Exploit the possiblities
Showing 51 - 75 of 39,716 RSS Feed

Exploit Files

FreeFloat FTP Server 1.0 HOST Buffer Overflow
Posted Nov 6, 2017
Authored by 1N3

FreeFloat FTP Server version 1.0 HOST buffer overflow exploit with ASLR bypass.

tags | exploit, overflow
MD5 | 279ef236aabe94105640f6b282f744be
CoolPlayer+ Portable 2.19.6 Stack Overflow
Posted Nov 6, 2017
Authored by 1N3

CoolPlayer+ Portable version 2.19.6 stack overflow exploit with ASLR bypass and a bind shell.

tags | exploit, overflow, shell
MD5 | 7aaf5691cd3da9557d896e0e81599b4f
web2Project 3.3 Cross Site Scripting
Posted Nov 6, 2017
Authored by M.R.S.L.Y

web2Project version 3.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4e8e7b7c29e31c60bed470d5f0f52883
Dialog Mobile Broadband 23.015.11.01.297 DLL Hijacking
Posted Nov 6, 2017
Authored by Himash N

Dialog Mobile Broadband version 23.015.11.01.297 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | d50ba80bd092d2bcf2040522c57ed047
Zoho ManageEngine Applications Manager 13 SQL Injection
Posted Nov 6, 2017
Authored by Cody Sixteen

Zoho ManageEngine Applications Manager version 13 suffers from multiple post-authentication remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2017-16542, CVE-2017-16543
MD5 | 8115dc4d1bf7c179bd4ceb7ff2fb80df
Avaya IP Office (IPO) 10.1 Soft Console Remote Buffer Overflow
Posted Nov 5, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from a soft console remote buffer overflow vulnerability.

tags | exploit, remote, overflow
advisories | CVE-2017-11309
MD5 | 862ebfc960f33b8449d9f1fc7496e388
Avaya IP Office (IPO) 10.1 Active-X Buffer Overflow
Posted Nov 5, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from an active-x buffer overflow vulnerability.

tags | exploit, overflow, activex
advisories | CVE-2017-12969
MD5 | 2f1f9921cb68a6eaeba533573958d1b5
SMPlayer 17.11.0 Buffer Overflow Proof Of Concept
Posted Nov 5, 2017
Authored by bzyo

SMPlayer version 17.11.0 .m3u buffer overflow proof of concept denial of service exploit.

tags | exploit, denial of service, overflow, proof of concept
MD5 | 1bcb814e932a01009608c02420cfeeb3
Splunk 6.6.x Local Privilege Escalation
Posted Nov 3, 2017
Authored by Hank Leininger | Site korelogic.com

Splunk version 6.6.x suffers from a local privilege escalation vulnerability. Splunk can be configured to run as a non-root user. However, that user owns the configuration file that specifies the user to run as, so it can trivially gain root privileges.

tags | exploit, local, root
MD5 | 3e674b7b7b2bbcdc76d6019cc12711aa
Ipswitch WS_FTP Professional Local Buffer Overflow
Posted Nov 3, 2017
Authored by Kevin McGuigan

Ipswitch WS_FTP Professional versions prior to 12.6.0.3 local buffer overflow SEH exploit.

tags | exploit, overflow, local
advisories | CVE-2017-16513
MD5 | 933312c3e328f6314c710f3d3f67d22a
tnftp "savefile" Arbitrary Command Execution
Posted Nov 3, 2017
Authored by wvu, Jared McNeill | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component of the requested resource. If the output filename begins with a "|" character, tnftp will pass the fetched resource's output to the command directly following the "|" character through the use of the popen() function.

tags | exploit, arbitrary
advisories | CVE-2014-8517
MD5 | b5f59581708e95b46c762d98b3d487b8
WordPress WP Mobile Detector 3.5 Shell Upload
Posted Nov 3, 2017
Authored by h00die, Aaditya Purani | Site metasploit.com

WP Mobile Detector Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/wp-mobile-detector/resize.php script does contains a remote file include for files not cached by the system already. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.

tags | exploit, remote, web, arbitrary, php
MD5 | 1d01dc001a0e9ab61957d22e50f28f0c
Ladon Framework For Python 0.9.40 XXE Injection
Posted Nov 3, 2017
Site redteam-pentesting.de

Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and read local files, forge server side requests or overload the service with exponentially growing memory payloads. Versions 0.9.40 and below are affected.

tags | exploit, web, local
MD5 | 56720fcc2b7cc9bfd94f0fbaf6ff432d
WordPress JTRT Responsive Tables 4.1 SQL Injection
Posted Nov 3, 2017
Authored by Lenon Leite

WordPress JTRT Responsive Tables plugin version 4.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 68e2e59e2090580701cdb76d1c40d401
GraphicsMagick Memory Disclosure / Heap Overflow
Posted Nov 3, 2017
Site securiteam.com

GraphicsMagick suffers from memory disclosure and heap overflow vulnerabilities.

tags | exploit, overflow, vulnerability, info disclosure
advisories | CVE-2017-16352, CVE-2017-16353
MD5 | 4c20de7dd05ba1f7488b1f5fb80a4f1c
Oracle PeopleSoft Enterprise PeopleTools Remote Code Execution
Posted Nov 3, 2017
Authored by Charles FOL

Oracle PeopleSoft Enterprise PeopleTools versions prior to 8.55 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-3548
MD5 | 386817b75cfab78cda1a360f8acbe438
Sera 1.2 Local Root / Password Disclosure
Posted Nov 2, 2017
Authored by Mark Wadham

Sera version 1.2 suffers from a password disclosure that can allow for root privilege escalation.

tags | exploit, root
advisories | CVE-2017-15918
MD5 | 4625b7cb42f5e2f2c434c541fa4f6c89
Vir.IT eXplorer Anti-Virus Privilege Escalation
Posted Nov 2, 2017
Authored by Parvez Anwar

Vir.IT eXplorer Anti-Virus suffers from a privilege escalation vulnerability.

tags | exploit, virus
advisories | CVE-2017-16237
MD5 | ff30fb040fe89ba20d52d211ff216ade
Oracle Java SE Wv8u131 Information Disclosure
Posted Nov 2, 2017
Authored by mr_me

Oracle Java SE installs a protocol handler in the registry as "HKEY_CLASSES_ROOT\jnlp\Shell\Open\Command\Default" 'C:\Program Files\Java\jre1.8.0_131\bin\jp2launcher.exe" -securejws "%1"'. This can allow allow an attacker to launch remote jnlp files with little user interaction. A malicious jnlp file containing a crafted XML XXE attack can be leveraged to disclose files, cause a denial of service or trigger SSRF. Versions v8u131 and below are affected.

tags | exploit, java, remote, denial of service, shell, registry, protocol, info disclosure
advisories | CVE-2017-10309
MD5 | 1e5c74e4370cfb11bd675efce53eb688
Protected Links SQL Injection
Posted Nov 2, 2017
Authored by Ihsan Sencan

Protected Links suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-15977
MD5 | 8eb5959090abf91355cb01edc11dc01f
AROX School ERP PHP Script SQL Injection
Posted Nov 2, 2017
Authored by Ihsan Sencan

AROX School ERP PHP Script suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
advisories | CVE-2017-15978
MD5 | 358add815952626c233d8974647c8a64
Newspaper Magazine And Blog CMS 1.0 SQL Injection
Posted Nov 2, 2017
Authored by Ihsan Sencan

Newspaper Magazine and Blog CMS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-15981
MD5 | 23e53e52f34e42d216f0239154f1d69d
Shareet Photo Sharing Social Network SQL Injection
Posted Nov 2, 2017
Authored by Ihsan Sencan

Shareet Photo Sharing Social Network suffers from a remote SQL Injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-15979
MD5 | cfd15b7ecac832bdbbd2b57335aa5f00
US Zip Codes Database SQL Injection
Posted Nov 2, 2017
Authored by Ihsan Sencan

US Zip Codes Database suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-15980
MD5 | d6b92e1e691a1e366d957fd52f5ee392
Ingenious School Management System 2.3.0 SQL Injection
Posted Nov 2, 2017
Authored by Giulio Comi

Ingenious School Management System version 2.3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0edcc3dcc71ecc83921e8b0f682a0862
Page 3 of 1,589
Back12345Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close