what you don't know can hurt you
Showing 1 - 25 of 46,089 RSS Feed

Exploit Files

October CMS Build 465 XSS / File Read / File Deletion / CSV Injection
Posted Aug 3, 2020
Authored by Sivanesh Ashok

October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload
advisories | CVE-2020-11083, CVE-2020-5295, CVE-2020-5296, CVE-2020-5297, CVE-2020-5298, CVE-2020-5299
MD5 | a79e40ac7fff8141301027b2d8a73d91
Microsoft Windows Win32k Privilege Escalation
Posted Aug 3, 2020
Authored by nu11secur1ty, Ventsislav Varbanovski | Site github.com

Microsoft Windows Win32k privilege escalation exploit. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

tags | exploit, arbitrary, kernel
systems | windows
advisories | CVE-2020-0642
MD5 | 6b7e0e5d390dcae63cd77660c4d5df8b
Stock Management System 1.0 Cross Site Request Forgery
Posted Aug 3, 2020
Authored by Bobby Cooke

Stock Management System version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 3c5b73ade86e8add863d011533c5b13b
Stock Management System 1.0 Cross Site Scripting
Posted Aug 3, 2020
Authored by Bobby Cooke

Stock Management System version 1.0 cross site scripting credential harvesting exploit.

tags | exploit, xss
MD5 | e446b8905eecb3fea89495e9af42d485
Stock Management System 1.0 Cross Site Scripting
Posted Aug 3, 2020
Authored by hyd3sec

Stock Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities in the Brand, Categories, and Product name fields.

tags | exploit, vulnerability, xss
MD5 | 91a40ee32f0efdfc4b24865fa37aaa45
Stock Management System 1.0 SQL Injection
Posted Aug 3, 2020
Authored by hyd3sec

Stock Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 86a8471246e2649f885e68626bf61d29
Umbraco CMS 7.12.4 Remote Code Execution
Posted Aug 3, 2020
Authored by Alexandre Zanni | Site github.com

Umbraco CMS version 7.12.4 authenticated remote code execution exploit.

tags | exploit, remote, code execution
MD5 | c6a4a934c6775c455e5e4f225dec66c0
Mara CMS 7.5 Cross Site Scripting
Posted Aug 3, 2020
Authored by George Tsimpidas

Mara CMS version 7.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9fb48d350011f3aed4c31764dd7e0c36
OpenEMR 5.0.1 Remote Code Execution
Posted Aug 3, 2020
Authored by Alexandre Zanni | Site github.com

OpenEMR versions 5.0.1 and below authenticated remote code execution exploit written in ruby.

tags | exploit, remote, code execution, ruby
MD5 | 0c4b5a66f0b188dd68ac3a5de13961d4
AtMail Email Server Appliance 6.4 XSS / CSRF / Code Execution
Posted Aug 3, 2020
Authored by Alexandre Zanni | Site github.com

Atmail Email Server Appliance version 6.4 exploit toolchain that leverages cross site scripting and cross site request forgery to achieve code execution.

tags | exploit, code execution, xss, csrf
MD5 | 5e8eedf4d9e738503fa65cc3f2f4de89
Packet Storm New Exploits For July, 2020
Posted Aug 3, 2020
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 140 exploits added to Packet Storm in July, 2020.

tags | exploit
MD5 | d14672a0e60b4cb70dc3e433ffd92028
BacklinkSpeed 2.4 Buffer Overflow
Posted Aug 3, 2020
Authored by Saeed reza Zamanian

BacklinkSpeed version 2.4 SEH buffer overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
MD5 | 125549f2a909bc9933fb1effe1953aa3
CloudMe 1.11.2 SEH Buffer Overflow
Posted Aug 3, 2020
Authored by Clement Cruchet

CloudMe version 1.11.2 SEH buffer overflow exploit.

tags | exploit, overflow
advisories | CVE-2018-6892
MD5 | f14aefabd6974df7ab1eb432b3acade5
All-Dynamics Software enlogic:show Digital Signage System 2.0.2 Session Fixation
Posted Aug 2, 2020
Authored by LiquidWorm | Site zeroscience.mk

All-Dynamics Software enlogic:show Digital Signage System version 2.0.2 suffers from a session fixation vulnerability.

tags | exploit
MD5 | b360840e29dc9c52e8c3e47dcec29e65
All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF
Posted Aug 2, 2020
Authored by LiquidWorm | Site zeroscience.mk

All-Dynamics Software enlogic:show Digital Signage System version 2.0.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 7e17b980450da6f3316e47dbaa25e3d6
Online Bike Rental 1.0 Shell Upload
Posted Aug 1, 2020
Authored by Bobby Cooke, hyd3sec

Online Bike Rental version 1.0 suffers from an authenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | c24d92ba32b907f53df823c312feb8d2
iOS Page Protection Layer (PPL) Bypass
Posted Jul 31, 2020
Authored by Google Security Research, bazad

iOS suffers from a Page Protection Layer (PPL) bypass due to incorrect argument verification in pmap_protect_options_internal() and pmap_remove_options_internal().

tags | exploit
systems | ios
advisories | CVE-2020-9909
MD5 | 880d5a7841d44d213ff1f1ca340b8776
FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation
Posted Jul 31, 2020
Authored by Brendan Coles, Andy Nguyen | Site metasploit.com

This Metasploit module exploits a race and use-after-free vulnerability in the FreeBSD kernel IPv6 socket handling. A missing synchronization lock in the IPV6_2292PKTOPTIONS option handling in setsockopt permits racing ip6_setpktopt access to a freed ip6_pktopts struct. This exploit overwrites the ip6po_pktinfo pointer of a ip6_pktopts struct in freed memory to achieve arbitrary kernel read/write.

tags | exploit, arbitrary, kernel
systems | freebsd, bsd
advisories | CVE-2020-7457
MD5 | 1349f7155a1c7dce0d1fdef5aa98748a
SharePoint DataSet / DataTable Deserialization
Posted Jul 31, 2020
Authored by Soroush Dalili, mr_me, Spencer McIntyre | Site metasploit.com

A remotely exploitable vulnerability exists within SharePoint that can be leveraged by a remote authenticated attacker to execute code within the context of the SharePoint application service. The privileges in this execution context are determined by the account that is specified when SharePoint is installed and configured. The vulnerability is related to a failure to validate the source of XML input data, leading to an unsafe deserialization operation that can be triggered from a page that initializes either the ContactLinksSuggestionsMicroView type or a derivative of it. In a default configuration, a Domain User account is sufficient to access SharePoint and exploit this vulnerability.

tags | exploit, remote
advisories | CVE-2020-1147
MD5 | 1951b8a6649841f289b9e4feb3f9e3b0
CA Unified Infrastructure Management Nimsoft 7.80 Buffer Overflow
Posted Jul 31, 2020
Authored by wetw0rk | Site metasploit.com

This Metasploit module exploits a buffer overflow within the CA Unified Infrastructure Management nimcontroller. The vulnerability occurs in the robot (controller) component when sending a specially crafted directory_list probe. Technically speaking the target host must also be vulnerable to CVE-2020-8010 in order to reach the directory_list probe.

tags | exploit, overflow
advisories | CVE-2020-8010, CVE-2020-8012
MD5 | ffc98387b67aad159a485c22345cee2d
Online Shopping Alphaware 1.0 SQL Injection
Posted Jul 31, 2020
Authored by Ahmed Abbas

Online Shopping Alphaware version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 2f22bbeb57ec0516c03bb902f1c1c310
Online Bike Rental 1.0 Shell Upload
Posted Jul 31, 2020
Authored by hyd3sec

Online Bike Rental version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 5137e92942eb565db42676669250675a
Daily Tracker System 1.0 Cross Site Scripting
Posted Jul 31, 2020
Authored by hyd3sec

Daily Tracker System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f76f9f2e802b07ba734d6ceff8f28a90
Daily Tracker System 1.0 SQL Injection
Posted Jul 31, 2020
Authored by Bobby Cooke, hyd3sec

Daily Tracker System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 4f5a24a83647c98bdc4387fb5214ec35
Namirial SIGNificant SignAnyWhere 6.10.x Cross Site Scripting
Posted Jul 30, 2020
Authored by Philipp Espernberger | Site sec-consult.com

Namirial SIGNificant SignAnyWhere versions 6.10.60.25434 and 6.10.100.25817 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | d99d281f793f77347d2add6ed8e295c2
Page 1 of 1,844
Back12345Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close