exploit the possibilities
Showing 1 - 25 of 43,802 RSS Feed

Exploit Files

FreeBSD rtld execl() Privilege Escalation
Posted May 22, 2019
Authored by stealth, Kingcope | Site metasploit.com

This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor (rtld). The rtld unsetenv() function fails to remove LD_* environment variables if __findenv() fails. This can be abused to load arbitrary shared objects using LD_PRELOAD, resulting in privileged code execution.

tags | exploit, arbitrary, code execution
systems | freebsd, bsd
advisories | CVE-2009-4146, CVE-2009-4147
MD5 | 8389e3a76ad8302ffe4213d460a38deb
Mac OS X Feedback Assistant Race Condition
Posted May 22, 2019
Authored by timwr, CodeColorist | Site metasploit.com

This Metasploit module exploits a race condition vulnerability in Mac's Feedback Assistant. A successful attempt would result in remote code execution under the context of root.

tags | exploit, remote, root, code execution
advisories | CVE-2019-8565
MD5 | 92e9e59de8b1c44532025e2d75591bf9
Shopware createInstanceFromNamedArguments PHP Object Instantiation
Posted May 22, 2019
Authored by mr_me, Karim Ouerghemmi | Site metasploit.com

This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently performs whitelist check which can be bypassed to trigger an object injection. An attacker can leverage this to deserialize an arbitrary payload and write a webshell to the target system, resulting in remote code execution. Tested on Shopware git branches 5.6, 5.5, 5.4, 5.3.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2017-18357
MD5 | a99c1e8083c3f15ba37bddffdcfae6ae
XNU Stale Pointer Use-After-Free
Posted May 21, 2019
Authored by Google Security Research, nedwill

XNU suffers from a use-after-free vulnerability due to a stale pointer left by in6_pcbdetach.

tags | exploit
advisories | CVE-2019-8605
MD5 | a4597bf5b2e139422599f9470288ee0a
Visual Voicemail For iPhone IMAP NAMESPACE Use-After-Free
Posted May 21, 2019
Authored by Google Security Research, natashenka

Visual Voicemail for iPhone suffers from a use-after-free vulnerability in IMAP NAMESPACE processing.

tags | exploit, imap
systems | apple, iphone
advisories | CVE-2019-8613
MD5 | ee209f50afa19dc15f5533506c05c21c
Darktrace Enterpise Immune System 3.0.9 / 3.0.10 Cross Site Request Forgery
Posted May 21, 2019
Authored by Gerwout Van der Veen

Darktrace Enterprise Immune System versions 3.0.9 and 3.0.10 contain multiple cross site request forgery vulnerabilities. It is highly likely that older versions are affected as well, but this has not been confirmed. An attacker can whitelist domains and/or change core Darktrace configuration.

tags | exploit, vulnerability, csrf
advisories | CVE-2019-9596, CVE-2019-9597
MD5 | be5c3f64b5b2fcf3157da5bda8fa15d8
XNU stf_ioctl Bad Cast
Posted May 21, 2019
Authored by Google Security Research, nedwill

XNU suffers from a wild-read (and possible corruption) due to bad cast in stf_ioctl.

tags | exploit
advisories | CVE-2019-8591
MD5 | 82933fea5ae121113514f59c5ffb704c
Microsoft Windows CmKeyBodyRemapToVirtualForEnum Arbitrary Key Enumeration
Posted May 21, 2019
Authored by James Forshaw, Google Security Research

The Microsoft Windows kernel's Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.

tags | exploit, arbitrary, kernel, registry
systems | windows
advisories | CVE-2019-0881
MD5 | b9ac41d7a345cbb537b2a935197cf91b
JavaScriptCore LICM Uninitialized Stack Variable
Posted May 21, 2019
Authored by saelo, Google Security Research

JavaScriptCore loop-invariant code motion (LICM) in DFG JIT leaves a stack variable uninitialized.

tags | exploit
advisories | CVE-2019-8623
MD5 | e3d6af3254ffc8f7e66b61e4895a6d8a
PHP PHP_INI_SYSTEM Ineffective Controls
Posted May 21, 2019
Authored by Imre Rad

Security controls configured via php.ini directives at the PHP_INI_SYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform. Proof of concept code included.

tags | exploit, php, proof of concept
systems | linux
MD5 | f04fc6f6465d117497efa31d8a63fc4e
Slims CMS Akasia 8.3.1 SQL Injection
Posted May 21, 2019
Authored by KingSkrupellos

Slims CMS Akasia version 8.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | b206a2df6f22213d6d130b50f86b3892
Emerson Network Power Liebert Challenger 5.1E0.5 Cross Site Scripting
Posted May 18, 2019
Authored by Kubilay Onur Gungor

Emerson Network Power Liebert Challenger version 5.1E0.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-12167
MD5 | aa6b0f6fad2870e8a0d444aefcd1682f
phpKF 1.10 XSS / CSRF / SQL Injection
Posted May 18, 2019
Authored by Ahmethan Gultekin

phpKF version 1.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | 795ed99fa78d642c4fd08d6d72e99027
Common Desktop Environment 2.3.0 dtprintinfo Privilege Escalation
Posted May 17, 2019
Authored by Marco Ivaldi

A buffer overflow in the DtPrinterAction::PrintActionExists() function in the Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long printer name passed to dtprintinfo by a malicious lpstat program.

tags | exploit, overflow, local, root
systems | solaris
MD5 | ea6e7c2d1a9b43266fe95e8a9d5cbc8a
Huawei eSpace 1.1.11.103 Meeting Heap Overflow
Posted May 17, 2019
Authored by LiquidWorm | Site zeroscience.mk

Huawei eSpace version 1.1.11.103 Meeting suffers from a heap-based memory overflow vulnerability when parsing large amount of bytes to the 'strNum' string parameter in GetNameyNum() in 'ContactsCtrl.dll' and 'strName' string parameter in SetUserInfo() in eSpaceStatusCtrl.dll library, resulting in heap memory corruption. An attacker can gain access to the system of the affected node and execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2014-9418
MD5 | 43fe6543f8cb002cb254160219802dbf
Huawei eSpace 1.1.11.103 Meeting Image File Format Handling Buffer Overflow
Posted May 17, 2019
Authored by LiquidWorm | Site zeroscience.mk

Huawei eSpace version 1.1.11.103 Meeting conference whiteboard functionality is vulnerable to a buffer overflow issue when inserting known image file formats. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

tags | exploit, overflow, arbitrary
advisories | CVE-2014-9417
MD5 | c36d1acbfc97338fa91b2582495a9065
Huawei eSpace 1.1.11.103 Unicode Stack Buffer Overflow
Posted May 17, 2019
Authored by LiquidWorm | Site zeroscience.mk

Huawei eSpace Meeting cenwpoll.dll unicode stack buffer overflow exploit with SEH overwrite.

tags | exploit, overflow
advisories | CVE-2014-9415
MD5 | b8123371cc62e9e56ed5c1b8a3190dbf
Huawei eSpace 1.1.11.103 DLL Hijacking
Posted May 17, 2019
Authored by LiquidWorm | Site zeroscience.mk

Huawei eSpace version 1.1.11.103 suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (mfc71enu.dll, mfc71loc.dll, tcapi.dll and airpcap.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file (.html, .jpg, .png) located on a remote WebDAV or SMB share.

tags | exploit, remote, arbitrary
advisories | CVE-2014-9416
MD5 | 164434fe76b34f5ac83975379ce13f13
Cisco Expressway Gateway 11.5.1 Directory Traversal
Posted May 17, 2019
Site redteam-pentesting.de

Cisco Expressway Gateway version 11.5.1 suffers from a directory traversal vulnerability.

tags | exploit
systems | cisco
advisories | CVE-2019-1854
MD5 | 5e57b3dc6cda4bfab16fe178906a4ab3
Freelance Cockpit CRM 3.3.1 SQL Injection
Posted May 17, 2019
Authored by Mehmet Emiroglu

Freelance Cockpit CRM version 3.3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 9517e26f9795d2d12180dbcabcd3756f
Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution
Posted May 17, 2019
Authored by Numan OZDEMIR

Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection, csrf
advisories | CVE-2019-12094, CVE-2019-12095
MD5 | 3a2774bb8454eb33abd06b33e79cff19
GAT-Ship Web Module 1.30 Information Disclosure
Posted May 17, 2019
Authored by Gionathan Reale

GAT-Ship Web Module versions 1.30 and below suffer from an information disclosure vulnerability.

tags | exploit, web, info disclosure
advisories | CVE-2019-12163
MD5 | fa08f0398b0cd67b7741c9b10aaadbd5
GetSimpleCMS 3.3.15 Remote Code Execution
Posted May 16, 2019
Authored by truerand0m | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability found in GetSimpleCMS versions 3.3.15 and below. An arbitrary file upload (PHPcode for example) vulnerability can be triggered by an authenticated user, however authentication can be bypassed by leaking the cms API key to target the session manager.

tags | exploit, remote, arbitrary, code execution, file upload
advisories | CVE-2019-11231
MD5 | 6062088ad83896c13ad8c78e57d1baf2
SEL AcSELerator Architect 2.2.24 Denial Of Service
Posted May 16, 2019
Authored by LiquidWorm | Site zeroscience.mk

SEL AcSELerator Architect version 2.2.24 suffers from a CPU exhaustion denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2018-10608
MD5 | f89167b20fd02592d6e08fff3a0dad89
Axessh 4.2 Denial Of Service
Posted May 16, 2019
Authored by Victor Mondragon

Axessh version 4.2 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | b00661627ba27ca16d4c162c06ddac7c
Page 1 of 1,753
Back12345Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    12 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    16 Files
  • 22
    May 22nd
    3 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close