advisory - Multiple browsers suffers from a cross domain charset inheritance vulnerability. Affected include Firefox versions 2.0.0.1 and below, Internet Explorer 7,and Opera 9.

tags | advisory, php
SHA-256 | dcd8c435391d3c078ac9563c091bc0f6313cafd8de503cb88d02e58310efcc93
KDE Security Advisory 2007-01-15.1
Posted Jan 20, 2007
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause denial of service (infinite loop) via a PDF file that contains a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.

tags | advisory, denial of service
advisories | CVE-2007-0104
SHA-256 | 42812a15864105269027b14064b13deb20beeca385431654ec9eb079ccaf20c4
KDE Security Advisory 2007-01-09.1
Posted Jan 13, 2007
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - On 2006-12-27, a proof of concept for arbitrary code execution in ksirc was published by Federico L. Bossi Bonin. The published exploit triggers an assertion in ksirc and results in a a NULL pointer dereference (crash) for non-debug builds.

tags | advisory, arbitrary, code execution, proof of concept
advisories | CVE-2006-6811
SHA-256 | bbe226f8526b19cff802b45793648da93e38d02f08a6eb41783cd101bf62423d
Hardened-PHP Project Security Advisory 2007-02.141
Posted Jan 7, 2007
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened PHP Project Security Advisory - WordPress versions 2.0.5 and below are susceptible to SQL injection and arbitrary PHP code execution vulnerabilities.

tags | advisory, arbitrary, php, vulnerability, code execution, sql injection
SHA-256 | 6ae242405ad8f267856415ba69fbe2d72b0564bc948f563c7faddf7468dc8a27
Hardened-PHP Project Security Advisory 2007-01.140
Posted Jan 7, 2007
Authored by Stefan Esser, Hardened-PHP Project | Site hardened-php.net

Hardened PHP Project Security Advisory - WordPress versions 2.0.5 and below are susceptible to a cross site scripting vulnerability.

tags | advisory, php, xss
SHA-256 | 2e3cbc0dfeeffe8d32e3e64641b81da4f32b8024d0bbc6b54762599b015b0f9a
KDE Security Advisory 2006-12-04.1
Posted Dec 6, 2006
Authored by KDE Desktop | Site kde.org

KDE Security Advisory - The OLE import filter, which is used in KPresenter to open Microsoft Powerpoint files is vulnerable to an integer overflow problem that can be exploited to expose an heap memory overflow. This issue was reported by Kees Cook from Ubuntu security. KOffice versions 1.4.x and 1.6.0 are affected.

tags | advisory, overflow
systems | linux, ubuntu
advisories | CVE-2006-6120
SHA-256 | 5e616116d126762e0386e401b5ffeb2270a95ffca025fe458d9dd87fc7b1f07b
Page 1 of 4
Back1234Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close