what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 50,139 RSS Feed

Exploit Files

qdPM 9.1 Authenticated Shell Upload
Posted Sep 29, 2022
Authored by Rishal Dwivedi, Leon Trappett, Giacomo Casoni | Site metasploit.com

A remote code execution vulnerability exists in qdPM versions 9.1 and below. An attacker can upload a malicious PHP code file via the profile photo functionality by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature thus allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.

tags | exploit, remote, php, code execution
advisories | CVE-2015-3884, CVE-2020-7246
SHA-256 | 41d2d18aa9196d7f57810fe954d8362f8c6f3662e5ba2a143d334cd07ac9b371
Joomla AdsManager 3.2.0 SQL Injection
Posted Sep 29, 2022
Authored by CraCkEr

Joomla AdsManager extension version 3.2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d94efabfad9904e592ec82124c03316f4ce8b774ae57879750a98a1445884262
Bus Pass Management System 1.0 Cross Site Scripting
Posted Sep 29, 2022
Authored by Ali Alipour

Bus Pass Management System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 54b5f2852b454991cb45a80382823090c9ab28550870d5b5a1a6ae83964d87e3
Online Examination System 1.0 SQL Injection
Posted Sep 29, 2022
Authored by Yousef Alraddadi

Online Examination System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | dba8c93e85cd1df6195d39d4a331df0a884b158c86b28ffa00bd3dea43e7b6ba
Joomla EDocman 1.23.3 Cross Site Scripting
Posted Sep 29, 2022
Authored by CraCkEr

Joomla EDocman extension version 1.23.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7b56a9d176668a085432fd6441efba2f1cb355a86dd6f94e9c5fcdce3437fd1e
Online Examination System 1.0 Cross Site Scripting
Posted Sep 29, 2022
Authored by Yousef Alraddadi

Online Examination System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2cedda0df4347ed510cf540f0c12e96dc76e73743d9ba1ef37fba000b2d31b53
Mobile Mouse Remote Code Execution
Posted Sep 28, 2022
Authored by h00die, Chokri Hammedi | Site metasploit.com

This Metasploit module utilizes the Mobile Mouse Server by RPA Technologies, Inc protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password (default). Tested against 3.6.0.4, the current version at the time of module writing.

tags | exploit, protocol
SHA-256 | 35ce38a49d631a1847c797e9146b16df6ce4723bdc80f1fe1d1a02f833e0ab88
Netfilter nft_set_elem_init Heap Overflow Privilege Escalation
Posted Sep 28, 2022
Authored by Redouane Niboucha, Arthur Mongodin | Site metasploit.com

An issue was discovered in the Linux kernel through version 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges. The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access. The issue exists in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

tags | exploit, overflow, kernel, local, root
systems | linux
advisories | CVE-2022-34918
SHA-256 | a48b50f226770ad9be34695226967d12509d7dd73ec5b350a5c71eafda86cc6b
EShop Joomla Shopping-Cart 3.6.0 Cross Site Scripting
Posted Sep 28, 2022
Authored by CraCkEr

EShop Joomla Shopping-Cart extension version 3.6.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d656a0742b906b47a0b4ec2711f61383d9c25d00858b324982b9899aefaf1fda
WordPress Motopress Hotel Booking Lite 4.4.2 Cross Site Scripting
Posted Sep 28, 2022
Authored by Ali Alipour

Motopress Hotel Booking Lite plugin version 4.4.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3ed48165602f4bd9548ae2c2a60d166d4e4c761edf4ac75c034e6792d95ba5bb
COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read
Posted Sep 27, 2022
Authored by T. Weber, Gerhard Hechenberger, Steffen Robertz, T. Longin | Site sec-consult.com

COVESA versions 2.18.8 and below suffer from heap buffer over-read and null pointer dereference vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2022-39836, CVE-2022-39837
SHA-256 | 548515ca72e9a559204cae299150309e86e1f034ccca3a9cd876a5da99d81eb2
Online Birth Certificate Management System 1.0 Cross Site Scripting
Posted Sep 27, 2022
Authored by Yousef Alraddadi

Online Birth Certificate Management System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 943388058f90bc4b22c687ef0d6cbdb5a64f64c8d68d43bb23f0b86408b86d92
Online Birth Certificate Management System 1.0 Cross Site Scripting
Posted Sep 27, 2022
Authored by Yousef Alraddadi

Online Birth Certificate Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7e9852e1ba3b10ed9809857eace8d6e330d1f9d7306d8b2d80c0851d85229f86
Online Birth Certificate Management System 1.0 Insecure Direct Object Reference
Posted Sep 27, 2022
Authored by Yousef Alraddadi

Online Birth Certificate Management System version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit
SHA-256 | d518fb678e05f322e7641da9649d676bbd4181439b71880505b5b152205524bb
Online Birth Certificate Management System 1.0 Cross Site Request Forgery
Posted Sep 27, 2022
Authored by Yousef Alraddadi

Online Birth Certificate Management System version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | f90076f01c3d533b4fccbc2387bf165114d9246cfe28d87c6be0ae171a022afe
Food Ordering Management System 1.0 SQL Injection
Posted Sep 27, 2022
Authored by Yousef Alraddadi

Food Ordering Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1be2c696b62c411f0a88c3819a1d4653e0f042e7aa59018ccd5596555ca02a4b
WiFi Mouse 1.8.3.4 Remote Code Execution
Posted Sep 26, 2022
Authored by h00die, H4rk3nz0, RedHatAugust | Site metasploit.com

The WiFi Mouse (Mouse Server) from Necta LLC contains an authentication bypass as the authentication is completely implemented entirely on the client side. By utilizing this vulnerability, is possible to open a program on the server (cmd.exe in our case) and type commands that will be executed as the user running WiFi Mouse (Mouse Server), resulting in remote code execution. Tested against versions 1.8.3.4 (current as of module writing) and 1.8.2.3.

tags | exploit, remote, code execution
advisories | CVE-2022-3218
SHA-256 | a1eb49c803eef32a7d3986d02c20457c3afa4cb25fe942b90918d6d5bcceb6e6
Veritas Backup Exec Agent Remote Code Execution
Posted Sep 26, 2022
Authored by Alexander Korotin | Site metasploit.com

Veritas Backup Exec Agent supports multiple authentication schemes and SHA authentication is one of them. This authentication scheme is no longer used within Backup Exec versions, but had not yet been disabled. An attacker could remotely exploit the SHA authentication scheme to gain unauthorized access to the BE Agent and execute an arbitrary OS command on the host with NT AUTHORITY\SYSTEM or root privileges depending on the platform. The vulnerability presents in 16.x, 20.x and 21.x versions of Backup Exec up to 21.2 (or up to and including Backup Exec Remote Agent revision 9.3).

tags | exploit, remote, arbitrary, root
advisories | CVE-2021-27876, CVE-2021-27877, CVE-2021-27878
SHA-256 | 5d2a9879ee25f3f36daab21dabc7454caa668fe4871c215806df28dda8ea3890
Backdoor.Win32.Augudor.b MVID-2022-0644 Code Execution
Posted Sep 26, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Augudor.b malware suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
SHA-256 | eb63fba65d43437a287680fff71157dd2127d980055e141a70d67d2a9e75bbe9
WordPress Forym 1.5.7 Cross Site Scripting
Posted Sep 26, 2022
Authored by CraCkEr

WordPress Forym plugin version 1.5.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9098a88f216244d26aece5715f65327ef4cb3938af59970db2d4b6054763dadd
WordPress Sabai Discuss 1.4.13 Cross Site Scripting
Posted Sep 26, 2022
Authored by CraCkEr

WordPress Sabai Discuss plugin version 1.4.13 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 89f5ed0fd301c5179d5c7e7b897151915e046831ba89d38f7fe464fece6e2463
Online Diagnostic Lab Management System 1.0 SQL Injection / Shell Upload
Posted Sep 26, 2022
Authored by Yousef Alraddadi

Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell.

tags | exploit, remote, shell, sql injection, bypass
SHA-256 | a9a666adc9b5791a812164167d20c4ced022f91eed35188667143b4e7b0ee94e
WooCommerce BRW Booking Rental 1.3.1 Cross Site Scripting
Posted Sep 26, 2022
Authored by CraCkEr

WooCommerce plugin BRW Booking Rental version 1.3.1 from Ovatheme suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dfe1cdd557607de5f92a6a88e09b22e7cde7affb9a23004ed5c5615dd5fb84d4
Backdoor.Win32.Psychward.b MVID-2022-0645 Hardcoded Credential
Posted Sep 26, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Psychward.b malware suffers from a hardcoded credential vulnerability.

tags | exploit
systems | windows
SHA-256 | 4a196172d709119bf5c9fd8264d2064a406a4232f965f914f828caf704ad4124
Backdoor.Win32.Bingle.b MVID-2022-0643 Hardcoded Credential
Posted Sep 26, 2022
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Bingle.b malware suffers from a hardcoded credential vulnerability.

tags | exploit
systems | windows
SHA-256 | 2071a5c002ce27b0ea6b560999d5a672774467ed9490813fdbb0280c50591569
Page 1 of 2,006
Back12345Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close