what you don't know can hurt you
Showing 1 - 25 of 49,119 RSS Feed

Exploit Files

Backdoor.Win32.Wollf.16 Hardcoded Credential
Posted Jan 21, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Wollf.16 malware suffers from a hardcoded credential vulnerability.

tags | exploit
systems | windows
MD5 | 4ce52164a4ee3f9382baf71f4c27d495
Backdoor.Win32.Wollf.16 Authentication Bypass
Posted Jan 21, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Wollf.16 malware suffers from an authentication bypass vulnerability.

tags | exploit, bypass
systems | windows
MD5 | a6064aef3963aa3ad1d965feafc34c41
Banco Guayaquil 8.0.0 Cross Site Scripting
Posted Jan 21, 2022
Authored by Taurus Omar

Banco Guayaquil for iOS version 8.0.0 suffers from a script insertion vulnerability where a user can insert malicious code into their own name and could possibly be leveraged for attacks upstream.

tags | exploit, xss
systems | ios
MD5 | 9fe795c9676108261961f6cb37a2628d
Online Project Time Management 1.0 SQL Injection
Posted Jan 21, 2022
Authored by nu11secur1ty

Online Project Time Management version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 29db9e4141f52450f2461938b5b01425
Grandstream GXV3175 Unauthenticated Command Execution
Posted Jan 20, 2022
Authored by Brendan Coles, alhazred, Brendan Scarvell | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Grandstream GXV3175 IP multimedia phones. The settimezone action does not validate input in the timezone parameter allowing injection of arbitrary commands. A buffer overflow in the phonecookie cookie parsing allows authentication to be bypassed by providing an alphanumeric cookie 93 characters in length. This module was tested successfully on Grandstream GXV3175v2 hardware revision V2.6A with firmware version 1.0.1.19.

tags | exploit, overflow, arbitrary
advisories | CVE-2019-10655
MD5 | d0714d342ba12f124e7b2588f1b2bde6
VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution
Posted Jan 20, 2022
Authored by Spencer McIntyre, RageLtMan, jbaines-r7, w3bd3vil | Site metasploit.com

VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux virtual appliance and SYSTEM on Windows. This Metasploit module will start an LDAP server that the target will need to connect to. This exploit uses the logon page vector.

tags | exploit, java, root
systems | linux, windows
advisories | CVE-2021-44228
MD5 | 32d2d28bcb4dba8e71d1328de3ecb778
Ransomware Builder Babuk Insecure Permissions
Posted Jan 20, 2022
Authored by malvuln | Site malvuln.com

Ransomware Builder Babuk malware suffers from an insecure permissions vulnerability.

tags | exploit
MD5 | a0cd8289685e1605dfafad9ad4ee310e
Backdoor.Win32.Wisell Remote Command Execution
Posted Jan 20, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Wisell malware suffers from a remote command execution vulnerability.

tags | exploit, remote
systems | windows
MD5 | 235e6158650f534d03cf794bbe213c8c
CollectorStealerBuilder Panel 2.0.0 Man-In-The-Middle
Posted Jan 20, 2022
Authored by malvuln | Site malvuln.com

The panel for Collector Stealer malware version 2.0.0 suffers from a man-in-the-middle vulnerability.

tags | exploit
MD5 | 78d4972e4013313c7d6d598a0bb2c3dc
CollectorStealerBuilder Panel 2.0.0 Insecure Credential Storage
Posted Jan 20, 2022
Authored by malvuln | Site malvuln.com

The panel for Collector Stealer malware version 2.0.0 stores the login credentials in plaintext in its MySQL database. Third-party attackers who gain access to the system can read the database username passwords without having to crack them offline.

tags | exploit
MD5 | 6e13ca6b026a5716e7f55a09e24384c8
VulturiBuilder Insecure Permissions
Posted Jan 20, 2022
Authored by malvuln | Site malvuln.com

VulturiBuilder malware suffers from an insecure permissions vulnerability.

tags | exploit
MD5 | ae3e3340f93567f3bbe330d3e69b0088
WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting
Posted Jan 19, 2022
Authored by Chloe Chamberland | Site wordfence.com

WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-0218
MD5 | 961ed2fa6e6f7b7b1b24ccf2f6d4c866
Archeevo 5.0 Local File Inclusion
Posted Jan 18, 2022
Authored by Miguel Santareno

Archeevo version 5.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | d4916c25ed879d611b512e54a177db61
Landa Driving School Management System 2.0.1 Arbitrary File Upload
Posted Jan 18, 2022
Authored by Sohel Yousef

Landa Driving School Management System version 2.0.1 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 7963549ed3c7725b16cd7edcb0f82465
Online Resort Management System 1.0 SQL Injection
Posted Jan 18, 2022
Authored by Gaurav Grover

Online Resort Management System version 1.0 suffer from remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to nu11secur1ty on January 10, 2022.

tags | exploit, remote, vulnerability, sql injection
MD5 | 372024ce26beb70ad0af01de139944e2
Simple Chatbot Application 1.0 Shell Upload
Posted Jan 18, 2022
Authored by Saud Alenazi

Simple Chatbot Application version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 496e3c1a6fdd0c52e04197b0bf576217
Simple Chatbot Application 1.0 SQL Injection
Posted Jan 18, 2022
Authored by Saud Alenazi

Simple Chatbot Application version 1.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 423037e1de190035b5f4204ba5afecb3
Nyron 1.0 SQL Injection
Posted Jan 18, 2022
Authored by Miguel Santareno

Nyron version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ebda646b81bc44e41070a684f17492a0
OpenBMCS 2.4 Secret Disclosure
Posted Jan 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

OpenBMCS version 2.4 suffers from a secret disclosure vulnerability.

tags | exploit
MD5 | 6afd87bfc0acebdfb54ecbd91b4f947d
OpenBMCS 2.4 Remote File Inclusion / Server-Side Request Forgery
Posted Jan 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

OpenBMCS version 2.4 suffers from remote file inclusion and server-side request forgery vulnerabilities.

tags | exploit, remote, vulnerability, file inclusion
MD5 | a07cdb05430fee7d884a0a15435b9828
AgentTesla Builder Web Panel SQL Injection
Posted Jan 17, 2022
Authored by malvuln | Site malvuln.com

AgentTesla Builder Web Panel malware suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | efe393eb9fdd53e136eeefd29b90bee0
AgentTesla Builder Web Panel Cross Site Scripting
Posted Jan 17, 2022
Authored by malvuln | Site malvuln.com

AgentTesla Builder Web Panel malware suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
MD5 | 741fff0bd029276b220bf7cb36a805a8
OpenBMCS 2.4 Remote Privilege Escalation
Posted Jan 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

OpenBMCS version 2.4 create administrator proof of concept exploit that leverages a remote privilege escalation vulnerability.

tags | exploit, remote, proof of concept
MD5 | 86c9cf2aaa58913dbceecc5bc3d8f507
OpenBMCS 2.4 SQL Injection
Posted Jan 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

OpenBMCS version 2.4 suffers from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f3540f568b23385709de647199567647
Chaos Ransomware Builder 4 Insecure Permissions
Posted Jan 17, 2022
Authored by malvuln | Site malvuln.com

Chaos Ransomware Builder version 4 malware suffers from an insecure permissions vulnerability.

tags | exploit
MD5 | c2c268f6fc5d05f302cf1e4ba898e768
Page 1 of 1,965
Back12345Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close