Twenty Year Anniversary
Showing 1 - 25 of 41,432 RSS Feed

Exploit Files

CMS Made Simple 2.2.5 Authenticated Remote Command Execution
Posted Jul 19, 2018
Authored by Jacob Robles, Mustafa Hasen | Site metasploit.com

CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory.

tags | exploit, php
advisories | CVE-2018-1000094
MD5 | 1cbcf8ed9ea5ef18b9981873d99697eb
WordPress All In One Favicon 4.6 Cross Site Scripting
Posted Jul 19, 2018
Authored by Javier Olmedo

WordPress All In One Favicon plugin version 4.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-13832
MD5 | 4e1fd052af536e388490d26a91809868
Chrome Swiftshader Blitting Floating-Point Precision Errors
Posted Jul 19, 2018
Authored by Google Security Research, Mark Brand

Chrome suffers from floating-point precision errors in Swiftshader blitting.

tags | exploit
MD5 | 7b98d22e3cda5e01a29a389816481305
MyBB New Threads 1.1 Cross Site Scripting
Posted Jul 19, 2018
Authored by 0xB9

MyBB New Threads plugin version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-14392
MD5 | ad2681c777df161b9e3674786e010194
Chrome SwiftShader OpenGL Texture Binding Reference Count Leak
Posted Jul 19, 2018
Authored by Google Security Research, Mark Brand

Chrome suffers from a reference count leak in SwiftShader OpenGL texture bindings.

tags | exploit
MD5 | 94c654dcb20a0856b832d97f6fed38a0
Adobe Systems Main lead DBMS Arbitrary Code Injection
Posted Jul 19, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Adobe Systems Mail Lead DBMS suffers from an arbitrary code injection vulnerability.

tags | exploit, arbitrary
MD5 | ada369cd2544ba228b1d487fb353258d
Chrome Swiftshader Texture Allocation Integer Overflow
Posted Jul 19, 2018
Authored by Google Security Research, Mark Brand

Chrome suffers from an integer overflow vulnerability in Swiftshader texture allocation.

tags | exploit, overflow
MD5 | b3eb960cb7d3278d871332f5993c7d6c
Linux BPF Sign Extension Local Privilege Escalation
Posted Jul 19, 2018
Authored by h00die, Jann Horn, vnik, rlarabee, bleidl, bcoles | Site metasploit.com

Linux kernel versions prior to 4.14.8 utilize the Berkeley Packet Filter (BPF) which contains a vulnerability where it may improperly perform signing for an extension. This can be utilized to escalate privileges. The target system must be compiled with BPF support and must not have kernel.unprivileged_bpf_disabled set to 1. This Metasploit module has been tested successfully on many different kernels.

tags | exploit, kernel
systems | linux
advisories | CVE-2017-16995
MD5 | 4596fc215a7899eb6de8fccca0e92708
Barracuda Cloud Control 7.1.1.003 Cross Site Scripting
Posted Jul 18, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Barracuda Cloud Control version 7.1.1.003 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | ff2e83501f0a7393dc41facb92cd154f
Barracuda Cloud Control 3.020 Cross Site Scripting
Posted Jul 18, 2018
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Barracuda Cloud Control version 3.020 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f23473cf4a6e820950f67bcee0f9bdf1
Modx Revolution Remote Code Execution
Posted Jul 18, 2018
Authored by Vitalii Rudnykh

Modx Revolution versions prior to 2.6.4 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-1000207
MD5 | 6676ba0c95250f29f12815696ab2b9e4
Smart SMS And Email Manager 3.3 SQL Injection
Posted Jul 18, 2018
Authored by Ozkan Mustafa Akkus

Smart SMS and Email Manager version 3.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a6d5202d3365300bb015064a17f8729d
JavaScript Core Arbitrary Code Execution
Posted Jul 18, 2018
Authored by ret2

JavaScript Core arbitrary code execution exploit.

tags | exploit, arbitrary, javascript, code execution
advisories | CVE-2018-4192
MD5 | 451614b5b6654ae9f5e8d9bc10001aef
Open-AudIT Community 2.1.1 Cross Site Scripting
Posted Jul 18, 2018
Authored by Ranjeet Jaiswal

Open-AudIT Community version 2.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-11124
MD5 | 8d1bccdf395bdfdaa21807febf23168e
GhostMail Filename To Link Script Insertion
Posted Jul 18, 2018
Site vulnerability-lab.com

GhostMail suffers from a malicious script insertion vulnerability.

tags | exploit
MD5 | f901762c2d372d257852aa2cacd2355d
GhostMail Status Message HTML Injection
Posted Jul 18, 2018
Site vulnerability-lab.com

GhostMail suffers from an html injection vulnerability.

tags | exploit
MD5 | 6e046d902f12ab4c5fe434396b98beda
FTP2FTP 1.0 Arbitrary File Download
Posted Jul 18, 2018
Authored by Ozkan Mustafa Akkus

FTP2FTP version 1.0 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary
MD5 | 9d314c56059d12b0cc6aec73b088a155
Binance 1.5.0 Insecure File Permission
Posted Jul 17, 2018
Authored by ZwX | Site vulnerability-lab.com

Binance version 1.5.0 suffers from an insecure file permission vulnerability.

tags | exploit
MD5 | 23ab79875476d303569e9a725683a7de
HomeMatic Zentrale CCU2 Unauthenticated Remote Code Execution
Posted Jul 17, 2018
Authored by Kacper Szurek

HomeMatic Zentrale CCU2 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | ccea6d6c54fb9e1b819b5ac388864b05
TP-Link Archer C2 Router 3.0 Remote Code Execution
Posted Jul 17, 2018
Authored by Ismail Tasdelen

TP-Link Archer C2 router version 3.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 1302020fff90f9bf889d5052ca5179b1
QNAP Q'Center change_passwd Command Execution
Posted Jul 17, 2018
Authored by Ivan Huertas, Brendan Coles | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in the change_passwd API method within the web interface of QNAP Q'Center virtual appliance versions prior to 1.7.1083. The vulnerability allows the 'admin' privileged user account to execute arbitrary commands as the 'admin' operating system user. Valid credentials for the 'admin' user account are required, however, this module also exploits a separate password disclosure issue which allows any authenticated user to view the password set for the 'admin' user during first install. This Metasploit module has been tested successfully on QNAP Q'Center appliance version 1.6.1075.

tags | exploit, web, arbitrary
advisories | CVE-2018-0706, CVE-2018-0707
MD5 | 53cb0615ae05a91ee87abd7989407825
Nanopool Claymore Dual Miner APIs Remote Code Execution
Posted Jul 17, 2018
Authored by reversebrain at snado, phra at snado | Site metasploit.com

This Metasploit module takes advantage of miner remote manager APIs to exploit an remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-1000049
MD5 | 087e63649653e40f11058ac152fe30af
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Backdoor Jailbreak
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have a web shell application that includes a service called Microhard Sh that is documented only as 'reserved for internal use'. This service can be enabled by an authenticated user within the Services menu in the web admin panel. This can also be enabled via CSRF attack. When the service is enabled, a user 'msshc' is created on the system with password 'msshc' for SSH shell access on port 22. When connected, the user is dropped into a NcFTP jailed environment, that has limited commands for file transfer administration. One of the commands is a custom added 'ping' command that has a command injection vulnerability that allows the attacker to escape the restricted environment and enter into a root shell terminal that can execute commands as the root user. Many versions are affected.

tags | exploit, web, shell, root
MD5 | 3679d738983dec17aa3243aa408c3212
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Open Redirect
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from an open redirection vulnerability. Many versions are affected.

tags | exploit
MD5 | afbbf88e9876ec95b9eb0b84ade6d536
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Configuration Download
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from a system backup configuration file 'IPn4G.config' in '/' directory or its respective name based on the model name including the similar files in '/www/cgi-bin/system.conf', '/tmp' and the cli.conf in '/etc/m_cli/' can be downloaded by an authenticated attacker in certain circumstances. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access. Many versions are affected.

tags | exploit, cgi
MD5 | e8955597bdd0224a62bfdb870b980cf0
Page 1 of 1,658
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close