exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31,531 RSS Feed

Remote Files

AEGON LIFE 1.0 Remote Code Execution
Posted Jun 14, 2024
Authored by Aslam Anwar Mahimkar

AEGON LIFE version 1.0 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2024-36598
SHA-256 | 83c0b6f07fa2bbbfc9a1b6c65faabffb8275dcc2b2ae437176e0a02402bfdb89
AEGON LIFE 1.0 SQL Injection
Posted Jun 14, 2024
Authored by Aslam Anwar Mahimkar

AEGON LIFE version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2024-36597
SHA-256 | 646d1cf7442ad77863005127a29e4531ed5bd8d4bad908c80a867f32a4734921
PHP Remote Code Execution
Posted Jun 14, 2024
Authored by Yesith Alvarez

PHP versions prior to 8.3.8 suffer from a remote code execution vulnerability.

tags | exploit, remote, php, code execution
advisories | CVE-2024-4577
SHA-256 | 6d8851066f1e1d5a5aa1172f697d6dfd3debd910db8f3f51cfdc80ab2a6cb6ae
Telerik Report Server Authentication Bypass / Remote Code Execution
Posted Jun 13, 2024
Authored by unknown, Soroush Dalili, Spencer McIntyre, SinSinology | Site metasploit.com

This Metasploit module chains an authentication bypass vulnerability with a deserialization vulnerability to obtain remote code execution against Telerik Report Server versions 10.0.24.130 and below. The authentication bypass flaw allows an unauthenticated user to create a new user with administrative privileges. The USERNAME datastore option can be used to authenticate with an existing account to prevent the creation of a new one. The deserialization flaw works by uploading a specially crafted report that when loaded will execute an OS command as NT AUTHORITY\SYSTEM. The module will automatically delete the created report but not the account because users are unable to delete themselves.

tags | exploit, remote, code execution, bypass
advisories | CVE-2024-1800, CVE-2024-4358
SHA-256 | c8284cfa43ce5539a8a2a273491db985cf3ca1e11f9f79a70c88e33e5ddb8d98
Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution
Posted Jun 13, 2024
Authored by sfewer-r7, Arseniy Sharoglazov | Site metasploit.com

The Rejetto HTTP File Server (HFS) version 2.x is vulnerable to an unauthenticated server side template injection (SSTI) vulnerability. A remote unauthenticated attacker can execute code with the privileges of the user account running the HFS.exe server process. This exploit has been tested to work against version 2.4.0 RC7 and 2.3m. The Rejetto HTTP File Server (HFS) version 2.x is no longer supported by the maintainers and no patch is available. Users are recommended to upgrade to newer supported versions.

tags | exploit, remote, web
SHA-256 | 29d14f6071280a078aaa483b26d55eb3225942a4f52062387eda88f7c815b725
Cacti Import Packages Remote Code Execution
Posted Jun 13, 2024
Authored by EgiX, Christophe de la Fuente | Site metasploit.com

This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The module finally triggers the payload to execute arbitrary PHP code in the context of the user running the web server. Authentication is needed and the account must have access to the Import Packages feature. This is granted by setting the Import Templates permission in the Template Editor section.

tags | exploit, remote, web, arbitrary, php, code execution
advisories | CVE-2024-25641
SHA-256 | f1f588ee0ed499b26894cbffe269abc74a129bb2bc296920c54da9fcdb577639
Lost And Found Information System 1.0 SQL Injection
Posted Jun 13, 2024
Authored by Amit Roy

Lost and Found Information System version 1.0 suffers from an unauthenticated blind boolean-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2024-37857
SHA-256 | 3796699636db1b0ff0332312ce70a691d39ad5fa4910b34b95ffd93614717ad6
Lost And Found Information System 1.0 SQL Injection
Posted Jun 13, 2024
Authored by Amit Roy

Lost and Found Information System version 1.0 suffers from an unauthenticated blind time-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2024-37858
SHA-256 | 7aedced0fdccf4a2850ec7db755dae9b61e52dc3f3c4359c11d7d251b16756f9
Ubuntu Security Notice USN-6819-3
Posted Jun 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6819-3 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.

tags | advisory, remote, denial of service, kernel, tcp, protocol
systems | linux, ubuntu
advisories | CVE-2023-52443, CVE-2023-52444, CVE-2023-52447, CVE-2023-52451, CVE-2023-52452, CVE-2023-52453, CVE-2023-52455, CVE-2023-52457, CVE-2023-52462, CVE-2023-52463, CVE-2023-52465, CVE-2023-52467, CVE-2023-52469, CVE-2023-52472
SHA-256 | 0776ecd3ecb1bfa0399486a67208c24d784625998b8a8fcde961179d780df009
Quick Cart 6.7 Shell Upload
Posted Jun 13, 2024
Authored by Eagle Eye

Quick Cart version 6.7 suffers from a remote shell upload vulnerability provided you have administrative privileges.

tags | exploit, remote, shell
SHA-256 | 581fe13cd639606102deead0404061d9994084c9c56f0a353d0df57a4db1eb44
Quick CMS 6.7 Shell Upload
Posted Jun 13, 2024
Authored by Eagle Eye

Quick CMS version 6.7 suffers from a remote shell upload vulnerability provided you have administrative privileges.

tags | exploit, remote, shell
SHA-256 | f6dded0695b1f07e13e0342870c5c1fa8e258bf6885d7aea79680ada675e04d6
Ubuntu Security Notice USN-6819-2
Posted Jun 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6819-2 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.

tags | advisory, remote, denial of service, kernel, tcp, protocol
systems | linux, ubuntu
advisories | CVE-2023-52443, CVE-2023-52444, CVE-2023-52447, CVE-2023-52451, CVE-2023-52452, CVE-2023-52453, CVE-2023-52455, CVE-2023-52457, CVE-2023-52462, CVE-2023-52463, CVE-2023-52465, CVE-2023-52467, CVE-2023-52469, CVE-2023-52472
SHA-256 | aa4906916aa0bf9376da682c5ed9fb70434203cee9f1f143722bf1febd67513c
Ubuntu Security Notice USN-6822-1
Posted Jun 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6822-1 - It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-32002, CVE-2023-32559
SHA-256 | 56af1cd66722a1eb5f6a693a34869045fe3ef0caa4ecbe64e54e6947bfb6b639
Ubuntu Security Notice USN-6825-1
Posted Jun 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6825-1 - It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 16.04 LTS. It was discovered that ADOdb was incorrectly handling GET parameters in test.php. A remote attacker could possibly use this issue to execute cross-site scripting attacks. This issue only affected Ubuntu 16.04 LTS.

tags | advisory, remote, php, xss, sql injection
systems | linux, ubuntu
advisories | CVE-2016-4855, CVE-2016-7405, CVE-2021-3850
SHA-256 | 01e0f44081269e85a54c1d9b8ba563fa88ee4b62bc5f34527ee8158874e4e2ff
Ubuntu Security Notice USN-6818-2
Posted Jun 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6818-2 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2023-52443, CVE-2023-52444, CVE-2023-52445, CVE-2023-52447, CVE-2023-52448, CVE-2023-52451, CVE-2023-52452, CVE-2023-52453, CVE-2023-52454, CVE-2023-52455, CVE-2023-52457, CVE-2023-52458, CVE-2023-52462, CVE-2023-52465
SHA-256 | 9ba8e27136f85eb9b04e59f45205671bb1e2028060ec6d3762843127fc48c57d
Ubuntu Security Notice USN-6819-1
Posted Jun 10, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6819-1 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.

tags | advisory, remote, denial of service, kernel, tcp, protocol
systems | linux, ubuntu
advisories | CVE-2023-52443, CVE-2023-52444, CVE-2023-52447, CVE-2023-52451, CVE-2023-52452, CVE-2023-52453, CVE-2023-52455, CVE-2023-52457, CVE-2023-52462, CVE-2023-52463, CVE-2023-52465, CVE-2023-52467, CVE-2023-52469, CVE-2023-52472
SHA-256 | 6b5f365e0a9b1cc8353c9a51d4e012a3c1a46a05a4cee68676de2559d30b4103
Ubuntu Security Notice USN-6818-1
Posted Jun 10, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6818-1 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2023-52443, CVE-2023-52444, CVE-2023-52445, CVE-2023-52447, CVE-2023-52448, CVE-2023-52451, CVE-2023-52452, CVE-2023-52453, CVE-2023-52454, CVE-2023-52455, CVE-2023-52457, CVE-2023-52458, CVE-2023-52462, CVE-2023-52465
SHA-256 | 5778214f1c63875a06eab8b9dbcf68eb5655db57ccbc5ef60ce840cca70d6401
FengOffice 3.11.1.2 SQL Injection
Posted Jun 10, 2024
Authored by Andrey Stoykov

FengOffice version 3.11.1.2 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a4d631d58217a0dbbc02735845f2ba3b26d4f99ae6e147a480b6f0cfcdae05fe
TOR Virtual Network Tunneling Tool 0.4.8.12
Posted Jun 7, 2024
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

Changes: This is a minor release with a couple bug fixes affecting conflux and logging.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | ca7cc735d98e3747b58f2f3cc14f804dd789fa0fb333a84dcb6bd70adbb8c874
Ubuntu Security Notice USN-6815-1
Posted Jun 7, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6815-1 - Xiantong Hou discovered that AOM did not properly handle certain malformed media files. If an application using AOM opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-5171
SHA-256 | 80e910962d38b7f16c00d42258bfd72d00fe0cab015c9c76354bd2a370ea916b
Online Pizza Ordering System 1.0 SQL Injection
Posted Jun 7, 2024
Authored by nu11secur1ty

Online Pizza Ordering System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4779d8660b98125c3fe649720e0c8e331e0935c76d7293379573861c152ef646
Apache HugeGraph Remote Command Execution
Posted Jun 7, 2024
Authored by Zeyad Azima | Site github.com

Apache HugeGraph versions 1.0.0 and up to 1.3.0 suffer from a remote command execution vulnerability. This is a scanner to test for the issue.

tags | exploit, remote
advisories | CVE-2024-27348
SHA-256 | 2da7b7db312152e7f8d43108b01c9d28475a2efb737d997cb17ecf61ecf426e7
Ubuntu Security Notice USN-6814-1
Posted Jun 6, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6814-1 - Xiantong Hou discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-5197
SHA-256 | ce0d520cb7efd588f6023aee556334615a1e00bb61a4443130c95977885c315e
Boelter Blue System Management 1.3 SQL Injection
Posted Jun 6, 2024
Authored by CBKB, R4d1x, deadlydata

Boelter Blue System Management version 1.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2024-36840
SHA-256 | 917739d6afb77dcac7944f4ed60c30a8bd822c6157648f7b8b4cf3cf96b2b92a
Ubuntu Security Notice USN-6807-1
Posted Jun 6, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6807-1 - It was discovered that FRR incorrectly handled certain network traffic. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. Ben Cartwright-Cox discovered that FRR incorrectly handled certain network traffic. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-26126, CVE-2022-26128, CVE-2022-26129, CVE-2022-37032, CVE-2023-31490, CVE-2023-38406, CVE-2023-38407, CVE-2023-38802, CVE-2023-46753, CVE-2023-47234
SHA-256 | e84321e9c997dd1555d5ed0b1a57427bd687c4f9d0566b5008aa671cedb9de1a
Page 1 of 1,262
Back12345Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close