Exploit the possiblities
Showing 1 - 25 of 40,267 RSS Feed

Exploit Files

Sync Breeze Enterprise 9.5.16 Import Command Buffer Overflow
Posted Jan 24, 2018
Authored by Daniel Teixeira | Site metasploit.com

This Metasploit module exploits a buffer overflow in Sync Breeze Enterprise 9.5.16 by using the import command option to import a specially crafted xml file.

tags | exploit, overflow
advisories | CVE-2017-7310
MD5 | 395d219c09a1ba573c0f9f59e1e68bb8
Kaltura Remote PHP Code Execution
Posted Jan 24, 2018
Authored by Robin Verton, Mehmet Ince | Site metasploit.com

This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hard-coded cookie secret which allows to sign arbitrary cookie data. After passing this signature check, the base64- decoded data is passed to PHPs unserialize() function which allows for code execution. The constructed object is again based on the SektionEins Zend code execution POP chain PoC. Kaltura versions prior to 13.1.0 are affected by this issue. A valid entry_id (which is required for this exploit) can be obtained from any media resource published on the kaltura installation. This Metasploit module was tested against Kaltura 13.1.0-2 installed on Ubuntu 14.04.

tags | exploit, web, arbitrary, php, code execution
systems | linux, ubuntu
advisories | CVE-2017-14143
MD5 | 378cc7a64ba0d3b9625bf7d0daeb9bd6
GoAhead Web Server LD_PRELOAD Arbitrary Module Load
Posted Jan 24, 2018
Authored by H D Moore, h00die, Daniel Hodson | Site metasploit.com

This Metasploit module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled.

tags | exploit, web, arbitrary, cgi
advisories | CVE-2017-17562
MD5 | b52da760a508f605f6ac4e9e7f6f0ffe
SugarCRM Community Edition 6.5.26 SQL Injection
Posted Jan 24, 2018
Authored by Leon Juranic, DefenseCode

SugarCRM Community Edition versions 6.5.26 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 2ab4e697942a1f1e39de181287dee068
Wchat 1.5 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Wchat version 1.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5979
MD5 | ff340d5874e04231fd61a6b43b0add64
Zechat 1.5 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Zechat version 1.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5978
MD5 | 6c204cf2ed8ae8781d8e3a0a52c1c9d7
Oracle Financial Services Analytical Applications 7.3.5.x / 8.0.x XXE Injection / XSS
Posted Jan 24, 2018
Authored by Samandeep Singh, Mohammad Shah Bin Mohammad Esa | Site sec-consult.com

Oracle Financial Services Analytical Applications versions 7.3.5.x and 8.0.x suffer from XML external entity injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-2660, CVE-2018-2661
MD5 | 03e038ba3c35a62362f8c4edf912224d
Tumder 2.1 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Tumder version 2.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5984
MD5 | 96e4f5a5959d56c639c6f1ba96853306
Photography CMS 1.0 Cross Site Request Forgery
Posted Jan 24, 2018
Authored by Ihsan Sencan

Photography CMS version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2018-5969
MD5 | ee20e4531bad420ae4f0688f1a2f63ef
CentOS Web Panel 0.9.8.12 SQL Injection
Posted Jan 24, 2018
Site vulnerability-lab.com

CentOS Web Panel version 0.9.8.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
systems | linux, centos
MD5 | 33493d1a1a25a4ec93631c76f1de235f
Quickad 4.0 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Quickad version 4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5972
MD5 | 58f61303fa76bb6c4b92837db0a9cf18
Ananta Gazelle 1.0 Local File Inclusion
Posted Jan 24, 2018
Authored by indoushka

Ananta Gazelle version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 4787a2aeca9fd059da95526643ec3db8
Flexible Poll 1.2 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Flexible Poll version 1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5988
MD5 | 614e9164acd353afd335adfd827a2f3b
HP Connected Backup 8.6 / 8.8.6 Local Privilege Escalation
Posted Jan 24, 2018
Authored by Peter Lapp

HP Connected Backup versions 8.6 and 8.8.6 suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2017-14355
MD5 | 89601352eb8bfdea61891656d008f2a0
Easy Car Script 2014 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Easy Car Script version 2014 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5986
MD5 | c161d34dbc0dba312e7785828cfc9c24
RSVP Invitation Online 1.0 Cross Site Request Forgery
Posted Jan 24, 2018
Authored by Ihsan Sencan

RSVP Invitation Online version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2018-5976
MD5 | 56b58fb28bf393f19aab3a8ac34e9978
Affiligator 2.1.0 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

Affiligator version 2.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5977
MD5 | e95bd4f253bcda137c444d3180f3b8e3
LiveCRM SaaS Cloud 1.0 SQL Injection
Posted Jan 24, 2018
Authored by Ihsan Sencan

LiveCRM SaaS Cloud version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-5985
MD5 | 7294cdc18e018423e8872b071a187ac3
OTRS 5.0.x / 6.0.x Remote Command Execution
Posted Jan 24, 2018
Authored by Baeln0rn

OTRS versions 5.0.x and 6.0.x suffer from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2017-16921
MD5 | 8b9118aa714f8197988de1749d6146e5
PHPFreeChat 1.7 Denial Of Service
Posted Jan 24, 2018
Authored by A. Pakbaz

PHPFreeChat version 1.7 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2018-5954
MD5 | 16d1d46b419807573722b7e6e5d22597
Stok Takip 1.0 SQL Injection
Posted Jan 24, 2018
Authored by indoushka

Stok Takip version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 8e627a71128aeefb301fbb533d59fb61
Netis-WF2419 3.2.41381 Cross Site Scripting
Posted Jan 24, 2018
Authored by Sajibe Kanti

Netis-WF2419 version 3.2.41381 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 59e3cf23e9296c3ae603780d97d6c3f2
Serhat Sozluk 5 Cross Site Scripting
Posted Jan 24, 2018
Authored by indoushka

Serhat Sozluk version 5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 82026baf7b1436103b92a69abab45fdc
PayLink 3.0.1 Cross Site Scripting
Posted Jan 24, 2018
Authored by indoushka

PayLink version 3.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2504a2d85364e37969093891ff6d7a35
Workable Zone 1.1 Database Disclosure
Posted Jan 23, 2018
Authored by indoushka

Workable Zone version 1.1 human resource management system suffers from a database backup disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 723a0ed893274f3b291cb41bded17d20
Page 1 of 1,611
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    1 Files
  • 22
    Jan 22nd
    15 Files
  • 23
    Jan 23rd
    17 Files
  • 24
    Jan 24th
    35 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close