what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 52,671 RSS Feed

Exploit Files

dav1d Integer Overflow / Out-Of-Bounds Write
Posted Mar 18, 2024
Authored by Ivan Fratric, Google Security Research, Nick Galloway

There is an integer overflow in dav1d when decoding an AV1 video with large width/height. The integer overflow may result in an out-of-bounds write.

tags | exploit, overflow
advisories | CVE-2024-1580
SHA-256 | 258b775b05e2d4378551ee4e66e5c90a5df4e7d9ef5dc5c37abec0ba66db8a8e
UPS Network Management Card 4 Path Traversal
Posted Mar 18, 2024
Authored by Victor Garcia

UPS Network Management Card version 4 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 09c742a5856228ab92542adea67531a36cce939377dbf076b6f5c6131ba276dc
Gasmark Pro 1.0 Shell Upload
Posted Mar 18, 2024
Authored by nu11secur1ty

Gasmark Pro version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 74aac3d302e6dccc4a04f4bb3b7f33f7c74952c5fafd68a7b296c174889dd69b
Nokia BMC Log Scanner 13 Command Injection
Posted Mar 18, 2024
Authored by Matthew Gregory, Carlos Andres Gonzalez

Nokia BMC Log Scanner version 13 suffers from a remote command injection vulnerability.

tags | exploit, remote
advisories | CVE-2022-45899
SHA-256 | dd739a9071327fb09fa5e5c4324f8585adfcdd2bb749945102e954aa364813c8
vm2 3.9.19 Sandbox Escape
Posted Mar 18, 2024
Authored by Calil Khalil, Adriel Mc Roberts

vm2 versions 3.9.19 and below suffer from a sandbox escape vulnerability.

tags | exploit
advisories | CVE-2023-37466
SHA-256 | b24b64151051cccf149693cb0f7f9f928064b14ccdf177979124b8a149121d80
Financials By Coda Authorization Bypass
Posted Mar 15, 2024
Authored by Leo Draghi

Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability. The Change Password feature can be abused in order to modify the password of any user of the application.

tags | exploit, bypass
advisories | CVE-2024-28735
SHA-256 | b902e8c8533e18988a3d9cf1a301f95fdca312dbda532a060668f36b710b0b68
Financials By Coda Cross Site Scripting
Posted Mar 15, 2024
Authored by Leo Draghi

Financials by Coda versions prior to 2023Q4 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2024-28734
SHA-256 | 34202068f860d76bf76919a5032aea9e7b1a4b4f23d207a20914dd51652a7504
HALO 2.13.1 CORS Issue
Posted Mar 15, 2024
Authored by nu11secur1ty

HALO version 2.13.1 has an insecure cross-origin resource sharing setting that allows an arbitrary origin.

tags | exploit, arbitrary
SHA-256 | d03ce00498ebd36e4dfcab8b4a25be241e021255496446e7b6df62fb6024ec33
Membership Management System 1.0 SQL Injection / Shell Upload
Posted Mar 15, 2024
Authored by SoSPiro

Membership Management System version 1.0 suffers from remote shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | bafbc2c7895ab97a3d57de482862b676a744678a894f6abb9103ae63f21b01a1
Checkmk Agent 2.0.0 / 2.1.0 / 2.2.0 Local Privilege Escalation
Posted Mar 14, 2024
Authored by Michael Baer | Site sec-consult.com

Checkmk Agent versions 2.0.0, 2.1.0, and 2.2.0 suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2024-06070
SHA-256 | 7507da836273d2bbc7b9ad937d83b3421ee4908160760a5f62fe62fa67b910e0
Vinchin Backup And Recovery 7.2 Command Injection
Posted Mar 14, 2024
Authored by Valentin Lobstein

Vinchin Backup and Recovery versions 7.2 and below suffer from an authentication command injection vulnerability.

tags | exploit
advisories | CVE-2024-25228
SHA-256 | dd0fc3f58917682d94f66913e102128d1a5e1eb10e34fa851b9f47a77fc06b74
Fortinet FortiOS Out-Of-Bounds Write
Posted Mar 14, 2024
Authored by h4x0r-dz | Site github.com

Fortinet FortiOS suffers from an out of bounds write vulnerability. Affected includes Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, and 1.0.0 through 1.0.7.

tags | exploit
advisories | CVE-2024-21762
SHA-256 | 253e125f2c77fe6892c6503df7eeedff1bed043c4fb701d366058c149ab702b6
JetBrains TeamCity Unauthenticated Remote Code Execution
Posted Mar 14, 2024
Authored by sfewer-r7 | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in JetBrains TeamCity. An unauthenticated attacker can leverage this to access the REST API and create a new administrator access token. This token can be used to upload a plugin which contains a Metasploit payload, allowing the attacker to achieve unauthenticated remote code execution on the target TeamCity server. On older versions of TeamCity, access tokens do not exist so the exploit will instead create a new administrator account before uploading a plugin. Older versions of TeamCity have a debug endpoint (/app/rest/debug/process) that allows for arbitrary commands to be executed, however recent version of TeamCity no longer ship this endpoint, hence why a plugin is leveraged for code execution instead, as this is supported on all versions tested.

tags | exploit, remote, arbitrary, code execution, bypass
advisories | CVE-2024-27198
SHA-256 | 68370990799fd1605fae05ac9ac3f36fd6659508fbfeef67d22e3cf720e8fa87
Backdoor.Win32.Emegrab.b MVID-2024-0675 Buffer Overflow
Posted Mar 14, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Emegrab.b malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
SHA-256 | c0d8137645859e14608a0b7a84c3cadd70d3be3e7d59a937b20c600dbcc88162
StimulusReflex 3.5.0 Arbitrary Code Execution
Posted Mar 14, 2024
Authored by lixts

StimulusReflex versions 3.5.0 up to and including 3.5.0.rc2 and 3.5.0.pre10 suffer from an arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution
advisories | CVE-2024-28121
SHA-256 | 9e5263d5183618a2c41a25b126b245bfa777329a2f535120971b95cdc71f0486
GitLab CE/EE Password Reset
Posted Mar 14, 2024
Authored by Sebastian Kriesten

GitLab CE/EE versions prior to 16.7.2 suffer from a password reset vulnerability.

tags | exploit
advisories | CVE-2023-7028
SHA-256 | ecc61996fa0e38b05ac70ce2080679b2eaf36720822b04f8d38867b1d69456b3
JetBrains TeamCity 2023.05.3 Remote Code Execution
Posted Mar 14, 2024
Authored by ByteHunter

JetBrains TeamCity version 2023.05.3 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2023-42793
SHA-256 | e1c264f19102d105794de4c6c20eaafe22944b48d40bf81b679d6529f26dcffb
Honeywell PM43 Remote Code Execution
Posted Mar 14, 2024
Authored by ByteHunter

Honeywell PM43 versions prior to P10.19.050004 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2023-3710
SHA-256 | af3705248c7122eb4d11be4c13209b3526cbee77ed228747c3f55800ef9fb1ef
SolarView Compact 6.00 Command Injection
Posted Mar 14, 2024
Authored by ByteHunter

SolarView Compact version 6.00 suffers from a remote command injection vulnerability.

tags | exploit, remote
advisories | CVE-2023-23333
SHA-256 | 036c73fd4d8c1b4db5a8dfeb1d025199673968fe8cec024982fdbe68c19a7ca1
Viessmann Vitogate 300 2.1.3.0 Remote Code Execution
Posted Mar 14, 2024
Authored by ByteHunter

Viessmann Vitogate 300 versions 2.1.3.0 and below suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2023-5222, CVE-2023-5702
SHA-256 | 86410aca0ad3a7245b8cb07735d4ec21669679039be68751fc1b43a423e0766a
Ruijie Switch PSG-5124 26293 Remote Code Execution
Posted Mar 14, 2024
Authored by ByteHunter

Ruijie Switch version PSG-5124 with software build 26293 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 31f3b0a900318bec9de9a1e9f67d893c6b3f4c63a3437484a3559c375ebb2fa0
Stealing Part Of A Production Language Model
Posted Mar 13, 2024
Authored by David Rolnick, Jonathan Hayase, Eric Wallace, Nicholas Carlini, Arthur Conmy, Thomas Steinke, Matthew Jagielski, Florian Tramer, Krishnamurthy Dvijotham, Daniel Paleka, Katherine Lee, Milad Nasr, A. Feder Cooper

In this whitepaper, the authors introduce the first model-stealing attack that extracts precise, nontrivial information from black-box production language models like OpenAI's ChatGPT or Google's PaLM-2. Specifically, their attack recovers the embedding projection layer (up to symmetries) of a transformer model, given typical API access. For under $20 USD, their attack extracts the entire projection matrix of OpenAI's ada and babbage language models. They thereby confirm, for the first time, that these black-box models have a hidden dimension of 1024 and 2048, respectively. They also recover the exact hidden dimension size of the gpt-3.5-turbo model, and estimate it would cost under $2,000 in queries to recover the entire projection matrix. They conclude with potential defenses and mitigations, and discuss the implications of possible future work that could extend this attack.

tags | exploit, paper, vulnerability
SHA-256 | 35bb26fb1fe58d91b595fbecc219b129076e6cc3ae746288dc27c6fa0d128e6a
Client Details System 1.0 SQL Injection
Posted Mar 13, 2024
Authored by Hamdi Sevben

Client Details System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2023-7137
SHA-256 | 64589c2ecc306d978f6791cf6a635512b98de6e52e4573c83fe9e9fe5303bbed
MetaFox 5.1.8 Shell Upload
Posted Mar 13, 2024
Authored by The Joker

MetaFox versions 5.1.8 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | e2b323542d1ae762fd44f17402386b535064f3b92a9eb3e937211dc86f883e48
Cisco Firepower Management Center Remote Command Execution
Posted Mar 13, 2024
Authored by Abdualhadi Khalifa

Cisco Firepower Management Center suffers from an authenticated remote command execution vulnerability. Many versions spanning the 7.x.x.x and 6.x.x.x branches are affected.

tags | exploit, remote
systems | cisco
advisories | CVE-2023-20048
SHA-256 | 1b5e5708722e1634d261eff6cb37eccaf5547e6899a9a8f88ca8bf2b2955f61e
Page 1 of 2,107
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close