exploit the possibilities
Showing 1 - 25 of 44,693 RSS Feed

Exploit Files

Eset Mobile Security 5.2.18.0 Lock Bypass
Posted Nov 11, 2019
Authored by Ferhat Cil

Eset Mobile Security application for Android version 5.2.18.0 suffers from an application locking bypass vulnerability.

tags | exploit, bypass
MD5 | 5939e461c6d3bb8e52eab172d8654d36
Honeywell MCR Web Controller Cross Site Scripting / Path Disclosure
Posted Nov 11, 2019
Authored by Pablo Rebolini

Honeywell MCR Web Controller suffers from cross site scripting and path disclosure vulnerabilities. Versions affected include XL1000C50 EXCEL WEB 52 I/O, XL1000C500 EXCEL WEB 300 I/O, XL1000C100 EXCEL WEB 104 I/O, XL1000C1000 EXCEL WEB 600 I/O, XL1000C50U EXCEL WEB 52 I/O UUKL, XL1000C500U EXCEL WEB 300 I/O UUKL, XL1000C100U EXCEL WEB 104 I/O UUKL, and XL1000C1000U EXCEL WEB 600 I/O UUKL.

tags | exploit, web, vulnerability, xss
MD5 | 003b47896ad21065085529e4e711beeb
Adobe Acrobat Reader DC For Windows Malformed OTF Font Uninitialized Pointer
Posted Nov 11, 2019
Authored by Google Security Research, mjurczyk

An issue exists where Adobe Acrobat Reader DC for Windows makes use of an uninitialized pointer due to a malformed OTF font (CFF table).

tags | exploit
systems | windows
advisories | CVE-2019-8196
MD5 | bae53b75b8cc138268f5e6384fcb5d63
Adobe Acrobat Reader DC For Windows Malformed JBIG2Globals Stream Uninitialized Pointer
Posted Nov 11, 2019
Authored by Google Security Research, mjurczyk

An issue exists with Adobe Acrobat Reader DC for Windows use of an uninitialized pointer due to malformed JBIG2Globals stream.

tags | exploit
systems | windows
advisories | CVE-2019-8195
MD5 | 2e0983da88e101353889315463cb5bd1
iMessage NSSharedKeyDictionary Decode Incorrect Address Read
Posted Nov 11, 2019
Authored by saelo, Google Security Research

iMessage suffers from an issue where decoding NSSharedKeyDictionary can read an ObjC object at attacker controlled address.

tags | exploit
advisories | CVE-2019-8641, CVE-2019-8662
MD5 | 44b9493651f02f67170dee4980389e1a
iOS IOUSBDeviceFamily 12.4.1 Heap Corruption Proof Of Concept
Posted Nov 11, 2019
Authored by Sem Voigtlander, Raz Mashat, Joshua Hill

iOS IOUSBDeviceFamily version 12.4.1 IOInterruptEventSource heap corruption proof of concept exploit.

tags | exploit, proof of concept
systems | ios
MD5 | b070d13153419dd7869767dbd75340b8
XML Notepad 2.8.0.4 XML External Entity Injection
Posted Nov 11, 2019
Authored by daejinoh

XML Notepad version 2.8.0.4 suffers from an XML external entity injection vulnerability.

tags | exploit
MD5 | 1b52bf53b8930e6a789d32d244819661
PunBB 1.4.4 Database Disclosure
Posted Nov 11, 2019
Authored by Georgi Guninski

PunBB with SQLite appears to store its database within the webroot, allowing it to be retrieved by attackers.

tags | exploit, info disclosure
MD5 | 4cdd50b4b325603af71d3727a24a9722
Alps HID Monitor Service 8.1.0.10 Unquoted Service Path
Posted Nov 10, 2019
Authored by Hector Gabriel Chimecatl Hernandez

Alps HID Monitor Service version 8.1.0.10 suffers from an ApHidMonitorService unquoted service path vulnerability.

tags | exploit
MD5 | 5224866c9038b30d76b7c791da64ae37
GCafe 3.0 Unquoted Service Path
Posted Nov 9, 2019
Authored by Doan Nguyen

GCafe version 3.0 suffers from a gbClienService unquoted service path vulnerability.

tags | exploit
MD5 | 87ba1fc068e710159ab492b215c8f999
Chrome Site Isolation Bypass / File Disclosure
Posted Nov 8, 2019
Authored by Google Security Research, Glazvunov

The Chrome Payment Handler API suffers from site isolation bypass and local file disclosure vulnerabilities.

tags | exploit, local, vulnerability
MD5 | a0e44b48eda93d22f89c1bb42d02f804
Nextcloud 17 Cross Site Request Forgery
Posted Nov 8, 2019
Authored by Ozer Goker

Nextcloud 17 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | b613cc280057db8886536325e5bf276d
Adive Framework 2.0.7 Privilege Escalation
Posted Nov 8, 2019
Authored by Pablo Santiago

Adive Framework version 2.0.7 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2019-14347
MD5 | fabbbf5ca28fd0f0d55a57bb29f69d80
SolarWinds Kiwi Syslog Server 8.3.52 Unquoted Service Path
Posted Nov 8, 2019
Authored by Carlos A Garcia R

SolarWinds Kiwi Syslog Server version 8.3.52 suffers from a Kiwi Syslog Service unquoted service path vulnerability.

tags | exploit
MD5 | 8d7bc2683cb6f64137f2da91f394f308
Jenkins Build-Metrics 1.3 Cross Site Scripting
Posted Nov 8, 2019
Authored by vesche

Jenkins Build-Metrics plugin version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-10475
MD5 | 2c5ebf0addb47107e060f7e5c07dad3e
Net-SNMPd Write Access SNMP-EXTEND-MIB Arbitrary Code Execution
Posted Nov 7, 2019
Authored by Steve Embling | Site metasploit.com

This Metasploit module exploits the SNMP write access configuration ability of SNMP-EXTEND-MIB to configure MIB extensions and lead to remote code execution.

tags | exploit, remote, code execution
MD5 | 7bbcbcc6643285e6383d196644e39589
Android Janus APK Signature Bypass
Posted Nov 7, 2019
Authored by h00die, timwr, V-E-O, GuardSquare | Site metasploit.com

This Metasploit module exploits CVE-2017-13156 in Android to install a payload into another application. The payload APK will have the same signature and can be installed as an update, preserving the existing data. The vulnerability was fixed in the 5th December 2017 security patch, and was additionally fixed by the APK Signature scheme v2, so only APKs signed with the v1 scheme are vulnerable. Payload handler is disabled, and a multi/handler must be started first.

tags | exploit
advisories | CVE-2017-13156
MD5 | 64f1c304613a13c0a1b0f19f8913efec
rConfig 3.9.2 Command Injection
Posted Nov 7, 2019
Authored by Brendan Coles, mhaskar | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in rConfig versions 3.9.2 and prior. The install directory is not automatically removed after installation, allowing unauthenticated users to execute arbitrary commands via the ajaxServerSettingsChk.php file as the web server user. This module has been tested successfully on rConfig version 3.9.2 on CentOS 7.7.1908 (x64).

tags | exploit, web, arbitrary, php
systems | linux, centos
advisories | CVE-2019-16662
MD5 | 5a8c7959c835ac3cbcc733bb6b9b60ac
Adobe ColdFusion RDS Authentication Bypass
Posted Nov 7, 2019
Authored by Scott Buckel | Site metasploit.com

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Due to default settings or misconfiguration, its password can be set to an empty value. This allows an attacker to create a session via the RDS login that can be carried over to the admin web interface even though the passwords might be different, and therefore bypassing authentication on the admin web interface leading to arbitrary code execution. Tested on Windows and Linux with ColdFusion 9.

tags | exploit, remote, web, arbitrary, code execution
systems | linux, windows
MD5 | b279a1c376f201d8307caf2142e52d50
WebKit NodeRareData::m_connectedFrameCount Integer Overflow / UXSS / Type Confusion
Posted Nov 7, 2019
Authored by Google Security Research, Glazvunov

WebKit suffers from an integer overflow in NodeRareData::m_connectedFrameCount that can lead to universal cross site scripting and type confusion.

tags | exploit, overflow, xss
advisories | CVE-2019-8822
MD5 | ab1e8dd57e42d668deb196080d883ef1
Adaware Web Companion 4.8.2078.3950 Unquoted Service Path
Posted Nov 7, 2019
Authored by Mariela L Martinez Hdez

Adaware Web Companion version 4.8.2078.3950 suffers from an unquoted service path vulnerability.

tags | exploit, web
MD5 | 57dbed68045118e90b9baabce5bbe9ce
Smartwares HOME Easy 1.0.9 Database Backup Information Disclosure
Posted Nov 6, 2019
Authored by LiquidWorm | Site zeroscience.mk

Smartwares HOME Easy versions 1.0.9 and below suffer from a database backup information disclosure vulnerability.

tags | exploit, info disclosure
MD5 | a90a2eeaa15741bc8a9528865b6bb7ec
Smartwares HOME Easy 1.0.9 Authentication Bypass
Posted Nov 6, 2019
Authored by LiquidWorm | Site zeroscience.mk

Smartwares HOME Easy versions 1.0.9 and below suffer from a client-side authentication bypass vulnerability.

tags | exploit, bypass
MD5 | f67e26679be00cf74fa3d262f62a1bec
Parallels Plesk Panel 9.5 Cross Site Scripting
Posted Nov 6, 2019
Authored by Rafay Baloch, Muhammad Samak

Parallels Plesk Panel version 9.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-18793
MD5 | c5350e2e3a070c750e1ecf208c0d70f7
QNAP NetBak Replicator 4.5.6.0607 Unquoted Service Path
Posted Nov 6, 2019
Authored by Ivan Marmolejo

QNAP NetBak Replicator version 4.5.6.0607 suffers from a QVssService unquoted service path vulnerability.

tags | exploit
MD5 | 7c4c8d84258f0ed0958f4d22376f986c
Page 1 of 1,788
Back12345Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close