what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 1,949 RSS Feed

Bypass Files

Student Record System 1.0 SQL Injection
Posted Sep 4, 2024
Authored by indoushka

Student Record System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | 65197edb9fa8815555185ffcfdef263bccbd753949a90ec711337f13c2e0c060
MySQL Authentication Bypass Password Dump
Posted Sep 1, 2024
Authored by jcran, The Light Cosine | Site metasploit.com

This Metasploit module exploits a password bypass vulnerability in MySQL in order to extract the usernames and encrypted password hashes from a MySQL server. These hashes are stored as loot for later cracking. Impacts MySQL versions: - 5.1.x before 5.1.63 - 5.5.x before 5.5.24 - 5.6.x before 5.6.6 And MariaDB versions: - 5.1.x before 5.1.62 - 5.2.x before 5.2.12 - 5.3.x before 5.3.6 - 5.5.x before 5.5.23.

tags | exploit, bypass
advisories | CVE-2012-2122
SHA-256 | e4032569995bd5ac99233c3cc5b3dcf8b3228b921415fd0e18c7acd6d8b4667e
Multiple DVR Manufacturers Configuration Disclosure
Posted Sep 1, 2024
Authored by Alejandro Ramos, juan vazquez | Site metasploit.com

This Metasploit module takes advantage of an authentication bypass vulnerability at the web interface of multiple manufacturers DVR systems, which allows to retrieve the device configuration.

tags | exploit, web, bypass
advisories | CVE-2013-1391
SHA-256 | 92970fe8576d8a26914e34ab8819055f169c2028d4106ed9aa7fe40e0c3de86b
Telerik Report Server Auth Bypass
Posted Sep 1, 2024
Authored by Spencer McIntyre, SinSinology | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in Telerik Report Server versions 10.0.24.305 and prior which allows an unauthenticated attacker to create a new account with administrative privileges. The vulnerability leverages the initial setup page which is still accessible once the setup process has completed. If either USERNAME or PASSWORD are not specified, then a random value will be selected. The module will fail if the specified USERNAME already exists.

tags | exploit, bypass
advisories | CVE-2024-4358
SHA-256 | dd5ebb936dffa162f01557508e65908c7d346e81b5aa548e7f6a390c3e136ffe
HP SiteScope SOAP Call GetSiteScopeConfiguration Configuration Access
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in HP SiteScope which allows to retrieve the HP SiteScope configuration, including administrative credentials. It is accomplished by calling the getSiteScopeConfiguration operation available through the APISiteScopeImpl AXIS service. The HP SiteScope Configuration is retrieved as file containing Java serialization data. This Metasploit module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2 and Linux Centos 6.3.

tags | exploit, java, bypass
systems | linux, windows, centos
SHA-256 | 49a6293f49b3d88908408822f05f60de61f16258c0921f50adecb84a90811493
HP SiteScope SOAP Call LoadFileContent Remote File Access
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in HP SiteScope to retrieve an arbitrary text file from the remote server. It is accomplished by calling the loadFileContent operation available through the APIMonitorImpl AXIS service. This Metasploit module has been successfully tested on HP SiteScope 11.20 over Windows 2003 SP2 and Linux Centos 6.3.

tags | exploit, remote, arbitrary, bypass
systems | linux, windows, centos
SHA-256 | 70fba2e746b60b36e7ed3d2efbabee053f81db339cfb2580347bd710629b238d
Meteocontrol WEBlog Password Extractor
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in Meteocontrol WEBLog appliances (software version < May 2016 release) to extract Administrator password for the device management portal.

tags | exploit, bypass
advisories | CVE-2016-2296, CVE-2016-2298
SHA-256 | d93c088abc0e3aba59a5a03a43b8b57830fee0e8f25c25fecb18e0546ee066f7
HP SiteScope SOAP Call GetFileInternal Remote File Access
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in HP SiteScope to retrieve an arbitrary file from the remote server. It is accomplished by calling the getFileInternal operation available through the APISiteScopeImpl AXIS service. This Metasploit module has been successfully tested on HP SiteScope 11.20 over Windows 2003 SP2 and Linux Centos 6.3.

tags | exploit, remote, arbitrary, bypass
systems | linux, windows, centos
SHA-256 | ac2a6c8b7ee1032f4592faca207812805ca78af0323e9f167ee599f82c2b95f3
SAP CTC Service Verb Tampering User Management
Posted Sep 1, 2024
Authored by Alexandr Polyakov, nmonkee | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in SAP NetWeaver CTC service. The service is vulnerable to verb tampering allowing for unauthorised OS user management. Information about resolution should be available at SAP notes 1589525 and 1624450 (authentication required).

tags | exploit, bypass
SHA-256 | 93f676088b4bc7377e1f0804692d7f6fbe7d6fe554f223e42bf5907a14bb549d
IPMI 2.0 Cipher Zero Authentication Bypass Scanner
Posted Sep 1, 2024
Authored by H D Moore, Dan Farmer | Site metasploit.com

This Metasploit module identifies IPMI 2.0-compatible systems that are vulnerable to an authentication bypass vulnerability through the use of cipher zero.

tags | exploit, bypass
advisories | CVE-2013-4782
SHA-256 | 26e9ad81107fc09e95e82be07f34c04f0ca67ba5b75765817108fcc2774346df
D-Link DIR 645 Password Extractor
Posted Aug 31, 2024
Authored by Michael Messner, Roberto Paleari | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in DIR 645 < v1.03. With this vulnerability you are able to extract the password for the remote management.

tags | exploit, remote, bypass
SHA-256 | 7fe8b8b74336f5dc7dd1fec74d9b8ce3315a1065aebd43f4c022aa9e9817bb7b
Netgear Unauthenticated SOAP Password Extractor
Posted Aug 31, 2024
Authored by h00die, Michael Messner, Peter Adkins | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in different Netgear devices. It allows you to extract the password for the remote management interface.

tags | exploit, remote, bypass
SHA-256 | 6ec21b301158f8e8563ec1fe1e9c6b675e162a88cdc41ce6a56f70fa586ab250
D-Link DSL 320B Password Extractor
Posted Aug 31, 2024
Authored by Michael Messner | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in D-Link DSL 320B less than or equal tov1.23. This vulnerability allows to extract the credentials for the remote management interface.

tags | exploit, remote, bypass
SHA-256 | 46b12d46c687aab16789fe43c6f1a2ff95ae781adbba6ee2c13bae048f23ea0c
Netgear PNPX_GetShareFolderList Authentication Bypass
Posted Aug 31, 2024
Authored by temp66, Grant Willcox | Site metasploit.com

This Metasploit module targets an authentication bypass vulnerability in the mini_http binary of several Netgear Routers running firmware versions prior to 1.2.0.88, 1.0.1.80, 1.1.0.110, and 1.1.0.84. The vulnerability allows unauthenticated attackers to reveal the password for the admin user that is used to log into the routers administrative portal, in plaintext. Once the password has been been obtained, the exploit enables telnet on the target router and then utiltizes the auxiliary/scanner/telnet/telnet_login module to log into the router using the stolen credentials of the admin user. This will result in the attacker obtaining a new telnet session as the "root" user. This vulnerability was discovered and exploited by an independent security researcher who reported it to SSD.

tags | exploit, root, bypass
SHA-256 | b64800ebe35ccd348243151eddc846891e371e499d5629a34a60850c0cbe7c61
Oracle Secure Backup Authentication Bypass / Command Injection
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in login.php in order to execute arbitrary code via a command injection vulnerability in property_box.php. This Metasploit module was tested against Oracle Secure Backup version 10.3.0.1.0 (Win32).

tags | exploit, arbitrary, php, bypass
systems | windows
advisories | CVE-2010-0904
SHA-256 | 6863a81671e2c9181fc762b376462302051ea799490c07fe8f165bc20e6d3514
Oracle Secure Backup Authentication Bypass / Command Injection
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in login.php in order to execute arbitrary code via a command injection vulnerability in property_box.php. This Metasploit module was tested against Oracle Secure Backup version 10.3.0.1.0 (Win32).

tags | exploit, arbitrary, php, bypass
systems | windows
advisories | CVE-2009-1977, CVE-2009-1978
SHA-256 | 16474ed0f873351c852148c57a073ca86fa3cdb0b63dfb8b35602ac09c210c32
Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read
Posted Aug 31, 2024
Authored by sfewer-r7 | Site metasploit.com

This Metasploit module exploits CVE-2024-5806, an authentication bypass vulnerability in the MOVEit Transfer SFTP service. The following version are affected: * MOVEit Transfer 2023.0.x (Fixed in 2023.0.11) * MOVEit Transfer 2023.1.x (Fixed in 2023.1.6) * MOVEit Transfer 2024.0.x (Fixed in 2024.0.2) The module can establish an authenticated SFTP session for a MOVEit Transfer user. The module allows for both listing the contents of a directory, and the reading of an arbitrary file.

tags | exploit, arbitrary, bypass
advisories | CVE-2024-5806
SHA-256 | e42c18fe2ecf06ede012b90f30e4d6c190c704e7d0189584fe141737a2f2eeab
HP ProCurve SNAC Domain Controller Credential Dumper
Posted Aug 31, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module will extract Domain Controller credentials from vulnerable installations of HP SNAC as distributed with HP ProCurve 4.00 and 3.20. The authentication bypass vulnerability has been used to exploit remote file uploads. This vulnerability can be used to gather important information handled by the vulnerable application, like plain text domain controller credentials. This Metasploit module has been tested successfully with HP SNAC included with ProCurve Manager 4.0.

tags | exploit, remote, bypass, file upload
SHA-256 | aed454bc14ce73f32076d32a64079806c8be0da490907a6f04fd8ad00e038838
Samsung Internet Browser SOP Bypass
Posted Aug 31, 2024
Authored by Tod Beardsley, Jeffrey Martin, Dhiraj Mishra | Site metasploit.com

This Metasploit module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up.

tags | exploit, bypass
advisories | CVE-2017-17692
SHA-256 | d84c00616d548716b9414d5a60ebf17fd0c1065bb413ce49d1a747e954c01fc0
Red Hat Security Advisory 2024-5982-03
Posted Aug 29, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-5982-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-31315
SHA-256 | dea1c5df22b38b677801b6ea524c8a48a81a0f3f2ae4e8d30dd88d017d8b57a9
Red Hat Security Advisory 2024-5980-03
Posted Aug 29, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-5980-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-31315
SHA-256 | ac70b27d0174b640b0084de261db2ac80e0a082b60086fd3fed81943b2c9a0b1
Medical Center Portal 1.0 SQL Injection
Posted Aug 27, 2024
Authored by indoushka

Medical Center Portal version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | 4d30a67a0ab94c8ceed55ef0165e2eedf1d276131b5341cfc581bf2954c04b02
Red Hat Security Advisory 2024-5815-03
Posted Aug 27, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-5815-03 - An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2024-22018
SHA-256 | 569f61780dc9652437da28a87851c83315d45be578fe00cbe44247b6034288ab
Login System Project 1.0 SQL Injection
Posted Aug 27, 2024
Authored by indoushka

Login System Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | 6246efe507f796ffbcf438b89a4e64415367c7c634bcb20d80f59a253f813619
Loan Management System 1.0 SQL Injection
Posted Aug 26, 2024
Authored by indoushka

Loan Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
SHA-256 | ed75910910f3f594bf680ca801e599334e60fa3ca166470f03bfa31c27d4c6c4
Page 3 of 78
Back12345Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close