exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 52,539 RSS Feed

Exploit Files

Kafka UI 0.7.1 Command Injection
Posted Feb 20, 2024
Authored by h00die-gr3y, BobTheShopLifter, Thingstad | Site metasploit.com

A command injection vulnerability exists in Kafka UI versions 0.4.0 through 0.7.1 that allows an attacker to inject and execute arbitrary shell commands via the groovy filter parameter at the topic section.

tags | exploit, arbitrary, shell
advisories | CVE-2023-52251
SHA-256 | 1177f100a5a424ec41ea1f0b6efea99c8d820400e1819dbb7bf5253526f7dc02
Savsoft Quiz 6.0 Enterprise Cross Site Scripting
Posted Feb 20, 2024
Authored by Eren Sen

Savsoft Quiz version 6.0 Enterprise suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1ac23355d0f62f25e82f60f47ba431e52d9d96b2c52c9c3d4363d3b2c7465e82
SPA-CART CMS 1.9.0.3 Cross Site Scripting
Posted Feb 20, 2024
Authored by Eren Sen

SPA-CART CMS version 1.9.0.3 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 58fd612953477296342ab3025c080edfa2b76e3aadd2c0664b18066ad9c76722
Petrol Pump Management Software 1.0 Shell Upload
Posted Feb 20, 2024
Authored by SoSPiro

Petrol Pump Management Software version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 17ba90fc439b26fdb9e7248c02187a9cca9a6bc58f83413a24bc776a007f4e2f
Tourism Management System 2.0 Shell Upload
Posted Feb 20, 2024
Authored by SoSPiro

Tourism Management System version 2.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 1ae5b995d0df6c7d5380487c5e7a5f6326a545ef4255195c833afe8afb4e1c6c
Microsoft Windows Defender / Backdoor_JS.Relvelshe.A Detection / Mitigation Bypass
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this post.

tags | exploit, javascript, proof of concept
systems | windows
SHA-256 | 7ab1d57cbbb29f8168521971a747af06eab9ef184d9f61ee316413db3f71e0c9
Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.

tags | exploit, javascript, activex
systems | windows
SHA-256 | 59fee3164e2fd340144dd80b39280328ebce07f8d7f86686261fc6d4a98c71eb
InstantCMS 2.16.1 Cross Site Scripting
Posted Feb 19, 2024
Authored by SoSPiro

InstantCMS version 2.16.1 suffers from a persistent cross site scripting vulnerability that appears to require administrative access.

tags | exploit, xss
SHA-256 | 7923340c990b9cceb58ce85ba5207a9c3605de4fca54417c061ae374af5da4a9
SureMDM On-Premise CAPTCHA Bypass / User Enumeration
Posted Feb 19, 2024
Authored by Jonas Benjamin Friedli

SureMDM On-Premise versions prior to 6.31 suffer from CAPTCHA bypass and user enumeration vulnerabilities.

tags | exploit, vulnerability, bypass
advisories | CVE-2023-3897
SHA-256 | ee08755ff2c77c77422dc3e6137cfea65ccefc051f98543715278a5b354c366c
Online Library Management System 3 Password Reset
Posted Feb 19, 2024
Authored by SoSPiro

Online Library Management System version 3 suffers from a password reset vulnerability due to a logic flaw of allowing the same email address to be set for multiple users.

tags | exploit
SHA-256 | 96e568ac958cfa59e4d69f8e48e162fd23c330d0dfb5ffe9d4c9a3b792fb411c
Employee Management System 1.0 SQL Injection
Posted Feb 19, 2024
Authored by SoSPiro

Employee Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.

tags | exploit, remote, sql injection
SHA-256 | eac3ee07605d15d68a5d408fecb91498a9bfab9973368c0e16d4816f4539dc97
Chrome chrome.pageCapture.saveAsMHTML() Extension API Blocked Origin Bypass
Posted Feb 19, 2024
Authored by Jann Horn, Google Security Research

Chrome has an issue where the chrome.pageCapture.saveAsMHTML() extension API can be used on blocked origins due to a racy access check.

tags | exploit
advisories | CVE-2024-0811
SHA-256 | c081d9b3a89b0a80ccfbb9fc08c3373284b83957b305d8759f551dfbed038c66
WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution
Posted Feb 19, 2024
Authored by prodigiousMind

WonderCMS version 4.3.2 remote exploit that leverages cross site scripting to achieve remote code execution.

tags | exploit, remote, code execution, xss
SHA-256 | 371582d2faf62d5876bcf7818755a049e5f6d427635c029647db990dfb673374
User Registration And Login And User Management System 3.1 SQL Injection
Posted Feb 19, 2024
Authored by SoSPiro

User Registration and Login and User Management System version 3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ba723671e4f9e006fd70585fbb0543f144942a5f1fc4c2f186a7c6b42124a514
Microsoft Windows Defender / Detection Bypass Part 3
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher has found yet another third trivial bypass.

tags | exploit
systems | windows
SHA-256 | 09eed6afe6c6a0d197c6fce088deb76b497d50bef2a85bdfb38c66cb355c03b0
JFrog Artifactory SQL Injection
Posted Feb 19, 2024
Authored by ardr

JFrog Artifactory versions prior to 7.25.4 suffer from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-3860
SHA-256 | 0dc96d8c4641266fce6becf3c5ad80a2e19a76708111b79b7cd09269f93269b7
Metabase 0.46.6 Remote Code Execution
Posted Feb 15, 2024
Authored by Musyoka Ian

Metabase version 0.46.6 pre-authentication remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2023-38646
SHA-256 | 12ec4ccc18bfbb1b00d57a614e06d901073104741529ac741a8598bcfc795479
DS Wireless Communication Code Execution
Posted Feb 15, 2024
Authored by MikeIsAStar | Site github.com

Proof of concept code for a flaw in DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 that allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message.

tags | exploit, remote, arbitrary, proof of concept
advisories | CVE-2023-45887
SHA-256 | 1e92f7059d41e8a56d3136af0c61aed8923d09536167ec279c2c6f0c765af5a1
Statamic CMS Cross Site Scripting
Posted Feb 14, 2024
Authored by Niklas Schilling | Site sec-consult.com

Statamic CMS versions prior to 4.46.0 and 3.4.17 suffer from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2024-24570
SHA-256 | 4c644d027d53cfba4c907e383ad879b026a3cfe941cbb9d3addd3ec2ec8ade1a
Adapt CMS 3.0.3 Cross Site Scripting / Shell Upload
Posted Feb 14, 2024
Authored by Andrey Stoykov

Adapt CMS version 3.0.3 suffers from persistent cross site scripting and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss
SHA-256 | ec4109d350da52c327fa8e68529d724cdbaf75ad4605a394f2c19b7289932d0a
XoopsCore25 2.5.11 Cross Site Scripting
Posted Feb 13, 2024
Authored by nu11secur1ty

XoopsCore25 version 2.5.11 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2ae84d82db1b05e74c65de107834f1df7a00fa59f13b38b64eb16a00c14b1b92
ManageEngine ADManager Plus Recovery Password Disclosure
Posted Feb 13, 2024
Authored by Metin Yunus Kandemir

ManageEngine ADManager Plus versions prior to build 7183 suffers from a recovery password disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2023-31492
SHA-256 | 7874929a14fe57fd79cdf95718b05cd915fe981a7a2e42784b174c59bf45ff2e
Splunk 9.0.4 Information Disclosure
Posted Feb 13, 2024
Authored by parsa rezaie khiabanloo

Splunk version 9.0.4 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | b77bd7f7ffd6d6153c8cdc14dfa763ba25e3593cfc069438e6af40e63292ee7f
LaborOfficeFree 19.10 MySQL Root Password Calculator
Posted Feb 12, 2024
Authored by Peter Gabaldon | Site pgj11.com

LaborOfficeFree installs a MySQL instance that runs as SYSTEM and calculates the MySQL root password based on two constants. Each time the program needs to connect to MySQL as root, it employs the reverse algorithm to calculate the root password. This issue has been tested on version 19.10 exclusively, but allegedly, versions prior to 19.10 are also vulnerable.

tags | exploit, root
advisories | CVE-2024-1346
SHA-256 | 502b91c78328e6802a45c0f60c137a3525f50e9237efcfdd31c3ae86aa049a38
Windows Defender Detection Mitigation Bypass
Posted Feb 12, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass.

tags | exploit
systems | windows
SHA-256 | e971dc3b534b295048fd3f54dd5db062074da676f542175f826bc2b31edb7eb1
Page 1 of 2,102
Back12345Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close