exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2021-01-08

Backdoor.Win32.NinjaSpy.c MVID-2021-0018 Remote Stack Buffer Overflow
Posted Jan 8, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.NinjaSpy.c suffers from a remote stack buffer overflow vulnerability. The specimen drops a DLL named "cmd.dll" under C:\WINDOWS\ which listens on both TCP ports 2003 and 2004. By sending consecutive HTTP PUT requests with large payloads of characters, we can cause buffer overflow.

tags | exploit, remote, web, overflow, tcp
systems | windows
SHA-256 | 400bc171e968496bf6805e3f0060696d5ec13c5f875efa99884bbebe00d20df4
WordPress wpDiscuz 7.0.4 Shell Upload
Posted Jan 8, 2021
Authored by Hoa Nguyen, Chloe Chamberland | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.

tags | exploit, remote, arbitrary, php, code execution, file upload
SHA-256 | 187052df5b77471af6ad467ad2dc057df0f9c9a641dd2c9d116e4f60896dcc30
Backdoor.Win32.Xtreme.yvp MVID-2021-0017 Insecure Permissions / Privilege Escalation
Posted Jan 8, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Xtreme.yvp malware suffers from an insecure permissions vulnerability that can allow for privilege escalation.

tags | exploit
systems | windows
SHA-256 | d669ec11f5f4683946716bc09419f2d27c2862ffea1aea535846c71ffaa01d1f
Cockpit 234 Server-Side Request Forgery
Posted Jan 8, 2021
Authored by Metin Yunus Kandemir

Cockpit version 234 suffers from an unauthenticated server-side request forgery vulnerability.

tags | exploit
SHA-256 | 7d5320612c3c2171833bc0f579b2434057c4c62e25ce3e66372baa4bc0bb0e83
Backdoor.Win32.Agent.dcbh MVID-2021-0016 Insecure Permissions / Privilege Escalation
Posted Jan 8, 2021
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Agent.dcbh malware suffers from an insecure permissions vulnerability that can allow for privilege escalation.

tags | exploit
systems | windows
SHA-256 | 65b717d008ad928996743eba63917d1ee7bd2a3706dde18975d4feeabd4b5f35
Online Doctor Appointment System 1.0 Cross Site Scripting
Posted Jan 8, 2021
Authored by Mohamed Habib Smidi

Online Doctor Appointment System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 4e72a82ccdf12e6453817b1ea3a0470883ee32884e94f262834e0420bd9d8b1a
Practical PHP Security
Posted Jan 8, 2021
Authored by Andrey Stoykov

Whitepaper called Practical PHP Security.

tags | paper, php
SHA-256 | 197e4ac0326bbfca74f1394ddd7a80a6c26652441548adc45d5fc3339e7c5fd7
dnsrecon 0.10.0 CSV Injection
Posted Jan 8, 2021
Authored by Dolev Farhi

dnsrecon version 0.10.0 suffers from a CSV injection vulnerability.

tags | exploit
SHA-256 | 2484de16c6549b81343bb9a0ce48244d651f1fbae9b77711eac1a70a6d6494b6
Ubuntu Security Notice USN-4687-1
Posted Jan 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4687-1 - A use-after-free was discovered in Firefox when handling SCTP packets. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-16044
SHA-256 | f6f6d4bb80647327a6de7e815de26093fdd003e58d138ef1b1dd715a7afd3f48
ECSIMAGING PACS 6.21.5 SQL Injection
Posted Jan 8, 2021
Authored by shoxxdj

ECSIMAGING PACS version 6.21.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ec26b638120831f7b4b2f8afd063f96eb0f5169a9cf988f5550e0348cb1de0b6
Curfew e-Pass Management System 1.0 Cross Site Scripting
Posted Jan 8, 2021
Authored by Arnav Tripathy

Curfew e-Pass Management System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 05f9bfd9d48cf362268b8ffe1871911c831f3b3d39c1748e99d606ffeb84261d
OX App Suite / OX Documents 7.10.x XSS / SSRF
Posted Jan 8, 2021
Authored by Martin Heiland, notoriousrip, Stuart Redman

OX App Suite and OX Documents suffer from server-side request forgery and multiple cross site scripting vulnerabilities. Various versions are affected including 7.10.4 and 7.10.3.

tags | exploit, vulnerability, xss
advisories | CVE-2020-24700, CVE-2020-24701
SHA-256 | ba8c16584bc43d579279e941f2d796ec74153f6debe5a7df85b435f86196a43c
Cockpit CMS Remote Code Execution
Posted Jan 8, 2021
Authored by Rafael Resende

Cockpit CMS versions prior to 0.6.1 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 99acfe128fe581918e0f3dd4c9856740d5d3ff47b96b2b1f9ff3f56b072adaac
Life Insurance Management System 1.0 Cross Site Scripting
Posted Jan 8, 2021
Authored by Arnav Tripathy

Life Insurance Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | d11e7072e6f0bb447cf8aa647cf3bec6d19972eca9cfab38a82236c922416965
WordPress Autoptimize Shell Upload
Posted Jan 8, 2021
Authored by Hoa Nguyen, Thien Ngo, Khanh Nguyen | Site metasploit.com

WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.

tags | exploit, remote, arbitrary, shell, php, code execution
advisories | CVE-2020-24948
SHA-256 | 6976952649b949f1c677f4557fec06bb177e699a8fe16b809dfddb9cd2ec1b25
Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal
Posted Jan 8, 2021
Authored by SunCSR, Hoa Nguyen, 0rich1 | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink version 1.11.0.

tags | exploit
advisories | CVE-2020-17519
SHA-256 | 79df4302ec4ea436f7e67026dddc838b8aa4610460bb6f8baa402ecd0a91ba4d
Employee Record System 1.0 Shell Upload
Posted Jan 8, 2021
Authored by Saeed Bala Ahmed

Employee Record System version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 1f4a5de2446758fa6b5567e6d7538a9f646130b6562a5f45e210b83df76a14a3
iBall-Baton WRA150N File Disclosure
Posted Jan 8, 2021
Authored by h4cks1n

iBall-Baton WRA150N Rom-0 backup suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | a51ab5d5d288d862c7866e1eea33c4dcaf1a599a08d3e7c2b27ace50bbe64e9a
Ethical Hacking And Penetration Testing Guide
Posted Jan 8, 2021
Authored by Furkan Enes Polatoglu

Whitepaper called Ethical Hacking and Penetration Testing Guide. Written in Turkish.

tags | paper
SHA-256 | 731b7b5c2b743defdfcad78b3cb602b5d27ec0cdccd13f1989fb47027ac5ee92
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close