Exploit the possiblities
Showing 1 - 25 of 39,716 RSS Feed

Exploit Files

Google Chrome Universal Cross Site Scripting
Posted Nov 17, 2017
Authored by Bo0oM

Google Chrome versions prior to 62 universal cross site scripting proof of concept exploit.

tags | exploit, xss, proof of concept
advisories | CVE-2017-5124
MD5 | ad8127eed413a23668fc4660414117ff
VXSearch 10.2.14 Local SEH Overflow
Posted Nov 17, 2017
Authored by wetw0rk

VXSearch version 10.2.14 local SEH buffer overflow exploit that binds a shell to port 1337.

tags | exploit, overflow, local
MD5 | 1ab1330c76b3835a22a52f5325e58751
Progress Sitefinity 10.0 / 10.1 Broken Access Control / LINQ Injection
Posted Nov 17, 2017
Authored by M. Li | Site sec-consult.com

Progress Sitefinity versions 10.0 and 10.1 suffer from broken access control and LINQ injection vulnerabilities.

tags | exploit, vulnerability
MD5 | 81f6c377a2786674652795adbfa628e3
D-Link DCS-936L Cross Site Request Forgery
Posted Nov 17, 2017
Authored by SlidingWindow

D-Link DCS-936L suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2017-7851
MD5 | 16ebb26ff2ecf0815f3032dd2a3b7e7c
Dell Active Roles 7.x Unquoted Service Path Privilege Escalation
Posted Nov 17, 2017
Authored by SlidingWindow

Dell Active Roles versions 7.1, 7.0.4, 7.0.3, 7.0.2, and 7.0 suffer from an unquoted service path privilege escalation vulnerability.

tags | exploit
MD5 | 345625e8405d3b2ffe718dce42429c46
phpMyFAQ 2.9.9 Code Injection
Posted Nov 17, 2017
Authored by tomplixsee

phpMyFAQ version 2.9.9 suffers from an issue where an administrative account can execute arbitrary code on the server by modifying LANG_CONF[main.metaDescription].

tags | exploit, arbitrary
MD5 | 225232827b43d46c5d4a7742cbe2ff01
D-Link DIR605L 2.08 Denial Of Service
Posted Nov 16, 2017
Authored by Enrique Castillo

D-Link DIR605L versions 2.08 and below suffer from a denial of service vulnerability via a simple HTTP GET.

tags | exploit, web, denial of service
advisories | CVE-2017-9675
MD5 | 3c396f0245454d42f77452604a2987db
Microsoft Edge Chakra JIT Bailout Generation
Posted Nov 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a JIT issue where bailouts must be generated for OP_Memset.

tags | exploit
advisories | CVE-2017-11873
MD5 | c404973e6b026871d91a362e59d73a57
Microsoft Edge Charka JIT Incorrect Check
Posted Nov 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a Jit related incorrect integer overflow check in Lowerer::LowerBoundCheck.

tags | exploit, overflow
advisories | CVE-2017-11861
MD5 | f57dbe49f45b04c0077db21db1563088
Microsoft Edge Chakra JIT Type Confusion
Posted Nov 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a JIT related type confusion vulnerability with switch statements.

tags | exploit
advisories | CVE-2017-11811
MD5 | 8f8c70e8979dd42b0451c66d98b096e6
Microsoft Edge Object.setPrototypeOf Memory Corruption
Posted Nov 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge suffers from a memory corruption vulnerability in Object.setPrototypeOf.

tags | exploit
advisories | CVE-2017-8751
MD5 | 92759ead0f53bf182fa98170e0d5a064
Microsoft Windows Kernel Pool Address Derivation
Posted Nov 15, 2017
Authored by Google Security Research, mjurczyk

The OpenType ATMFD.DLL kernel-mode font driver on Windows has an undocumented "escape" interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications through an exported (but not documented) gdi32!NamedEscape function, which internally invokes the NtGdiExtEscape syscall.

tags | exploit, kernel
systems | windows
MD5 | ac8c580a68213846a36f69940bc63b44
Microsoft Windows Kernel Pool GetFontData Address Leak
Posted Nov 15, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool address is leaked via an undocumented GetFontData feature in ATMFD.

tags | exploit, kernel
systems | windows
MD5 | 0fc9e0391632fca8d511a3b229bca0a1
Microsoft Windows WLDP/Scriptlet CLSID UMCI Bypass
Posted Nov 15, 2017
Authored by James Forshaw, Google Security Research

The enlightened lockdown policy check for COM Class instantiation can be bypassed in Scriptlet hosts leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).

tags | exploit, arbitrary, code execution
MD5 | 9f26a70091ba091d126dd62e22de0746
Vivotek IP Cameras Remote Stack Overflow
Posted Nov 15, 2017
Authored by bashis

Many Vivotek IP cameras suffer from a remote stack overflow vulnerability. Device models include CC8160, CC8370, CC8371, CD8371, FD8166A, FD8166A, FD8166A-N, FD8167A, FD8167A, FD8167AS, FD8167AS, FD8169A, FD8169A, FD8169A, FD8169AS, FD8169AS, FD816B, FD816B, FD816BA, FD816BA, FD816C, FD816C, FD816CA, FD816CA, FD816D, FD8177, FD8179, FD8182, FD8182, FD8182-F1, FD8365A_v2, FD8367A, FD8367A, FD8369A, FD8369A, FD836B, FD836BA, FD836D, FD8377, FD8379, FD8382, FD9171, FD9181, FD9371, FD9381, FE8174_v2, FE8181_v2, FE8182, FE8374_v2, FE8381_v2, FE9181, FE9182, FE9381, FE9382, IB8367A, IB8369A, IB836B, IB836BA, IB836D, IB8377, IB8379, IB8382, IB9371, IB9381, IP8166, IP9171, IP9181, IZ9361, MD8563, MD8564, MD8565, SD9161, SD9361, SD9362, SD9363, SD9364, SD9365, SD9366, and VC8101.

tags | exploit, remote, overflow
MD5 | 95d414aca43139b941563e125a91b31e
Anti-Virus Privileged File Write
Posted Nov 15, 2017
Authored by Florian Bogner

Anti-Virus solutions are split into several different components (an unprivileged user mode part, a privileged user mode part and a kernel component). Logically the different systems talk to each other. By abusing NTFS directory junctions it is possible from the unprivileged user mode part ("the UI") to restore files from the virus quarantine with the permissions of the privileged user mode part ("Windows service"). This may results in a privileged file write vulnerability.

tags | exploit, kernel, virus
systems | windows
MD5 | 7862227fbd0c9e346e9689c3307fcd0a
Ulterius Server Directory Traversal
Posted Nov 15, 2017
Authored by Rick Osgood

Ulterius Server version prior to 1.9.5.0 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2017-16806
MD5 | d120292bfc40e946f75650acf7e268cb
Allworx Server Manager 6x / 6x12 / 48x Cross Site Scripting
Posted Nov 15, 2017
Authored by LiquidWorm | Site zeroscience.mk

Allworx Server Manager versions 6x, 6x12, and 48x suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 03843045c240dd5452b85689aaa3d6b7
Dup Scout Enterprise 10.0.18 Buffer Overflow
Posted Nov 15, 2017
Authored by sickness

Dup Scout Enterprise version 10.0.18 'Login' buffer overflow exploit.

tags | exploit, overflow
MD5 | 790e2c3309e345ffb151e91188c0384a
Siemens SICAM RTUs SM-2556 COM Modules XSS / Bypass / Code Execution
Posted Nov 14, 2017
Site sec-consult.com

Siemens SICAM RTUs SM-2556 COM modules (firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00) suffer from authentication bypass, code execution, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
advisories | CVE-2017-12737, CVE-2017-12738, CVE-2017-12739
MD5 | 3283852a55a15196693165f91cac0937
WordPress DFD Reddcoin Tips 1.1.1 Cross Site Scripting
Posted Nov 14, 2017
Authored by Ricardo Sanchez

WordPress DFD Reddcoin Tips plugin version 1.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1b70914b34048eb9b0dc996a52585241
WordPress AMP Toolbox 1.9.4 Cross Site Scripting
Posted Nov 14, 2017
Authored by Ricardo Sanchez

WordPress AMP Toolbox plugin version 1.9.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b6a83e59a1a7fb15d444d25ce7eab902
WordPress Affiliate Ads For Clickbank Products 1.3 XSS
Posted Nov 14, 2017
Authored by Ricardo Sanchez

WordPress Affiliate Ads for Clickbank Products plugin version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | da711e4a4333cb8623f2939e09c9f31a
D-Link DIR-850L Unauthenticated Command Execution
Posted Nov 14, 2017
Authored by Mumbai, Zdenda | Site metasploit.com

This Metasploit module leverages an unauthenticated credential disclosure vulnerability to execute arbitrary commands on DIR-850L routers as an authenticated user.

tags | exploit, arbitrary
MD5 | 670314dfdf489f27ab72b01f00cd4dc6
WordPress Boozang 1.0.0 Cross Site Scripting
Posted Nov 13, 2017
Authored by Ricardo Sanchez

WordPress Boozang plugin version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 07790d7c65071a3b9f6564d2737b13aa
Page 1 of 1,589
Back12345Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close