Twenty Year Anniversary
Showing 1 - 25 of 42,046 RSS Feed

Exploit Files

Microsoft Windows SetImeInfoEx Win32k NULL Pointer Dereference
Posted Oct 19, 2018
Authored by unamer, Dhiraj Mishra, bigric3, Anton Cherepanov | Site metasploit.com

This Metasploit module exploits an elevation of privilege vulnerability that exists in Windows 7 and 2008 R2 when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This Metasploit module is tested against windows 7 x86, windows 7 x64 and windows server 2008 R2 standard x64.

tags | exploit, arbitrary, x86, kernel
systems | windows, 7
advisories | CVE-2018-8120
MD5 | 967e04838b302049cc237c549437ccec
Viprinet VPN Hub Router Cross Site Scripting
Posted Oct 19, 2018
Authored by Denis Kolegov, SD-WAN New Hope Team

Viprinet VPN Hub Router suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5a9e2aaf91108203d85e5d8867335380
WiFiRanger 7.0.8rc3 Incorrect Access Control / Privilege Escalation
Posted Oct 19, 2018
Authored by Mitchel Jordan

WiFiRanger version 7.0.8rc3 suffers from an incorrect access control that allows for ftp retrieval of an RSA identity that an attacker can use to ssh in as root.

tags | exploit, root
advisories | CVE-2018-17873
MD5 | 301d05eb6ae49dff97112c3a73c88308
libSSH Authentication Bypass
Posted Oct 19, 2018
Authored by Dayanc Soyadli

libSSH suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-10933
MD5 | 88d03f3ff24b6086e8b4eee16645332c
OwnTicket 1.0 SQL Injection
Posted Oct 18, 2018
Authored by Ihsan Sencan

OwnTicket version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 971c98dc732f76cc5a566f0ad1449e62
PHP-SHOP Master 1.0 Cross Site Request Forgery
Posted Oct 18, 2018
Authored by Alireza Norkazemi

PHP-SHOP Master version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, php, csrf
MD5 | 8a78b5651bd99ac517bc63e491f64913
Learning With Texts 1.6.2 SQL Injection
Posted Oct 18, 2018
Authored by Ihsan Sencan

Learning with Texts version 1.6.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e369d05342f296346bcb78320742e5e8
Time And Expense Management System 3.0 SQL Injection
Posted Oct 18, 2018
Authored by Ihsan Sencan

Time and Expense Management System version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a86c2de37553ce740ad519f2189592db
Zenar Content Management System 8.3 Cross Site Request Forgery
Posted Oct 18, 2018
Authored by Ismail Tasdelen

Zenar Content Management System version 8.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2018-18420
MD5 | 1ca21d4ea7dad9557ab0feb02503c410
User Management 1.1 Cross Site Scripting
Posted Oct 18, 2018
Authored by Ismail Tasdelen

User Management version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-18419
MD5 | 1c7ef1551d6511f2e501320c44b58849
WordPress Wordfence 7.1.12 XSS / Username Disclosure
Posted Oct 18, 2018
Authored by Janek Vind aka waraxe | Site waraxe.us

WordPress Wordfence plugin version 7.1.12 suffers from bypass, cross site scripting, and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | f85a44d7b6147f2f25a667a27e0309f9
D-Link Plain-Text Password Storage / Code Execution / Directory Traversal
Posted Oct 18, 2018
Authored by Blazej Adamczyk

Multiple D-Link router models suffer from code execution, plain-text password storage, and directory traversal vulnerabilities.

tags | exploit, vulnerability, code execution, file inclusion
advisories | CVE-2017-6190, CVE-2018-10822, CVE-2018-10823, CVE-2018-10824
MD5 | af2cd1ac0b397da3a62f3d04d972086c
TP-Link TL-SC3130 1.6.18 Unauthenticated RTSP Stream Disclosure
Posted Oct 17, 2018
Authored by LiquidWorm | Site zeroscience.mk

TP-Link TL-SC3130 version 1.6.18 suffers from an unauthenticated and unauthorized live RTSP stream disclosure.

tags | exploit
advisories | CVE-2018-18428
MD5 | e029e95c170246483700a76a5b7644d8
Ekushey Project Manager CRM 3.1 Cross Site Scripting
Posted Oct 17, 2018
Authored by Ismail Tasdelen

Ekushey Project Manager CRM version 3.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-18417
MD5 | 0b81df122dfedd99e1fcc0e7cbc76cad
LANGO Codeigniter Multilingual Script 1.0 Cross Site Scripting
Posted Oct 17, 2018
Authored by Ismail Tasdelen

LANGO Codeigniter Multilingual Script version 1.0 suffers from html injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-18416
MD5 | 2964fdd5821fffe13a66f8562db17cfa
Git Submodule Arbitrary Code Execution
Posted Oct 17, 2018
Authored by joernchen

This write up provides a proof of concept with technical details for the git submodule arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution, proof of concept
advisories | CVE-2018-17456
MD5 | 8b90c70cc560ce019f65408cbaa40ac8
Time And Expense Management System 3.0 Cross Site Request Forgery
Posted Oct 17, 2018
Authored by Ihsan Sencan

Time and Expense Management System version 3.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | eebaa3465a55d9a1e3d5e622d97ef868
Any Sound Recorder 2.93 Buffer Overflow
Posted Oct 17, 2018
Authored by Abdullah Alic

Any Sound Recorder version 2.93 SEH buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
MD5 | f5fb77e98de076631c98311e585cfc4b
Microsoft Windows FSCTL_FIND_FILES_BY_SID Information Disclosure
Posted Oct 16, 2018
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the FSCTL_FIND_FILES_BY_SID control code does not check for permissions to list a directory leading to disclosure of file names when a user is not granted FILE_LIST_DIRECTORY access.

tags | exploit
systems | windows
advisories | CVE-2018-8411
MD5 | 1ad1fd11e41df6d259aeb00e3e6cc367
GIU Gallery Image Upload 0.3.1 SQL Injection
Posted Oct 16, 2018
Authored by Ihsan Sencan

GIU Gallery Image Upload version 0.3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b4147b04b6553a51704799585aace41b
HighPortal 12.5 Cross Site Scripting
Posted Oct 16, 2018
Authored by Ali Abdollahi

HighPortal version 12.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-17964
MD5 | 96715aa5c1d78769498c9dadfc961a89
MV Video Sharing Software 1.2 SQL Injection
Posted Oct 16, 2018
Authored by Ihsan Sencan

MV Video Sharing Software version 1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0ad174012d13e10d8404214629fdd430
Rukovoditel Project Management CRM 2.3 SQL Injection
Posted Oct 16, 2018
Authored by Ihsan Sencan

Rukovoditel Project Management CRM version 2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1f62d6bd79243759ee523b6e54d6e4a8
Vishesh Auto Index 3.1 SQL Injection
Posted Oct 16, 2018
Authored by Ihsan Sencan

Vishesh Auto Index version 3.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 5f3ff3098c17830600ee8f4fe611a4a8
Kados R10 GreenBee SQL Injection
Posted Oct 16, 2018
Authored by Ihsan Sencan

Kados R10 GreenBee suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 36a39e7b3ab07b4125f648f2b9242a48
Page 1 of 1,682
Back12345Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close