what you don't know can hurt you
Showing 1 - 25 of 42,824 RSS Feed

Exploit Files

Kentix MultiSensor-LAN 5.63.00 Authentication Bypass
Posted Jan 18, 2019
Authored by Micha Borrmann

Kentix MultiSensor-LAN versions 5.63.00 and below suffer from an authentication bypass vulnerability. The web based application is not using a usual session concept with a session cookie for managing authenticated user sessions. Some URLs are protected with HTTP Basic Authentication, but the user management web page can be accessed and used without any authentication.

tags | exploit, web, bypass
advisories | CVE-2018-19783
MD5 | 85615421d4b8774b861196ab8f62be4f
Joomla! 3.9.1 Cross Site Scripting
Posted Jan 18, 2019
Authored by Praveen Sutar

Joomla! version 3.9.1 suffers from a persistent cross site scripting vulnerability in the global configuration textfilter settings.

tags | exploit, xss
advisories | CVE-2019-6263
MD5 | 4b0437df2bd830c4aa1d70bad7749fff
phpTransformer 2016.9 Directory Traversal
Posted Jan 18, 2019
Authored by Ihsan Sencan

phpTransformer version 2016.9 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 72718c9c8004fad0184a37c86c1f7514
phpTransformer 2016.9 SQL Injection
Posted Jan 18, 2019
Authored by Ihsan Sencan

phpTransformer version 2016.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | fd601c1dcbdbbcdfcb6ff05f7608680c
SeoToaster Ecommerce 3.0.0 Local File Inclusion
Posted Jan 18, 2019
Authored by Ihsan Sencan

SeoToaster Ecommerce version 3.0.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 9f2299407ce91ffabeb1fed35708460f
DotNetNuke Events Calendar 1.x File Download
Posted Jan 18, 2019
Authored by KingSkrupellos

DotNetNuke Events Calendar module version 1.x suffers from a file download vulnerability.

tags | exploit, info disclosure
MD5 | 721641e0fe9facec0b882f0b53c699f4
Webmin 1.900 Remote Command Execution
Posted Jan 18, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field must be authorized to discover the directory to be uploaded. A vulnerable file can be printed on the original files of the Webmin application. The vulnerable file we are uploading should be integrated with the application. Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used. The module has been tested successfully with Webmin version 1.900 over Debian 4.9.18.

tags | exploit, java, arbitrary, cgi, root
systems | linux, debian
MD5 | 9e47bc329db56a10368c5886b4673495
SSHtranger Things SCP Client File Issue
Posted Jan 18, 2019
Authored by Mark E. Haase

SCP clients have an issue where additional files can be copied over without your knowledge.

tags | exploit
advisories | CVE-2019-6110, CVE-2019-6111
MD5 | 626b8f9ed7ac34747bdfe8ac1d82a454
FastTube 1.0.1.0 Denial Of Service
Posted Jan 18, 2019
Authored by 0xB9

FastTube version 1.0.1.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | b0a8feeb4554e9665b0fff11cd0742fc
Eco Search 1.0.2.0 Denial Of Service
Posted Jan 18, 2019
Authored by 0xB9

Eco Search version 1.0.2.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 548fa4c8f731973b2b0da797bad462e2
One Search 1.1.0.0 Denial Of Service
Posted Jan 18, 2019
Authored by 0xB9

One Search version 1.1.0.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 440e69004749262fcac493df8490d477
VPN Browser+ 1.1.0.0 Denial Of Service
Posted Jan 18, 2019
Authored by 0xB9

VPN Browser+ version 1.1.0.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 2c89b75417ef55c71fe7d5f2830e7c49
7 Tik 1.0.1.0 Denial Of Service
Posted Jan 18, 2019
Authored by 0xB9

7 Tik version 1.0.1.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | b9738c9c7801be73bb212abb7c5d58cc
Watchr 1.1.0.0 Denial Of Service
Posted Jan 18, 2019
Authored by 0xB9

Watchr version 1.1.0.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 23fcf967de504a6a7860458912eff2d8
Microsoft Edge Chakra InlineArrayPush Type Confusion
Posted Jan 17, 2019
Authored by Google Security Research, lokihardt

Microsoft Edge suffers from a Chakra related type confusion vulnerability in InlineArrayPush.

tags | exploit
advisories | CVE-2018-8617
MD5 | 43954049af42d6f9760693a7a6a692de
Mozilla Firefox 64 Information Disclosure
Posted Jan 17, 2019
Authored by Dr. Vladimir Bostanov

Mozilla Firefox versions 64 and below have an issue where an overly liberal same-origin policy for file URIs and a bug in the implementation of this policy make Firefox vulnerable to exposure of local files to a remote attacker.

tags | exploit, remote, local
MD5 | fe019fa6ad6c40086ca4f91c26ff77f8
Siemens SICAM A8000 Series Denial Of Service
Posted Jan 17, 2019
Authored by Nicolas Heiniger, Emanuel Duss

Siemens SICAM A8000 Series suffers from an XML injection denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2018-13798
MD5 | 94b83feccca12141f97e4a4996b14321
Oracle Reports Developer 12.2.1.3 Cross Site Scripting
Posted Jan 17, 2019
Authored by Mohamed M.Fouad

Oracle Reports Developer component version 12.2.1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-2413
MD5 | 04e442a342d11d6ebcdf78f719bbbf63
Joomla YoutubeGallery 4.5.8 Database Disclosure / SQL Injection
Posted Jan 17, 2019
Authored by KingSkrupellos

Joomla YoutubeGallery component version 4.5.8 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
MD5 | 1f0d1a5760ad50229ec53fa02c921fef
Joomla ZHYandexMap 8.0.0.2 Database Disclosure
Posted Jan 17, 2019
Authored by KingSkrupellos

Joomla ZHYandexMap component version 8.0.0.2 suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | f7725173a86620e012164a7a17e2dfa1
Microsoft Edge Chakra JIT Use-After-Free / Flag Issue
Posted Jan 17, 2019
Authored by Google Security Research, lokihardt

In Microsoft Edge, the JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it is essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the JavaScript code, otherwise it might not work properly. The problem is, it does not restore the previous status of the flag after the call. As setting the flag can prevent stack-allocated objects from leaking, this clearing-the-flag bug can lead to a stack-based use-after-free.

tags | exploit, javascript
advisories | CVE-2019-0568
MD5 | 5c28c1a80c423bfe8ef6de5aa3f1170b
Microsoft Edge Chakra JIT NewScObjectNoCtor / InitProto Type Confusion
Posted Jan 17, 2019
Authored by Google Security Research, lokihardt

Microsoft Edge has an issue where NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code.

tags | exploit
advisories | CVE-2019-0567
MD5 | 46eb78a54630f51f57be7bcdca2fa397
Check Point ZoneAlarm 8.8.1.110 Local Privilege Escalation
Posted Jan 17, 2019
Authored by Chris Anastasio

Check Point ZoneAlarm version 8.8.1.110 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | d5cc68c9e775edbaf57809134a79ebcb
Blueimp jQuery File Upload 9.22.0 Arbitrary File Upload
Posted Jan 17, 2019
Authored by Larry W. Cashdollar

Blueimp jQuery File Upload versions 9.22.0 and below suffer from a remote file upload vulnerability.

tags | exploit, remote, file upload
advisories | CVE-2018-9206
MD5 | e2fcb7c12aedd4cbe1a64e468bb035e4
ShoreTel / Mitel Connect ONSITE ST14.2 Remote Code Execution
Posted Jan 17, 2019
Authored by twosevenzero

ShoreTel / Mitel Connect ONSITE ST14.2 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-5782
MD5 | d6775f8fba2dee0067eb79a6bbafd88f
Page 1 of 1,713
Back12345Next

File Archive:

January 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    15 Files
  • 2
    Jan 2nd
    15 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    1 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    24 Files
  • 8
    Jan 8th
    15 Files
  • 9
    Jan 9th
    16 Files
  • 10
    Jan 10th
    23 Files
  • 11
    Jan 11th
    17 Files
  • 12
    Jan 12th
    3 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    33 Files
  • 16
    Jan 16th
    23 Files
  • 17
    Jan 17th
    29 Files
  • 18
    Jan 18th
    15 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close