exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 52,718 RSS Feed

Exploit Files

VMware Cloud Director 10.5 Authentication Bypass
Posted Mar 13, 2024
Authored by Abdualhadi Khalifa

VMware Cloud Director version 10.5 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2023-34060
SHA-256 | aa2016d4a29081d33539e9bdd7cc84da6d05dd8194b6a641aca62c33d9daf9e5
Karaf 4.4.3 Remote Code Execution
Posted Mar 13, 2024
Authored by Andrzej Olchawa, Milenko Starcik | Site github.com

Karaf version 4.4.3 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 2f400975f659ce2b1411ab5f0648a7b24fbc5ff13c60a27cd18e2461d40bfd86
OSGi 3.7.2 Remote Code Execution
Posted Mar 13, 2024
Authored by Andrzej Olchawa, Milenko Starcik | Site github.com

OSGi versions 3.7.2 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | b58312b3c9ef3414d27ca17e2db9d015ffcd0263ed95cd4c31a69f65fd99f59d
OSGi 3.18 Remote Code Execution
Posted Mar 13, 2024
Authored by Andrzej Olchawa, Milenko Starcik | Site github.com

OSGi versions 3.8 through 3.18 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | f497ebf8b35afe62aa891bf6ce65680f2ac452e845456b06776d98729a31b50d
NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution
Posted Mar 12, 2024
Authored by chebuya

NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross site scripting payload can be leveraged to execute commands on NorthStar C2 agents.

tags | exploit, web, javascript, xss
advisories | CVE-2024-28741
SHA-256 | e3d03b1bb5d42cd9ee527169a57dc6bfa52c6c6b50d4e1a990a6c9443e01b3b1
Human Resource Management System 1.0 SQL Injection
Posted Mar 12, 2024
Authored by Srikar

Human Resource Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Abdulhakim Oner in March of 2023.

tags | exploit, remote, sql injection
SHA-256 | fe2afefb91ff4eaa074c0f4b68fb13bdd541d5861e3a3b9d46706cb51d0cc9e0
Numbas Remote Code Execution
Posted Mar 11, 2024
Authored by Matheus Boschetti

Numbas versions prior to 7.3 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2024-27612
SHA-256 | e0195e7e21a5182d8c8267f498108059037a2956810cf1cbc5880c33a370d809
Sitecore 8.2 Remote Code Execution
Posted Mar 11, 2024
Authored by Abhishek Morla

Sitecore version 8.2 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2023-35813
SHA-256 | bb3d70849315ed8ba0c15b23acace7c5306c6747aad0652046ed829b77617644
Adobe ColdFusion 2018,15 / 2021,5 Arbitrary File Read
Posted Mar 11, 2024
Authored by Youssef Muhammad

Adobe ColdFusion versions 2018,15 and below and versions 2021,5 and below suffer from an arbitrary file read vulnerability.

tags | exploit, arbitrary
advisories | CVE-2023-26360
SHA-256 | 13a86908b0179fbc89ec6afba2a1ff200d2d4e963318afddcb2f12582423ca11
Backdoor.Win32.Beastdoor.oq MVID-2024-0674 Remote Command Execution
Posted Mar 11, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Beastdoor.oq malware suffers from a remote command execution vulnerability.

tags | exploit, remote
systems | windows
SHA-256 | 72378386669ae9759edcef742e72bbceb8bebb4fef342a5fb8f58cf8290dd75a
WordPress Duplicator Data Exposure / Account Takeover
Posted Mar 11, 2024
Authored by Dmitrii Ignatyev

WordPress Duplicator plugin versions prior to 1.5.7.1 suffer from an unauthenticated sensitive data exposure vulnerability that can lead to account takeover.

tags | exploit
advisories | CVE-2023-6114
SHA-256 | 14448881a372208b90c6168cf1256892d8c4d6b6d3e1676dcb7526051d81afc8
RUPPEINVOICE 1.0 SQL Injection
Posted Mar 11, 2024
Authored by nu11secur1ty

RUPPEINVOICE version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2701252b167dc0643eea0b84f5eb8444d2b066ddad3f7542ce0b126ade721018
WordPress Hide My WP SQL Injection
Posted Mar 11, 2024
Authored by Xenofon Vassilakopoulos

WordPress Hide My WP plugin versions 6.2.9 and below suffer from an unauthenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2022-4681
SHA-256 | 33f5fa64f551c4a29625c510ca5f542be8dc039807964ef77f7aca808db3a3bf
DataCube3 1.0 Shell Upload
Posted Mar 11, 2024
Authored by Samy Younsi

DataCube3 version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2024-25830, CVE-2024-25832
SHA-256 | a5ca9dcfc24b6607634b3ccc91b9b2cf12ca8ba0a229101f9e74e14975448d9a
Akaunting 3.1.3 Remote Command Execution
Posted Mar 11, 2024
Authored by u32i

Akaunting versions 3.1.3 and below suffer from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2024-22836
SHA-256 | 8d4933e0c1b3efde90f0ca90ae286fa4036671aa25168b79c0dd977756a0f6b1
Hitachi NAS SMU Backup And Restore Insecure Direct Object Reference
Posted Mar 11, 2024
Authored by Arslan Masood

Hitachi NAS SMU Backup and Restore versions prior to 14.8.7825.01 suffer from an insecure direct object reference vulnerability.

tags | exploit
advisories | CVE-2023-5808
SHA-256 | 3cfc580881d74cff8068b880201aeb809919ad954eac8b5a50b277411adaa510
TP-Link TL-WR740N Buffer Overflow / Denial Of Service
Posted Mar 11, 2024
Authored by Anish Feroz

There exists a buffer overflow vulnerability in the TP-Link TL-WR740 router that can allow an attacker to crash the web server running on the router by sending a crafted request.

tags | exploit, web, denial of service, overflow
SHA-256 | 1ffb14b7cc151eb147dfc888b64259bdf2c04d3a6a304b037e87c8e84424acb5
MongoDB 2.0.1 / 2.1.1 / 2.1.4 / 2.1.5 Local Password Disclosure
Posted Mar 8, 2024
Authored by Emad Al-Mousa

MongoDB versions 2.0.1, 2.1.1, 2.1.4, and 2.1.5 appear to suffer from multiple localized password disclosure issues.

tags | exploit, info disclosure
SHA-256 | ec43188752263df8468c0d1efaa74c0c5834d7a2469f132a2cf3841157e23944
Ladder 0.0.21 Server-Side Request Forgery
Posted Mar 8, 2024
Authored by chebuya

Ladder versions 0.0.1 through 0.0.21 fail to apply sufficient default restrictions on destination addresses, allowing an attacker to make GET requests to addresses that would typically not be accessible from an external context. An attacker can access private address ranges, locally listening services, and cloud instance metadata APIs.

tags | exploit
advisories | CVE-2024-27620
SHA-256 | f06f89665ccf4436395e34e316f44542fe2c8e5818e1b20f6b1def5ff8cf0c48
FullCourt Enterprise 8.2 Cross Site Scripting
Posted Mar 7, 2024
Authored by Omar Sabagh

FullCourt Enterprise version 8.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2024-25327
SHA-256 | fb84d6d2742c62baaef0300444804dccd4f9822a3ed05a712c9990f000275ecf
NDtaskmatic 1.0 SQL Injection
Posted Mar 7, 2024
Authored by nu11secur1ty

NDtaskmatic version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 937864e92a9493aa55230c661e22af5ba23fc573b0d4f507979622c61443310b
GliNet 4.x Authentication Bypass
Posted Mar 7, 2024
Authored by Daniele Linguaglossa

GliNet with firmware version 4.x suffers from an authentication bypass vulnerability. Other firmware versions may also be affected.

tags | exploit, bypass
advisories | CVE-2023-46453
SHA-256 | 9e410e03b3bd4618426fd89f2dff470200407bdec2f93eaee59126f9738230f6
Artica Proxy 4.50 Loopback Service Disclosure
Posted Mar 6, 2024
Authored by Jim Becher, Jaggar Henry | Site korelogic.com

Services that are running and bound to the loopback interface on the Artica Proxy version 4.50 are accessible through the proxy service. In particular, the tailon service is running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.

tags | exploit, root, tcp
advisories | CVE-2024-2056
SHA-256 | 0693c2ce363baaef7b371443418fb29623edc052f8d82f02eea207672f271e4b
Artica Proxy 4.40 / 4.50 Authentication Bypass / Privilege Escalation
Posted Mar 6, 2024
Authored by Jim Becher | Site korelogic.com

The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. This provides an unauthenticated attacker complete access to the file system.

tags | exploit, web, root
advisories | CVE-2024-2055
SHA-256 | 4e458aef9f797d0714e86e3cbbbe7fdd8225fa1b68b23cd60a66a992d28a4eb5
Artica Proxy 4.50 Unauthenticated PHP Deserialization
Posted Mar 6, 2024
Authored by Jaggar Henry | Site korelogic.com

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is affected.

tags | exploit, web, arbitrary, php, code execution
advisories | CVE-2024-2054
SHA-256 | 8e2ee354af5fde39323dcb9b78bd8d0b892172400746b1b66015b3a87cbd8630
Page 4 of 2,109
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close