exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 94 RSS Feed

Files

Facebook App TVShowChat SQL Injection
Posted Apr 6, 2010
Authored by Inj3ct0r

It appears that the TVShowChat application on Facebook.com suffered from a remote SQL injection vulnerability. The application has since been taken down.

tags | exploit, remote, sql injection
SHA-256 | fdd4d3bc9a22def962946d4743f10de1c591f2da9a57ada4f9a7ed4b2a433b70

Related Files

e-Biz Technocrats Pvt.Ltd SQL Injection
Posted May 29, 2023
Authored by K1LL3rB4LL

It appears that sites designed by e-Biz Technocrats Pvt.Ltd suffer from a remote SQL injection vulnerability. As they do not provide any sort of versioning with their offerings, the researcher was unable to provide affected versions. Versions as of May 11, 2023 were affected.

tags | exploit, remote, sql injection
SHA-256 | 92cf79073e5009f343666e2a43e0a350c61dd730a3d354ea6bc3bd1d42f1ee8d
Corona Exposure Notifications API Data Leakage
Posted Sep 30, 2020
Authored by Dirk-Willem van Gulik

It appears that the corona virus Exposure Notifications API for iOS and Android may have a data leakage issue.

tags | exploit, virus, info disclosure
systems | ios
advisories | CVE-2020-24721
SHA-256 | 8e18dbc56574e080e742895300d9e809339058ef58eb5d6a3369cb6d7a66780a
Tor Linux Sandbox Breakout Via X11
Posted Sep 7, 2017
Authored by Jann Horn, Google Security Research

It appears that you can still talk to X11 outside of the Tor sandbox.

tags | exploit
SHA-256 | 4c74b825d9915b9cc074df48d3f4271e40284d7921ed32acb27be0ca67936611
Unrar VMSF_DELTA Arbitrary Memory Write
Posted Jun 21, 2017
Authored by Thomas Dullien, Google Security Research

It appears that the VMSF_DELTA memory corruption that was reported to Sophos AV in 2012 (and fixed there) was actually inherited from upstream unrar. For unknown reasons, whoever fixed the bug did not report this to upstream unrar, and the bug seems to have persisted there to this day.

tags | exploit
SHA-256 | 3b8acd8becd11c0b8cca739d5aa19f140cbee2a41f1ddb62a46f97e63d344ea2
Mandriva Linux Security Advisory 2014-221
Posted Nov 21, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-221 - Although Mandriva forgot to include a problem description in this advisory, it appears that their latest packages for php-smarty may have address cross site scripting and code execution vulnerabilities.

tags | advisory, php, vulnerability, code execution, xss
systems | linux, mandriva
advisories | CVE-2012-4437, CVE-2014-8350
SHA-256 | 7cbd232472b3b573ab03123f0ac49ea2ed2fdb427ad187747ab9a0211410bd37
Oracle Enterprise Manager advReplicationAdmin Cross Site Scripting
Posted Feb 23, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - It appears that /em/console/database/dist/advRepl/advReplicationAdmin in Oracle Enterprise Manager suffers from multiple cross site scripting vulnerabilities. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, vulnerability, xss
advisories | CVE-2013-0355
SHA-256 | 2792aa7ae5419664ab0b71553d18effc0c29b4e0fc48bb1b6aed69cf14d1a326
Google EveryWhereReward.com Trust Issue
Posted Jan 9, 2013
Authored by Warning

It appears that Google Wallet may share you information with EveryWhereReward.com, who in turn keeps it eternally.

tags | advisory, info disclosure
SHA-256 | 5edf5546c420caa6f44f33049092f514cc7afff8025d13bb4f4f5990e6450979
PayPal Cross Site Scripting
Posted Oct 2, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

It appears that multiple cross site scripting vulnerabilities were discovered in PayPal.com.

tags | exploit, vulnerability, xss
SHA-256 | f5239e9a4f5906c6ed51aa1c2f017f03fb91b576f0133a33b8ab8219f2ba8a70
Ubuntu Security Notice USN-1475-1
Posted Jun 16, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1475-1 - Georgi Guninski discovered that APT relied on GnuPG argument order and did not check GPG subkeys when validating imported keyrings via apt-key net-update. While it appears that a man-in-the-middle attacker cannot exploit this, as a hardening measure this update adjusts apt-key to validate all subkeys when checking for key collisions.

tags | advisory
systems | linux, ubuntu
SHA-256 | c54f5098644121f79f786d26ee2e5582a8bb132ca826107fde250acc9dfdaa18
NEC Backdoor Administrative Account
Posted May 12, 2012
Authored by Djamshut Saarash

It appears that high performance servers from NEC suffer from a hard-coded administrative account that can manipulate memory.

tags | exploit
SHA-256 | eb4272908d1ad7c1709578a39de60f3cbe679c413cb078dd31662645958fdcb3
WordPress Dump Exposure
Posted May 14, 2011
Authored by John Jacobs

It appears that many WordPress instances may have publicly available dumps of their content due to the use of DB-XML.

tags | advisory
SHA-256 | 9e1622627609edfbfe1bc0d8c1e1634ca7e13cdb14ab9ad062d510e915277088
HP MSA2000 G3 Backdoor
Posted Dec 13, 2010

It appears that the HP MSA2000 G3 may have a hardcoded admin account backdoor.

tags | exploit
SHA-256 | 5693ad888ffbeb2a3080f85bf7cbfdabba3178387f4a6f8d1f51b2f6cd45aa25
Multiple Browser Wildcard Cerficate Validation Weakness
Posted Aug 28, 2010
Authored by Richard Moore

It appears that many browsers will gladly accept wildcard certificates for IP addresses versus expecting proper domain names for the CN. This is,.. well, very interesting and violates RFC 2818.

tags | advisory
SHA-256 | 469285a2d833d9b4bcd7b10c8a68f5c5ca09223404f03c1675b62b8780642ca2
Facebook Information Leak
Posted Aug 13, 2010
Authored by Atul Agarwal, Rishabh Singla

When providing a valid email address to Facebook, it appears that there are multiple ways to extract a person's real name and picture.

tags | exploit
SHA-256 | 10afb8696d72cbe51544584ade1e0b09ddb4013dba0b300b96a9dd0c78ef32fd
Apple iTunes 9.00.70 / 9.2.15 Cross Site Scripting
Posted Aug 3, 2010
Authored by Ivan Sanchez

It appears that the Apple iTunes store suffers from some cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
systems | apple
SHA-256 | cea29e6f10dad1c17233c2a38a026ad5917bd5354aa1ce529ab4b1371f721548
Samba chain_reply Memory Corruption (Linux x86)
Posted Jul 17, 2010
Authored by jduck | Site metasploit.com

This exploits a memory corruption vulnerability present in Samba versions prior to 3.3.13. When handling chained response packets, Samba fails to validate the offset value used when building the next part. By setting this value to a number larger than the destination buffer size, an attacker can corrupt memory. Additionally, setting this value to a value smaller than 'smb_wct' (0x24) will cause the header of the input buffer chunk to be corrupted. After close inspection, it appears that 3.0.x versions of Samba are not exploitable. Since they use an "InputBuffer" size of 0x20441, an attacker cannot cause memory to be corrupted in an exploitable way. It is possible to corrupt the heap header of the "InputBuffer", but it didn't seem possible to get the chunk to be processed again prior to process exit. In order to gain code execution, this exploit attempts to overwrite a "talloc chunk" destructor function pointer. This particular module is capable of exploiting the flaw on x86 Linux systems that do not have the nx memory protection. NOTE: It is possible to make exploitation attempts indefinitely since Samba forks for user sessions in the default configuration.

tags | exploit, x86, code execution
systems | linux
advisories | CVE-2010-2063
SHA-256 | 62e4dbdef10ca045ef1ec88681d7b84288ebd9bf3ef44718fc8ad5724142a978
ACM.org Information Disclosure
Posted Feb 19, 2010
Authored by the hacker

It appears that acm.org suffers from a serious data leak and may be ignoring it.

tags | advisory, info disclosure
SHA-256 | 8e6b09b62e771606ad867f018b1b74c049773aab72fa56fc8c39418f207a5b4e
VMWare Insecure Permissions
Posted Jan 7, 2010
Authored by dd

It appears that the VMWare server installer may fail to set the umask and/or file permissions upon installation.

tags | advisory
SHA-256 | ab3baa2673ce5d2da033a24d3862de9f64c2ea0e93bffed05160a6e08193f759
Invision Power Board Attachment Cross Site Scripting
Posted Dec 15, 2009
Authored by MustLive

It appears that additional cross site scripting vulnerabilities exist in Invision Power Board using attachments as the attack vector.

tags | exploit, vulnerability, xss
SHA-256 | 0410b79cf1637134c338f223f7f5300378581aaf14f4b5f5ec19b70839c13d75
GeN3 1.4 SQL Injection
Posted Dec 10, 2009
Authored by u.f

It appears that the recently discovered vulnerability in GeN3 version 1.3 also works against GeN3 version 1.4.

tags | exploit, sql injection
SHA-256 | f129b156270f9e9b305e018efa6a922f749a8f8c21c27ca416a0d76f8945d15c
/proc Filesystem Directory Permission Bypass
Posted Oct 23, 2009
Authored by Pavel Machek

It appears that manipulation of file descriptors via /proc can circumvent permissions on parent directories of the file.

tags | exploit
SHA-256 | 1154b08bf5a16a661c449cdcc6299271c9f319623fdee15cd66341aec640f300
Online Guestbook Pro 5.1 Cross Site Scripting
Posted Jul 9, 2009
Authored by 599eme Man

It appears that more variables in Online Guestbook Pro version 5.1 suffer from cross site scripting issues, not just entry.

tags | exploit, xss
SHA-256 | d7e4848e7bfbbce89d84411fd670af5198d9a19ee79ab9dd4933a56bac68096a
T-Mobile Has Been Pwned?
Posted Jun 8, 2009
Authored by pwnmobile

It appears that T-Mobile has been completely compromised.

tags | paper
SHA-256 | 7bcb5a0dff75273a48c53fbf400ff4aea566f65ca948005d957aa27ace4bca2d
Smartfilter Clear Text Password
Posted Mar 20, 2009
Authored by Daniel Sichel

It appears that Smartfilter for the Sidewinder G2 web proxy stores a world readable clear text password on the system.

tags | advisory, web
SHA-256 | 23911ab359ad001748750028cc5ad14c36650f378092c7ee3b5a0dd207cc0cb4
CheckPoint's VPN1 Code Has Been Stolen
Posted Dec 12, 2008

This was posted to Full Disclosure today. It appears that Checkpoint VPN1 source has been stolen and a remote root exploit is circulating as well.

tags | advisory, remote, root
SHA-256 | f06d63693b43f4f11a20b5e0573d30f86a2e55aa2ca9e64486e0f32979f689b8
Page 1 of 4
Back1234Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close