what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Directory Escort Script Cross Site Scripting
Posted Aug 6, 2009
Authored by 599eme Man

Directory Escort Script suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3f4d3e2c773b2c62067f9e1c6090bf12ddfda7cf8a08f09f639e41ce6976d5d0

Related Files

Desenvolvido C3iM CMS 2.0 Cross Site Scripting
Posted Aug 10, 2023
Authored by indoushka

Desenvolvido C3iM CMS version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ee75f970e155669b73118332fbaa7e9c33f33900005bfc151805b9ba771cd102
Desktop Central 9.1.0 CRLF Injection / Server-Side Request Forgery
Posted Mar 27, 2023
Authored by Rafael Pedrero

Desktop Central version 9.1.0 suffers from crlf injection, and server-side request forgery vulnerabilities.

tags | exploit, vulnerability
SHA-256 | f14d2baec680a12a6729214faa250eefbcdee817cb0b626a416ad3cbd5e5dd59
Untrusted Data Deserialization In Jsoniter
Posted Dec 16, 2021
Authored by Adi Malyanker, Ivan Reyes

Whitepaper discussing untrusted data deserialization in jsoniter. Written in Spanish.

tags | paper
SHA-256 | bfcbc92c461eee304f389597423031549d816389de0416f3fa662b1cb15e3995
Deskpro Helpdesk Privilege Escalation / Remote Code Execution
Posted Apr 1, 2020
Authored by Abdulrahman Nour | Site blog.redforce.io

Deskpro on-premise helpdesk solution versions prior to 2019.8.0 were found to be prone to multiple high severity vulnerabilities that enable a remote attacker to escalate their privilege to helpdesk administrator. Moreover, it was prone to remote code execution leading to full compromise of the server.

tags | advisory, remote, vulnerability, code execution
SHA-256 | 5dd4895f525c9b7d353cbbb506267df38621858e44606b40a9ba8a1eb8d31651
ManageEngine Desktop Central Java Deserialization
Posted Mar 14, 2020
Authored by mr_me, wvu | Site metasploit.com

This Metasploit module exploits a Java deserialization vulnerability in the getChartImage() method from the FileStorage class within ManageEngine Desktop Central versions below 10.0.474. Tested against 10.0.465 x64.

tags | exploit, java
advisories | CVE-2020-10189
SHA-256 | 1b4d937c85f3beaac187c7d1a0baa59b7627812c7cd91b156f52ad23a8958285
Deserialization Vulnerabilities
Posted May 26, 2018
Authored by intx0x80

This whitepaper explains deserialization vulnerabilities in Java, Python, PHP, and Ruby.

tags | paper, java, php, vulnerability, python, ruby
SHA-256 | 6093b7b1afd7e2cb2437200d5e7cef8d3ec52ada1f7c203878f7c0778ab52c61
Manage Engine Desktop Central 9.1.0 Build 91099 XSS
Posted Mar 29, 2016
Authored by Omkar Joshi

Manage Engine Desktop Central version 9.1.0 build 91099 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f8ccfebb4e934635d94e79bd0f76926af384cafb4f57181e94a1a6e511b9d44e
desk.com Cross Site Scripting
Posted Feb 16, 2016
Authored by Jose Antonio Perez Piedra

desk.com suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 83da654ba2270bdcaa874faf02dd440d2b174258e4150dc3044474030cfef161
Desktop Central Add Administrator
Posted Dec 31, 2014
Authored by Pedro Ribeiro

Desktop Central versions 7 and forward suffer from an add administrator vulnerability.

tags | exploit, add administrator
advisories | CVE-2014-7862
SHA-256 | c2e77377429f0005eda7b7e387bc4d53931aff42d4cb2b99620c29f7791151c0
Desktop Linux Password Stealer / Privilege Escalation
Posted Dec 29, 2014
Authored by Jakob Lell | Site metasploit.com

This Metasploit module steals the user password of an administrative user on a desktop Linux system when it is entered for unlocking the screen or for doing administrative actions using policykit. Then it escalates to root privileges using sudo and the stolen user password. It exploits the design weakness that there is no trusted channel for transferring the password from the keyboard to the actual password verification against the shadow file (which is running as root since /etc/shadow is only readable to the root user). Both screensavers (xscreensaver/gnome-screensaver) and policykit use a component running under the current user account to query for the password and then pass it to a setuid-root binary to do the password verification. Therefore it is possible to inject a password stealer after compromising the user account. Since sudo requires only the user password (and not the root password of the system), stealing the user password of an administrative user directly allows escalating to root privileges. Please note that you have to start a handler as a background job before running this exploit since the exploit will only create a shell when the user actually enters the password (which may be hours after launching the exploit). Using exploit/multi/handler with the option ExitOnSession set to false should do the job.

tags | exploit, shell, root
systems | linux
SHA-256 | 0a9cac7ba17812d5abc36544dbde12e861f70ee5697f577efc23726fdff20564
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
Posted Sep 8, 2014
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in ManageEngine DesktopCentral v7 to v9 build 90054 (including the MSP versions). A malicious user can upload a JSP file into the web root without authentication, leading to arbitrary code execution as SYSTEM. Some early builds of version 7 are not exploitable as they do not ship with a bundled Java compiler.

tags | exploit, java, web, arbitrary, root, code execution, file upload
advisories | CVE-2014-5005
SHA-256 | 3f00913148c06a584d92ce2a97c94e9b52e8665ae0cc5ea1934eb1b11d43053a
DEScrypt Ztex Bruteforcer
Posted Jul 29, 2014
Authored by GiftsUngiven

Proof of concept project that demonstrates how old FPGA boards can be reused for hash cracking purposes.

tags | tool, cracker, proof of concept
SHA-256 | a5d7dd772b6f73f7bfd7ffca2d5849a002cf66e9c9f01f669a988bda7fac8011
Design Foundry Cross Site Scripting / SQL Injection
Posted Jul 21, 2014
Authored by Hekt0r

Sites designed by the Design Foundry suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | ac285e3041cdfdf4907dccb955ca1807933b3c910d7fea8386914ba076c0b995
DesktopCentral AgentLogUpload Arbitrary File Upload
Posted Nov 21, 2013
Authored by Thomas Hibbert | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in DesktopCentral 8.0.0 below build 80293. A malicious user can upload a JSP file into the web root without authentication, leading to arbitrary code execution.

tags | exploit, web, arbitrary, root, code execution, file upload
SHA-256 | a58c7e48a0560ea998d7234b701c9f96d4b2b76ae74d19faf4f38e4420896922
DesktopCentral Shell Upload
Posted Nov 18, 2013
Authored by Thomas Hibbert | Site security-assessment.com

DesktopCentral versions prior to 80293 suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 4aad22e43397ec7360050815be62145be5467cc3cc7f5dc670993b7a63712604
Desarrollo Web Peru Default Login
Posted Oct 15, 2012
Authored by Taurus Omar

Sites created by Desarrollo Web Peru appear to have a default administrative account left in with a password of 12345. Note that this finding houses site-specific data.

tags | exploit, web
SHA-256 | 3ed266f45efa6a00461e6f8ddd18c1a225feeb756b518fe1d9ac3d16a58d9a4c
DesignModern CMS Cross Site Scripting / SQL Injection
Posted May 4, 2012
Authored by the_cyber_nuxbie

DesignModern CMS suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | b895cfad58970a9d72bed291e67cf7bd6df7dd37c95edf442b4d9117fbbe3377
Desarrollado por Goyo SQL Injection
Posted Oct 6, 2011
Authored by 3spi0n

Desarrollado por Goyo suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6e49240d75a170bb754ea35085fc8e2f297647d2bf8675564e9399af2597eb67
Design Associates SQL Injection
Posted Sep 30, 2011
Authored by nGa Sa Lu

Sites by Design Associates suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ac1c5d2914eaa98ea747512d8ee2e1c1f95cd90e09a9b0f2fb8ea74032d5b7c9
Design Extensions SQL Injection / Shell Upload
Posted May 26, 2011
Authored by Kalashinkov3

Design Extensions suffers from shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | 2f69b55a2460678d60c9aebcf63d8418d63dbe9fb83edcba15217f385cd882d3
DesktopOnNet 3 Beta9 Local File Inclusion
Posted Mar 16, 2010
Authored by cr4wl3r

DesktopOnNet version 3 Beta9 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | b7b0e42547bd7a3597a777cbe055e7413a6890a19f36ba85c9c889de7a19a2bd
DesigNsbyjm CMS 1.0 SQL Injection
Posted Dec 15, 2009
Authored by R3d-D3v!L

DesigNsbyjm CMS versions 1.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3b177d14ab9abda4ac27844655b68d31929cc8f51fbfa70d664b0080757618c4
RealServer Describe Buffer Overflow
Posted Oct 27, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a buffer overflow in RealServer 7/8/9 and was based on Johnny Cyberpunk's THCrealbad exploit. This code should reliably exploit Linux, BSD, and Windows-based servers.

tags | exploit, overflow
systems | linux, windows, bsd
SHA-256 | a791dcf6b910dbfe084dccfc98c7268472ca44ed28cf5a7e685b3074addfcfe7
DESlock+ 4.0.2 Code Execution
Posted Jun 19, 2009
Authored by mu-b | Site digit-labs.org

DESlock++ version 4.0.2 local kernel SYSTEM exploit. Affects dlpcrypt.sys version 0.1.1.27.

tags | exploit, kernel, local
SHA-256 | 8ff07a4da72ac1297bb179ba6e2d9a8a8cd03398d6c137b28d4494419fe7e1ef
Desi Short URL Script Insecure Cookie
Posted Jun 10, 2009
Authored by N@bilX

Desi Short URL Script suffers from an insecure cookie handling vulnerability that allows for authentication bypass.

tags | exploit, insecure cookie handling
SHA-256 | 1da0633aeae95a1dd62a9b50f17296d49de7789f40f7ed1d051ff6f2acd3de93
Page 1 of 4
Back1234Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close