exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 53,050 RSS Feed

Exploit Files

Softing Secure Integration Server 1.22 Remote Code Execution
Posted Jul 22, 2024
Authored by mr_me, Chris Anastasio, Imran E. Dawoodjee | Site metasploit.com

This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using the "restore configuration" feature to upload a zip file containing a path traversal file which is a dll called ..\..\..\..\..\..\..\..\..\..\..\Windows\System32\wbem\wbemcomn.dll. This causes the file C:\Windows\System32\wbem\wbemcomn.dll to be created and executed upon touching the disk. In CVE-2022-2334, the planted wbemcomn.dll is used in a DLL hijacking attack when Softing Secure Integration Server restarts upon restoring configuration, which allows us to execute arbitrary code on the target system. The chain demonstrated in Pwn2Own used a signature instead of a password. The signature was acquired by running an ARP spoofing attack against the local network where the Softing SIS server was located. A username is also required for signature authentication. A custom DLL can be provided to use in the exploit instead of using the default MSF-generated one.

tags | exploit, remote, arbitrary, local, spoof, vulnerability, code execution
systems | windows
advisories | CVE-2022-1373, CVE-2022-2334
SHA-256 | 138c45447c1d3fa090b4666327e202412f377f34d7873c3c578299783f2b2a43
Ghostscript Command Execution / Format String
Posted Jul 22, 2024
Authored by Thomas Rinsma, Christophe de la Fuente | Site metasploit.com

This Metasploit module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 and 10.01.2. Some offsets adjustment will probably be needed to make it work with other versions.

tags | exploit, arbitrary
advisories | CVE-2024-29510
SHA-256 | 3e3f414d0ec3165e352b2624a3e784100a79ab838c827536fa557daa6cf4b2b8
Collateral Damage CVE-2024-30088 Privilege Escalation
Posted Jul 22, 2024
Authored by carrot_c4k3, landaire | Site github.com

Collateral Damage is a kernel exploit for Xbox SystemOS using CVE-2024-30088. It targets Xbox One and Xbox Series consoles running kernel versions 25398.4478, 25398.4908, and 25398.4909. The initial entrypoint is via the Game Script UWP application.

tags | exploit, kernel
advisories | CVE-2024-30088
SHA-256 | 37f647ed1a6f781f4be32182919dbb9877f42dbd8d26a16f662f280d73a0ade5
Adobe Commerce / Magento Open Source XML Injection / User Impersonation
Posted Jul 22, 2024
Authored by RedWay Security | Site github.com

Adobe Commerce and Magento Open Source are affected by an XML injection vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction. Versions Affected include Adobe Commerce and Magento Open Source 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8, and earlier. This exploit uses the arbitrary file reading aspect of the issue to impersonate a user.

tags | exploit, arbitrary, code execution
advisories | CVE-2024-34102
SHA-256 | 6dc2631d3032a832f090c548531e8b8f77ef41c5778c811973c0342b99b373e0
Xhibiter NFT Marketplace 1.10.2 Cross Site Scripting
Posted Jul 22, 2024
Authored by indoushka

Xhibiter NFT Marketplace version 1.10.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a7a598cb46f77d150039a39dbd055a562324f7c75d337f3dfdd9ed322b34d82c
eStore CMS 2.0 SQL Injection
Posted Jul 22, 2024
Authored by indoushka

eStore CMS version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | de369a0ae5b5244b3ab433e9d7d07ec19ac008a8083d31f1bf7a032e4ffa3c9b
Clenix 1.0 Insecure Direct Object Reference
Posted Jul 22, 2024
Authored by indoushka

Clenix version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit
SHA-256 | c8cfbe1e1565830e6a6d2555376f8475ad918a45655a551c1e92d3dbe0868c58
Candy Redis 2.1.2 Admin Page Disclosure
Posted Jul 22, 2024
Authored by indoushka

Candy Redis version 2.1.2 appears to suffer from an administrative page disclosure issue.

tags | exploit
SHA-256 | a69f6d9ff9e980b9fb601fdda46e646f965883d799286eaeb71003e83fe8c43d
Agop CMS 1.0 Insecure Direct Object Reference
Posted Jul 22, 2024
Authored by indoushka

Agop CMS version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit
SHA-256 | 1ed22de09e417dcaed8d9f03d8d62abd6b70fc4587552e70a4bdbce253d3011b
PowerVR Dangling Page Table Entry
Posted Jul 18, 2024
Authored by Jann Horn, Google Security Research

PowerVR has an issue with missing tracking of multiple sparse mappings in DevmemIntChangeSparse2() that leads to a dangling page table entry.

tags | exploit
advisories | CVE-2024-34729
SHA-256 | 426fb16d93d8096a50bbd9d26c9fe783fb082dc59ace42d221957b371d7eaae7
Xenforo 2.2.15 Remote Code Execution
Posted Jul 17, 2024
Authored by EgiX | Site karmainsecurity.com

XenForo versions 2.2.15 and below suffer from a remote code execution vulnerability in the Template system.

tags | exploit, remote, code execution
advisories | CVE-2024-38458
SHA-256 | 141922e324fd21737d323eaed2f53c7bc972900273dfc3e19ea72c0648544233
XenForo 2.2.15 Cross Site Request Forgery
Posted Jul 17, 2024
Authored by EgiX | Site karmainsecurity.com

XenForo versions 2.2.15 and below suffer from a cross site request forgery vulnerability in Widget::actionSave.

tags | exploit, csrf
advisories | CVE-2024-38457
SHA-256 | a2e0e2c93fd20ac00f325a1d77c282bae74c903affae30dd55518d5333641874
Hospital Management System Project In ASP.Net MVC 1 SQL Injection
Posted Jul 17, 2024
Authored by 0xMykull

Hospital Management System Project in ASP.Net MVC version 1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, asp
advisories | CVE-2024-40502
SHA-256 | a527f71217d32274beae028c4fd49e504ec99bf57f1991e46fa931328924f372
Bonjour Service 3,0,0,10 Unquoted Service Path
Posted Jul 17, 2024
Authored by bios

Bonjour Service version 3,0,0,10 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 96a6358909e31beb0326289a4ff7dfcc87a50626a1d66ff21c7c3a1445bf8796
Geoserver Unauthenticated Remote Code Execution
Posted Jul 15, 2024
Authored by jheysel-r7, h00die-gr3y, Steve Ikeoka | Site metasploit.com

GeoServer is an open-source software server written in Java that provides the ability to view, edit, and share geospatial data. It is designed to be a flexible, efficient solution for distributing geospatial data from a variety of sources such as Geographic Information System (GIS) databases, web-based data, and personal datasets. In the GeoServer versions before 2.23.6, greater than or equal to 2.24.0, before 2.24.4 and greater than equal to 2.25.0, and before 2.25.1, multiple OGC request parameters allow remote code execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. An attacker can abuse this by sending a POST request with a malicious xpath expression to execute arbitrary commands as root on the system.

tags | exploit, java, remote, web, arbitrary, root, code execution
advisories | CVE-2024-36401
SHA-256 | 60f349aa901f9dae2286ae790ca0dc4f7e03fb5120fbbaa6cd6f79d5a14fe921
WordPress PZ Frontend Manager 1.0.5 Cross Site Request Forgery
Posted Jul 15, 2024
Authored by Vuln Seeker Cybersecurity Team

WordPress PZ Frontend Manager plugin versions 1.0.5 and below suffer from a cross site request forgery vulnerability in the change user profile picture functionality.

tags | exploit, csrf
SHA-256 | 71b1a540c9b3265fc977fa30c1fda5b93cf9333b67a049926eee9138c3fa55c1
Havoc C2 0.7 Server-Side Request Forgery
Posted Jul 15, 2024
Authored by chebuya

Havoc C2 version 0.7 suffers from an unauthenticated server-side request forgery vulnerability.

tags | exploit
SHA-256 | 230b2481f9d45d3d95942d6366c578a7c8ca2b796c5c8c16549416644fe40531
Confluence Template Injection Remote Code Execution
Posted Jul 15, 2024
Authored by Jacob Baines | Site github.com

Atlassian Confluence suffers from a template injection vulnerability that leads to remote code execution. This repository has three go-exploit implementations of CVE-2023-22527 that execute their payload without touching disk.

tags | exploit, remote, code execution
advisories | CVE-2023-22527
SHA-256 | efe9acf218872fcb2aaad8260c6fdae6e0f538f783ac6624c299f3a0e4254f94
Atlassian Confluence Administrator Code Macro Remote Code Execution
Posted Jul 11, 2024
Authored by W01fh4cker, remmons-r7, Huong Kieu, Ankita Sawlani | Site metasploit.com

This Metasploit module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will authenticate, validate user privileges, extract the underlying host OS information, then trigger remote code execution. All versions of Confluence prior to 7.17 are affected, as are many versions up to 8.9.0.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2024-21683
SHA-256 | b198d9755cf50ac9c6b86be9526d83c12bdaeab6e989721de64dd0ef6781f8d3
LumisXP 16.1.x Cross Site Scripting
Posted Jul 11, 2024
Authored by Rodolfo Tavares | Site tempest.com.br

LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in XsltResultControllerHtml.jsp.

tags | exploit, xss
advisories | CVE-2024-33326
SHA-256 | 44811fffdad55f59cab99ee680cea0158c35b26606a7a72215c8b74fff752970
LumisXP 16.1.x Cross Site Scripting
Posted Jul 11, 2024
Authored by Rodolfo Tavares | Site tempest.com.br

LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in UrlAccessibilityEvaluation.jsp.

tags | exploit, xss
advisories | CVE-2024-33327
SHA-256 | 62722fa4e4796c8ac819f4f74bff3b88e4c3207619569dd0af373cca85ccd325
LumisXP 16.1.x Cross Site Scripting
Posted Jul 11, 2024
Authored by Rodolfo Tavares | Site tempest.com.br

LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in main.jsp

tags | exploit, xss
advisories | CVE-2024-33328
SHA-256 | 6b2f2821d4c2d0424a401ff4ad365da2713d18f6c494dadd54e7fce8dfe51786
LumisXP 16.1.x Hardcoded Credentials / IDOR
Posted Jul 11, 2024
Authored by Rodolfo Tavares | Site tempest.com.br

LumisXP versions 15.0.x through 16.1.x have a hardcoded privileged identifier that allows attackers to bypass authentication and access internal pages and other sensitive information.

tags | exploit
advisories | CVE-2024-33329
SHA-256 | 507655a40fa21c33f270fff3ee33944627b6c9719d3c667e8ec61677948d5b35
WordPress Poll Maker 5.3.2 SQL Injection
Posted Jul 11, 2024
Authored by tmrswrr

WordPress Poll Maker plugin version 5.3.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 412661be72a0f1455977b2bc649510ea25f659ce8916ac1617c93065fb279cc6
ESET NOD32 Antivirus 17.2.7.0 Unquoted Service Path
Posted Jul 11, 2024
Authored by Milad Karimi

ESET NOD32 Antivirus version 17.2.7.0 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 15433b833752badf84eb655e3ab8d18cc641b65960b6406504c020083f4be3fb
Page 1 of 2,122
Back12345Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close