exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 52,718 RSS Feed

Exploit Files

Event Management 1.0 SQL Injection
Posted Mar 28, 2024
Authored by SoSPiro

Event Management version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5135d01cd318616d2a8b1711363d2378d7b2686ffcd1083f2936d0248e4164fd
util-linux wall Escape Sequence Injection
Posted Mar 28, 2024
Authored by Skyler Ferrante

The util-linux wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and wall is setgid. CentOS is not vulnerable since wall is not setgid. On Ubuntu 22.04 and Debian Bookworm, wall is both setgid and mesg is set to y by default.

tags | exploit, arbitrary
systems | linux, debian, ubuntu, centos
advisories | CVE-2024-28085
SHA-256 | c3644f61b4f68f9fafd4782ffb69bd4b73d2b6ff8ac981711c3329c0a8408077
Circontrol Raption Buffer Overflow / Command Injection
Posted Mar 28, 2024
Authored by Dariusz Gonda, Abert Spruyt, Alex Salvetti

The server in Circontrol Raption versions through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection.

tags | exploit, web, overflow, root
advisories | CVE-2020-8006, CVE-2020-8007
SHA-256 | 2a13323836730c890a63f333a24fcfb62637513c16193386327b7be986133bb0
FusionPBX Session Fixation
Posted Mar 28, 2024
Authored by Yogesh Bhandage

FusionPBX suffers from a session fixation vulnerability.

tags | exploit
SHA-256 | 80babf076c9e7398fb72180f2da01bce706e004dd86503ce23c6645034cb5d21
Dell Security Management Server Privilege Escalation
Posted Mar 28, 2024
Authored by Amirhossein Bahramizadeh

Dell Security Management Server versions prior to 11.9.0 suffer from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2023-32479
SHA-256 | 265530e02c210729e3640de0f5f23192ea5b21cae936f5ed87be61a93898f695
Purei CMS 1.0 SQL Injection
Posted Mar 28, 2024
Authored by Number 7

Purei CMS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 49145a8ded157d117fc08cb54211098512a41f3d792bba94457249d4e633af9c
Workout Journal App 1.0 Cross Site Scripting
Posted Mar 28, 2024
Authored by MURAT CAGRI ALIS

Workout Journal App version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4b4377b2f91858e8fe3f26542f71de50ed7f461bf1202b6e0d6ab51cb382144f
LMS PHP 1.0 SQL Injection
Posted Mar 28, 2024
Authored by nu11secur1ty

LMS PHP version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 049c8de17cf497bf303930585481eadeb964f519906d25f2f09f96d1d4f41c47
Asterisk AMI 18.20.0 File Content / Path Disclosure
Posted Mar 28, 2024
Authored by Sean Pesce

Asterisk AMI version 18.20.0 suffers from authenticated partial file content and path disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
advisories | CVE-2023-49294
SHA-256 | 616b45986a6e97b2ba327758ffa9a1c224a4e92e3b4968de364f6df455139bbc
Siklu MultiHaul TG Series Credential Disclosure
Posted Mar 28, 2024
Authored by semaja2

Siklu MultiHaul TG Series versions prior to 2.0.0 suffer from an unauthenticated credential disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 4bcbd835a57c3cca5d5e02db8c60bf815e9261ff51ef70b5f88a98847262fb47
RouterOS 6.44 / 6.49.10 Denial Of Service
Posted Mar 28, 2024
Authored by Solstice Cyber Solutions, ice-wzl

RouterOS versions 6.40.5 through 6.44 and 6.48.1 through 6.49.10 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2024-27686
SHA-256 | 9b7bae3bbe0ac19177c74574f4b0842856727f5af1b375f506fcf40ac529539d
NodeBB 3.6.7 Broken Access Control
Posted Mar 28, 2024
Authored by Vibhor Sharma

NodeBB version 3.6.7 suffers from a broken access control that lets attackers via data only meant for an administrator.

tags | exploit, info disclosure
SHA-256 | 041c25c9e6a6f39edbd0310972213b33068fbb7cec138cd4aa848275f0af4d90
WinRAR 6.22 Remote Code Execution
Posted Mar 28, 2024
Authored by E1.Coders

WinRAR version 6.22 suffers from a remote code execution vulnerability via a malicious zip archive.

tags | exploit, remote, code execution
advisories | CVE-2023-38831
SHA-256 | c9b468baa4eac879ce098155bfc3889b87ef0d5373ba5a2b473d75bc3f0cb552
Sharepoint Dynamic Proxy Generator Remote Command Execution
Posted Mar 27, 2024
Authored by Jang, jheysel-r7 | Site metasploit.com

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the signature validation check used to verify JSON Web Tokens (JWTs) used for OAuth authentication. If the signing algorithm of the user-provided JWT is set to none, SharePoint skips the signature validation step due to a logic flaw in the ReadTokenCore() method. After impersonating the administrator user, the attacker has access to the Sharepoint API and is able to exploit CVE-2023-24955. This authenticated remote command execution vulnerability leverages the impersonated privileged account to replace the /BusinessDataMetadataCatalog/BDCMetadata.bdcm file in the webroot directory with a payload. The payload is then compiled and executed by Sharepoint allowing attackers to remotely execute commands via the API.

tags | exploit, remote, web, vulnerability
advisories | CVE-2023-24955, CVE-2023-29357
SHA-256 | 3b1724367c87a328eb0a2106c305037f2a413ec6310fe39613f91e443e4e1a9c
WordPress Bricks Builder Theme 1.9.6 Remote Code Execution
Posted Mar 27, 2024
Authored by Valentin Lobstein, Calvin Alkan | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval() function usage within the theme. Successful exploitation allows for full control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2024-25600
SHA-256 | 5a32fb78bdb52593a7f339d7321ec50570d8dc8998da3f4da0c0eaf663f73ac5
Artica Proxy Unauthenticated PHP Deserialization
Posted Mar 27, 2024
Authored by h00die-gr3y, Jaggar Henry | Site metasploit.com

A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.

tags | exploit, remote, web, arbitrary, php, code execution
advisories | CVE-2024-2054
SHA-256 | 769d2d7e8f18e8bd0ce142472f159825e87239bfc4426229f241a00de99425a0
Bludit 3.13.0 Cross Site Scripting
Posted Mar 26, 2024
Authored by Gokhan Sensukur

Bludit version 3.13.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e30c7734bfb11521c11bd57e218e971d8a00d093a2268443b78f2c2f295a3316
Insurance Management System PHP And MySQL 1.0 Cross Site Scripting
Posted Mar 26, 2024
Authored by Hakki Toklu

Insurance Management System PHP and MySQL version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
SHA-256 | 57a616cd0cf4b87402d807007a9cc4baf3849c77c283470d324acd935adbc001
Craft CMS 4.4.14 Remote Code Execution
Posted Mar 26, 2024
Authored by Olivier Lasne

Craft CMS version 4.4.14 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2023-41892
SHA-256 | 6dada91b5125e5cbc3f8d9cb9d59a5f937052241fe1e5481dab19199fced220c
LimeSurvey Community 5.3.32 Cross Site Scripting
Posted Mar 26, 2024
Authored by Subhankar Singh

LimeSurvey Community version 5.3.32 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2024-24506
SHA-256 | a0fc1c6d55d96c794b571df26d967b5cf55a3845f9c967220231741cb99ae87c
Orange Station 1.0 Shell Upload
Posted Mar 26, 2024
Authored by nu11secur1ty

Orange Station version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 5a9f8a0ab40cab9d931909357ed512b4a4e0910b05218556dc4ed1977fa5b4d8
Nagios XI 2024R1.01 SQL Injection
Posted Mar 26, 2024
Authored by Jarod Jaslow

Nagios XI versions 2024R1.01 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2024-24401
SHA-256 | 68cad0f6ebae36d741e3c09fbbc2013acb66e4c861404dd3fb579aa2eaef4245
MobileShop Master 1.0 SQL Injection
Posted Mar 26, 2024
Authored by Hazim Arbas

MobileShop Master version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5382f069d5f87ca82e7aaa55d06e27880b17bfe303bf5c846c032003643ba5ec
LBT-T300-mini1 Buffer Overflow
Posted Mar 26, 2024
Authored by Amirhossein Bahramizadeh

LBT-T300-mini1 suffers from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
SHA-256 | 0d5605d4bf931abe29807024d5f54120a110b26a29b7d0372e0c12e6e2b5b118
Win32.STOP.Ransomware (Smokeloader) MVID-2024-0676 Remote Code Execution
Posted Mar 22, 2024
Authored by malvuln | Site malvuln.com

Win32.STOP.Ransomware (smokeloader) malware suffers from both local and remote code execution vulnerabilities. The remote code execution can be achieved by leveraging a man-in-the-middle attack.

tags | exploit, remote, local, vulnerability, code execution
systems | windows
SHA-256 | 9740a4e0b25da98023aa4b00d3dc186e1ae19f18ff322ffbd1efa8acd634f49a
Page 1 of 2,109
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close