Twenty Year Anniversary
Showing 1 - 25 of 41,003 RSS Feed

Exploit Files

Adobe Experience Manager (AEM) Remote Code Execution
Posted May 20, 2018
Authored by StaticFlow

Default credentials in Adobe Experience Manager (AEM) versions prior to 6.3 can lead to remote code execution.

tags | exploit, remote, code execution
MD5 | e16c1926d28aab23d1dc10543db6f4a9
D-Link DSL-3782 Authentication Bypass
Posted May 20, 2018
Authored by Giulio Comi

D-Link DSL-3782 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-8898
MD5 | 82877c3443f5f0d83fd34a6e522f4f8a
Easy MPEG To DVD Burner 1.7.11 Buffer Overflow
Posted May 20, 2018
Authored by Juan Prescotto

Easy MPEG to DVD Burner version 1.7.11 local buffer overflow SEH exploit with DEP bypass.

tags | exploit, overflow, local
MD5 | 2d2c9f99e2e27977fff8243f09ccfb09
Joomla EkRishta 2.10 Cross Site Scripting / SQL Injection
Posted May 20, 2018
Authored by Sina Kheirkhah

Joomla EkRishta component version 2.10 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | bbb01327012f75900dff9c4486d2bd9b
mySCADA myPRO 7 Hardcoded Credentials
Posted May 20, 2018
Authored by Emre AVANA

mySCADA myPRO version 7 has a hardcoded FTP username and password.

tags | exploit
advisories | CVE-2018-11311
MD5 | b36ac90484f85fddd1f5a1d02d46eabb
Reliable Datagram Sockets (RDS) Privilege Escalation
Posted May 19, 2018
Authored by Dan Rosenberg, Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu 10.04 (x86_64) with kernel version 2.6.32-21-generic.

tags | exploit, kernel, root
systems | linux, fedora, ubuntu
advisories | CVE-2010-3904
MD5 | ca0aaa65162c3d2e20a520b81415f4ae
Healwire Online Pharmacy 3.0 Cross Site Request Forgery / Cross Site Scripting
Posted May 18, 2018
Authored by Borna Nematzadeh

Healwire Online Pharmacy version 3.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 9196695291014c0d67db9bdd80d678ff
HPE iMC 7.3 Remote Code Execution
Posted May 18, 2018
Authored by mr_me, trendytofu | Site metasploit.com

This Metasploit module exploits an expression language injection vulnerability, along with an authentication bypass vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04 to achieve remote code execution. The HP iMC server suffers from multiple vulnerabilities allows unauthenticated attacker to execute arbitrary Expression Language via the beanName parameter, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 8080 and 8443 by default. This Metasploit module has been tested successfully on iMC PLAT v7.3(E0504P02) on Windows 2k12r2 x64 (EN).

tags | exploit, remote, arbitrary, tcp, vulnerability, code execution, bypass
systems | windows
advisories | CVE-2017-12500, CVE-2017-8982
MD5 | 409c199dae62513789f6016cba7903bd
SAP B2B / B2C CRM Local File Inclusion
Posted May 18, 2018
Authored by Richard Alviarez

SAP B2B / B2C CRM versions 2.x up to 4.x suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | d9253407b7b389816488abe6d1a1e481
DynoRoot DHCP Command Injection
Posted May 18, 2018
Authored by Kevin Kirsche

DynoRoot DHCP suffers from a client command injection vulnerability.

tags | exploit
advisories | CVE-2018-1111
MD5 | 2e8a721a5d5bb1c6f66a40274aea5ae1
Infinity Market Classified Ads Script 1.6.2 Cross Site Request Forgery
Posted May 18, 2018
Authored by Borna Nematzadeh

Infinity Market Classified Ads Script version 1.6.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | bd90cdb52547245a61c4cbdb0d6e87ee
Prime95 29.4b8 Stack Buffer Overflow
Posted May 18, 2018
Authored by crash_manucoot

Prime95 version 29.4b8 SEH buffer overflow exploit.

tags | exploit, overflow
MD5 | f8f20d97ff558024599a9ee8ee40f52e
Cisco SA520W Security Appliance Path Traversal
Posted May 18, 2018
Authored by Nassim Asrir

Cisco SA520W Security Appliance suffers from a path traversal vulnerability.

tags | exploit, file inclusion
systems | cisco
MD5 | d8f45b8bfc45f6a23ec142f301ed9a58
Siemens SIMATIC Panels Cross Site Request Forgery / Cross Site Scripting
Posted May 18, 2018
Authored by t4rkd3vilz

Multiple Siemens SIMATIC panels suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 52fd7f7488e289fc4a42c19a2bd6d53b
Linux 4-Byte Information Leak
Posted May 18, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from a 4-byte information leak via an uninitialized struct field in the compat adjtimex syscall.

tags | exploit
systems | linux
MD5 | 3e22473d4edff1e68082884c6f7a235b
Microsoft Edge Chakra JIT Bounce Check Elimination Bug
Posted May 18, 2018
Authored by Google Security Research, lokihardt

Chakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks. But the class follows the linked list instead of the control flow. This may lead to incorrectly remove the bound checks.

tags | exploit
advisories | CVE-2018-0980
MD5 | 09442d487262053ca44c67ade9eacecb
SAP NetWeaver Web Dynpro Information Disclosure
Posted May 18, 2018
Authored by Richard Alviarez

SAP NetWeaver Web Dynpro versions 6.4 up to 7.5 suffer from an information disclosure vulnerability.

tags | exploit, web, info disclosure
MD5 | 8067c3689144753ad6dd851439ba0e9f
Monstra CMS Cross Site Scripting
Posted May 18, 2018
Authored by Berk Dusunur

Monstra CMS versions prior to 3.0.4 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1f1f0e7cdd0eff105e7fcaf27d217cef
AF_PACKET packet_set_ring Privilege Escalation
Posted May 17, 2018
Authored by Brendan Coles, Andrey Konovalov | Site metasploit.com

This Metasploit module exploits a heap-out-of-bounds write in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2017-7308). The bug was initially introduced in 2011 and patched in version 4.10.6, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu Xenial kernels 4.8.0 < 4.8.0-46, including Linux distros based on Ubuntu Xenial, such as Linux Mint. The target system must have unprivileged user namespaces enabled and two or more CPU cores. Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation may crash the kernel. This Metasploit module has been tested successfully on Linux Mint 18 (x86_64) with kernel versions: 4.8.0-34-generic; 4.8.0-36-generic; 4.8.0-39-generic; 4.8.0-41-generic; 4.8.0-42-generic; 4.8.0-44-generic; 4.8.0-45-generic.

tags | exploit, kernel, root
systems | linux, ubuntu
advisories | CVE-2017-7308
MD5 | 619464075778b62a92b3753066e120ba
Intelbras NCLOUD 300 1.0 Authentication Bypass
Posted May 17, 2018
Authored by Pedro Aguiar

Intelbras NCLOUD 300 version 1.0 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-11094
MD5 | 388ac8e1c27e9c1b841bbf975ca1481a
Nanopool Claymore Dual Miner 7.3 Remote Code Execution
Posted May 17, 2018
Authored by ReverseBrain

Nanopool Claymore Dual Miner version 7.3 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-1000049
MD5 | 8623321185104823c8fa7a0e5ca0190f
Powerlogic/Schneider Electric IONXXXX Series Cross Site Request Forgery
Posted May 17, 2018
Authored by t4rkd3vilz

Powerlogic/Schneider Electric IONXXXX Series suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2016-5809
MD5 | 2ef17c9ee603982d018c378cdb7b105c
SuperCom Online Shopping Ecommerce Cart 1 XSS / CSRF / SQL Injection
Posted May 17, 2018
Authored by Borna Nematzadeh

SuperCom Online Shopping Ecommerce Cart 1 suffers from remote SQL injection, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | eee904a60e89110b7191ba2d167bbfb3
NodAPS 4.0 Cross Site Request Forgery / SQL Injection
Posted May 17, 2018
Authored by Borna Nematzadeh

NodAPS version 4.0 suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
MD5 | c44435ac73194c9205c2e0f6fdab2a8b
RSA Authentication Manager XML Injection / Cross Site Scripting
Posted May 16, 2018
Authored by Mantas Juskauskas | Site sec-consult.com

RS Authentication Manager versions prior to 8.3 P1 suffer from cross site scripting and XML external entity injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-1247
MD5 | 64f46f62982ecef4ac4dd6fbab721205
Page 1 of 1,641
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

May 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    17 Files
  • 3
    May 3rd
    30 Files
  • 4
    May 4th
    29 Files
  • 5
    May 5th
    2 Files
  • 6
    May 6th
    3 Files
  • 7
    May 7th
    13 Files
  • 8
    May 8th
    27 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    15 Files
  • 11
    May 11th
    8 Files
  • 12
    May 12th
    2 Files
  • 13
    May 13th
    8 Files
  • 14
    May 14th
    7 Files
  • 15
    May 15th
    43 Files
  • 16
    May 16th
    19 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    3 Files
  • 20
    May 20th
    6 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close