exploit the possibilities
Showing 1 - 25 of 47,604 RSS Feed

Exploit Files

GetSimple CMS My SMTP Contact 1.1.1 CSRF / Remote Code Execution
Posted Apr 16, 2021
Authored by Bobby Cooke

GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to remote code execution exploit.

tags | exploit, remote, code execution, csrf
MD5 | 7d48adbe7385fbb2fa16170c86231d41
glFTPd 2.11a Denial Of Service
Posted Apr 16, 2021
Authored by xynmaps

glFTPd version 2.11a remote denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 04295a11c4a07b213d22cabfafda8897
Nagios XI Remote Code Execution
Posted Apr 15, 2021
Authored by Haboob Team, Erik Wynter | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the /admin/monitoringplugins.php page of Nagios XI versions prior to 5.8.0 when uploading plugins. Successful exploitation allows an authenticated admin user to achieve remote code execution as the apache user by uploading a malicious plugin. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios versions XI 5.3.0 and 5.7.5, both running on CentOS 7.

tags | exploit, remote, php, code execution
systems | linux, osx, centos
advisories | CVE-2020-35578
MD5 | 91ac1437912ce19fca5580399b1f6625
Backdoor.Win32.Zombam.h Buffer Overflow
Posted Apr 15, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Zombam.h malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
MD5 | 308161972b359f1869950d7c71eb27e6
htmly 2.8.0 Cross Site Scripting
Posted Apr 15, 2021
Authored by nu11secur1ty, G.Dzhankushev

htmly version 2.8.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-30637
MD5 | 1f7856dd557f345879af5eb7735315e1
Horde Groupware Webmail 5.2.22 Cross Site Scripting
Posted Apr 15, 2021
Authored by nu11secur1ty, Ventsislav Varbanovski, Alex Birnberg

Horde Groupware Webmail version 5.2.22 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-26929
MD5 | 1f541c98d0a23790929a497d47013d7d
Tileserver-gl 3.0.0 Cross Site Scripting
Posted Apr 15, 2021
Authored by Akash Chathoth

Tileserver-gl version 3.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-15500
MD5 | 63b23bdee2d001f4b4ad1f9e7216ae76
SMASH Rowhammer Proof Of Concept
Posted Apr 15, 2021
Authored by vusec | Site vusec.net

This is a script to trigger (Rowhammer) bit flips on TRR-enabled DDR4 SDRAM through Firefox. It will only work with THP enabled and after having set the target-specific parameters.

tags | exploit
MD5 | c40ce9966f87adf416aa82e25735f9e2
Microsoft Azure DevOps Server 2020.0.1 Cross Site Scripting
Posted Apr 14, 2021
Authored by M. Li | Site sec-consult.com

Microsoft Azure DevOps Server version 2020.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-28459
MD5 | 4994087ae5636e46cc4be43cc0c489f6
Webmail Edition 5.2.22 XSS / Remote Code Execution
Posted Apr 14, 2021
Authored by nu11secur1ty, Ventsislav Varbanovski, Alex Birnberg

Webmail Edition version 5.2.22 suffers from remote code execution and cross site scripting vulnerabilities via the Horde_Text_Filter library.

tags | exploit, remote, vulnerability, code execution, xss
advisories | CVE-2021-26929
MD5 | dd1588866001ae370f23e0d6ec8d2f71
HEUR.Hoax.Win32.FrauDrop.gen Insecure Permissions
Posted Apr 14, 2021
Authored by malvuln | Site malvuln.com

HEUR.Hoax.Win32.FrauDrop.gen malware suffers from an insecure permissions vulnerability.

tags | exploit
systems | windows
MD5 | 50c66b4d86576b7c155504ec687423d1
CITSmart ITSM 9.1.2.27 SQL Injection
Posted Apr 14, 2021
Authored by skys

CITSmart ITSM version 9.1.2.27 suffers from a remote time-based blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-28142
MD5 | 3d24d2282ef6f774e3ec4558ad1409d1
CITSmart ITSM 9.1.2.22 LDAP Injection
Posted Apr 14, 2021
Authored by skys

CITSmart ITSM version 9.1.2.22 suffers from an LDAP injection vulnerability.

tags | exploit
advisories | CVE-2020-35775
MD5 | 4ac23ee971f692bf2ad5ddba1be97403
Trojan.Win32.Agent.zfgh Insecure Permissions
Posted Apr 14, 2021
Authored by malvuln | Site malvuln.com

Trojan.Win32.Agent.zfgh malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
MD5 | 3b8d24907908e6336805de66cf3aa2f4
MariaDB 10.2 Command Execution
Posted Apr 14, 2021
Authored by Central Infosec

MariaDB version 10.2 suffers from a command execution vulnerability.

tags | exploit
advisories | CVE-2021-27928
MD5 | ce7c5713f1101721cb65c9278e2e5467
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 Remote Command Execution
Posted Apr 14, 2021
Authored by Jay Sharma

Genexis PLATINUM 4410 version 2.1 P4410-V2-1.28 suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2021-29003
MD5 | 43aeccc4d2fcad984b051b4cdbb1583f
Trojan.Win32.Jorik.qje Insecure Permissions
Posted Apr 14, 2021
Authored by malvuln | Site malvuln.com

Trojan.Win32.Jorik.qje malware suffers from an insecure permissions vulnerability.

tags | exploit, trojan
systems | windows
MD5 | faf5ffe170a3559624827f291850035f
Digital Crime Report Management System 1.0 SQL Injection
Posted Apr 14, 2021
Authored by Galuh Muhammad Iman Akbar

Digital Crime Report Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 0caf2f815b9b8bcfabd56d4dce51e40c
jQuery 1.0.3 Cross Site Scripting
Posted Apr 14, 2021
Authored by Central Infosec

jQuery version 1.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-11023
MD5 | 179fd6b72dec05ab89308264840d7aa5
jQuery 1.2 Cross Site Scripting
Posted Apr 14, 2021
Authored by Central Infosec

jQuery version 1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-11022
MD5 | f6880c94004df62f5be9b507d04e021f
Nagios XI getprofile.sh Remote Command Execution
Posted Apr 14, 2021
Authored by Erik Wynter, Jak Gibb | Site metasploit.com

This Metasploit module exploits a vulnerability in the getprofile.sh script of Nagios XI versions prior to 5.6.6 in order to upload a malicious check_ping plugin and thereby execute arbitrary commands. For Nagios XI 5.2.0 through 5.4.13, the commands are run as the nagios user. For versions 5.5.0 through 5.6.5, the commands are run as root. Note that versions prior to 5.2.0 will still be marked as being vulnerable however this module does not presently support exploiting these targets. The module uploads a malicious check_ping plugin to the Nagios XI server via /admin/monitoringplugins.php and then executes this plugin by issuing a HTTP GET request to download a system profile from the server. For all supported targets except Linux (cmd), the module uses a command stager to write the exploit to the target via the malicious plugin. This may not work if Nagios XI is running in a restricted Unix environment, so in that case the target must be set to Linux (cmd). The module then writes the payload to the malicious plugin while avoiding commands that may not be supported. Valid credentials for a user with administrative privileges are required. This module was successfully tested on Nagios XI 5.3.0 and Nagios 5.6.5, both running on CentOS 7. For vulnerable versions before 5.5.0, it may take a significant amount of time for the payload to get back (up to 5 minutes). If exploitation fails against an older system, it is recommended to increase the WfsDelay setting (default is 300 seconds).

tags | exploit, web, arbitrary, root, php
systems | linux, unix, osx, centos
advisories | CVE-2019-15949
MD5 | c535c12509a747d756650bedc5b31fca
Microsoft Windows SCM Remote Access Check Limit Bypass Privilege Escalation
Posted Apr 14, 2021
Authored by James Forshaw, Google Security Research

The access limit check for non-local admins when accessing the SCM remotely can be bypassed by requesting MAXIMUM_ALLOWED, leading to gaining access to start services etc.

tags | exploit, local
advisories | CVE-2021-27086
MD5 | 281e52fe6059770b5acb2e965164e4a3
Blitar Tourism 1.0 SQL Injection
Posted Apr 13, 2021
Authored by sigeri94

Blitar Tourism version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 03d4e059484374b7780a14a295e4a837
Chrome V8 JavaScript Engine Remote Code Execution
Posted Apr 13, 2021
Authored by Rajvardhan Agarwal | Site github.com

Chrome V8 Javascript Engine remote code execution zero day exploit. Google is expected to release an update to their browser on tuesday 04/14/2021 that will address this vulnerability.

tags | exploit, remote, overflow, javascript, code execution
MD5 | a76d90d5f2c12f9efc441081adf2aabe
ExpressVPN VPN Router 1.0 Integer Overflow
Posted Apr 13, 2021
Authored by Jai Kumar Sharma

ExpressVPN VPN Router version 1.0 suffers from an integer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2020-29238
MD5 | c2b0de22fdf163131606730f4d69a979
Page 1 of 1,905
Back12345Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close