exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 47 RSS Feed

Files

MSA01110707.txt
Posted Jul 13, 2007
Authored by Stefano Di Paola | Site mindedsecurity.com

By using a specially crafted "flv" video it is possible to trigger an integer overflow inside Adobe Flash interpreter which could lead to client/browser-plugin crash, arbitrary code execution or system denial of service.

tags | advisory, denial of service, overflow, arbitrary, code execution
SHA-256 | b5745d95565e102a3b47c37bae0f9bb5d2ad4eb82226f8857c7805702ddd2ae8

Related Files

Microsoft Active Directory Federated Services (ADFS) User Enumeration
Posted Oct 23, 2018
Authored by Joshua Platz

Microsoft Active Directory Federated Services (ADFS) suffers from a time-based user enumeration vulnerability.

tags | exploit
SHA-256 | b3eae50ee8fce1eb1e74559f4e6977c7d9770c9481f60f81641dd138862d381c
Microsoft ADFS 4.0 Windows Server 2016 Server Side Request Forgery
Posted Sep 14, 2018
Authored by Alphan Yavas

Microsoft ADFS 4.0 Windows Server 2016 suffers from a server-side request forgery issue.

tags | advisory
systems | windows
advisories | CVE-2018-16794
SHA-256 | 54c3fbae5231a0a144e5c625bad29079390e41cfdc656d91a26ea5e91358a6b6
Linux PAM 0.6.9 Authentication Replay
Posted Aug 14, 2018
Authored by Eric Sesterhenn

It is possible to replay an authentication by using a specially prepared smartcard or token in case pam-pkcs11 is compiled with NSS support. Furthermore two minor implementation issues have been identified. Linux PAM version 0.6.9 is affected.

tags | advisory
systems | linux
SHA-256 | b156716f0716691c0ca438fba63d6af0df228025140f98efed7f8babd73f2e70
Microsoft Azure Cloud Audit Using Powershell
Posted May 23, 2017
Authored by Parag Kamra

This brief whitepaper discusses using Powershell to audit Microsoft Azure Cloud.

tags | paper
SHA-256 | 21b90899799a56e231053bc320dd4854fc4aaa08824b17602b35091584b50445
Red Hat Security Advisory 2016-2064-01
Posted Oct 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2064-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: It was found that Kubernetes did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-7075
SHA-256 | 7ac790d0bd5fd3aa218353b24721f042b3a1d148e74215514320782738a96160
PowerFolder 10.4.321 Remote Code Execution
Posted May 24, 2016
Authored by Hans-Martin Muench

PowerFolder version 10.4.321 suffers from a remote code execution vulnerability. Proof of concept exploit included.

tags | exploit, remote, code execution, proof of concept
systems | linux
SHA-256 | 0f0efada160c1447152adc09401bed6a535c764c9ce9e56f17fa7b105821aa98
Mandriva Linux Security Advisory 2015-094
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-094 - A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution. Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2014-0133, CVE-2014-3616
SHA-256 | a9b0dad5121adee806f8507d31f0378200cad93af903b88a3195c14cd2fca5c6
iPass Mobile Client 2.4.2.15122 Privilege Escalation
Posted Mar 13, 2015
Authored by Hans-Martin Muench

iPass Mobile Client version 2.4.2.15122 suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | bd007d26621d154125e049c9012e6a55d1250112d7f68cf635a95297806bc04a
Hewlett-Packard UCMDB 10.10 JMX-Console Authentication Bypass
Posted Feb 3, 2015
Authored by Hans-Martin Muench

Hewlett-Packard Universal CMDB version 10.10 suffers from a jmx-console related authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2014-7883
SHA-256 | 1f3e56ca24c0afc54d16226ea210b990c83d4e7649564d542361c4adc7866481
WordPress Pixarbay Images 2.3 XSS / Bypass / Upload / Traversal
Posted Jan 19, 2015
Authored by Hans-Martin Muench

WordPress Pixarbay Images plugin version 2.3 suffers from authentication bypass, cross site scripting, remote shell upload, and path traversal vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss
SHA-256 | e8fdd468e6a1e0c52e7b2d7f13d998fd901f754bba86a40ce752dd2fadcf3302
Typo3 JobControl 2.14.0 Cross Site Scripting / SQL Injection
Posted Sep 26, 2014
Authored by Hans-Martin Muench

Typo3 JobControl version 2.14.0 suffers from cross site scripting and remote SQL injection vulnerabilities. Typo3 no longer provides updates for this extension and it is considered unsafe to use.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | fd26ba8328d734e82a7dea5f7dff200a5a1a0a8862c060bfd070948aa195c3db
ManageEngine EventLog Analyzer 9.9 Authorization / Code Execution
Posted Sep 1, 2014
Authored by Hans-Martin Muench

ManageEngine EventLog Analyzer version 9.9 suffers from unauthenticated remote code execution via shell upload and authorization vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution
advisories | CVE-2014-6037
SHA-256 | a0c98cac5f5fd141c8b87fb1b8f63391779ddd21923531556150cd799b862ef7
Mandriva Linux Security Advisory 2013-281
Posted Nov 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-281 - Ivan Fratric of the Google Security Team discovered a bug in nginx, which might allow an attacker to bypass security restrictions in certain configurations by using a specially crafted request, or might have potential other impact.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-4547
SHA-256 | 24200da29b62dbc19d61f3556eb553257ad19ae7b5b9d0f6454ad0816b56eed0
Debian Security Advisory 2802-1
Posted Nov 22, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2802-1 - Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request.

tags | advisory, web
systems | linux, debian
advisories | CVE-2013-4547
SHA-256 | e96ec50cb4d0fde794d104f316ef2cfa7420d164eab8c9a762d05005df862a3f
Foswiki MAKETEXT Remote Command Execution
Posted Dec 24, 2012
Authored by juan vazquez, Brian Carlson | Site metasploit.com

This Metasploit module exploits a vulnerability in the MAKETEXT Foswiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since the input is passed to the Perl "eval" command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. Only Foswiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set) are vulnerable. If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, if the FoswikiPage option isn't provided, the module will try to create a random page on the SandBox space. The modules has been tested successfully on Foswiki 1.1.5 as distributed with the official Foswiki-1.1.5-vmware image.

tags | exploit, shell, perl
advisories | CVE-2012-6329, OSVDB-88410
SHA-256 | 1dfa323fc74f3423aec71ecc1cde0b04c26eea7a42d6702fc3d9df74654857c2
TWiki MAKETEXT Remote Command Execution
Posted Dec 24, 2012
Authored by juan vazquez, George Clark | Site metasploit.com

This Metasploit module exploits a vulnerability in the MAKETEXT Twiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since user input is passed to the Perl "eval" command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. This works in TWiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set). If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, if the 'TwikiPage' option isn't provided, the module will try to create a random page on the SandBox space. The modules has been tested successfully on TWiki 5.1.2 as distributed with the official TWiki-VM-5.1.2-1 virtual machine.

tags | exploit, shell, perl
advisories | CVE-2012-6329, OSVDB-88460
SHA-256 | 6a462fdc51b0c493b941a326fd05e71eb12bf8bedb39c652d6c549a65bf5b2d5
EMC Networker Format String
Posted Nov 6, 2012
Authored by Aaron Portnoy | Site metasploit.com

This Metasploit module exploits a format string vulnerability in the lg_sprintf function as implemented in liblocal.dll on EMC Networker products. This Metasploit module exploits the vulnerability by using a specially crafted RPC call to the program number 0x5F3DD, version 0x02, and procedure 0x06. This Metasploit module has been tested successfully on EMC Networker 7.6 SP3 on Windows XP SP3 and Windows 2003 SP2 (DEP bypass).

tags | exploit
systems | windows
advisories | CVE-2012-2288, OSVDB-85116
SHA-256 | 187180f15865924443eeaee0cc3daf29243c56a73fe15621b307d1808e687b71
Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary commands on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service using VbBusObj or AdvancedDataFactory to inject shell commands into Microsoft Access databases (MDBs), MSSQL databases and ODBC/JET Data Source Name (DSN). Based on the msadcs.pl v2 exploit by Rain.Forest.Puppy, which was actively used in the wild in the late Ninties. MDAC versions affected include MDAC 1.5, 2.0, 2.0 SDK, 2.1 and systems with the MDAC Sample Pages for RDS installed, and NT4 Servers with the NT Option Pack installed or upgraded 2000 systems often running IIS3/4/5 however some vulnerable installations can still be found on newer Windows operating systems. Note that newer releases of msadcs.dll can still be abused however by default remote connections to the RDS is denied. Consider using VERBOSE if you're unable to successfully execute a command, as the error messages are detailed and useful for debugging. Also set NAME to obtain the remote hostname, and METHOD to use the alternative VbBusObj technique.

tags | exploit, remote, arbitrary, shell
systems | windows
advisories | CVE-1999-1011
SHA-256 | 382234f494b3e6be1ceaa9dc39e8b06bf8faad703997a8f0eec9259b5d187113
Red Hat Security Advisory 2012-0128-01
Posted Feb 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0128-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.

tags | advisory, web, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2011-3607, CVE-2011-3639, CVE-2011-4317, CVE-2012-0031, CVE-2012-0053
SHA-256 | 47e04bdea922f45dbb611a67d0f33763ce878e42f56c0cde78a5dc761c2218f2
Microsoft Anti-XSS Library Bypass
Posted Jan 19, 2012
Authored by Adi Cohen

The Microsoft Anti-XSS library versions 3.0 and 4.0 suffer from a javascript bypass vulnerability.

tags | exploit, javascript, bypass
SHA-256 | 9c3724fcd0d3afee3bd1af91d841bc9d029d55edbafef54c733f648ff52a0dc3
Mandriva Linux Security Advisory 2010-185
Posted Sep 21, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-185 - An integer overflow has been found and corrected in bzip2 which could be exploited by using a specially crafted bz2 file and cause a denial of service attack. Additionally clamav has been upgraded to 0.96.2 and has been patched for this issue. perl-Compress-Bzip2 in MES5 has been linked against the system bzip2 library to resolve this issue.

tags | advisory, denial of service, overflow, perl
systems | linux, mandriva
advisories | CVE-2010-0405
SHA-256 | 9ad342dd4d695ddad458b7a2cc4f336d10b370149f577db868f677cc76eed3e5
Microsoft Address Book DLL Hijacking Exploit
Posted Aug 26, 2010
Authored by Beenu Arora

Microsoft Address Book DLL hijacking exploit.

tags | exploit
SHA-256 | 4f13c8d637df82e2669e80503452e208a22553dcc70cc3695cdef1089e39e778
Liferay JSON Service Information Leakage
Posted Aug 13, 2010
Authored by Stefano Di Paola | Site mindedsecurity.com

The Liferay JSON service suffers from multiple remote information disclosure vulnerabilities.

tags | exploit, remote, vulnerability, info disclosure
SHA-256 | 2eefe242df465b532ea4094ef0f4f75673c5d531310f8b98bab39ea2e08b2790
Liferay Calendar exportFileName Path Manipulation
Posted Aug 13, 2010
Authored by Stefano Di Paola | Site mindedsecurity.com

Liferay Calendar suffers from an exportFileName path manipulation vulnerability that allows for arbitrary JSP execution.

tags | exploit, arbitrary
SHA-256 | 364ef10eb3fb5346794a9da1561ef77a228dcdd72f907d0ae2256c91da27a284
JForum 2.08 Cross Site Scripting
Posted Aug 13, 2010
Authored by Giorgio Fedon | Site mindedsecurity.com

JForum versions 2.08 and below suffer from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3fe1100de28afe6658fa2b65ada4dda113e0d941cfc15f6c9fdddd29ff5a39a6
Page 1 of 2
Back12Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close