exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2019-03-15

Webmin 1.900 Upload Authenticated Remote Command Execution
Posted Mar 15, 2019
Authored by Ozkan Mustafa Akkus, Ziconius | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes (proc) privilege is set the user can accurately determine which directory to upload to. Webmin application files can be written/overwritten, which allows remote code execution. The module has been tested successfully with Webmin 1.900 on Ubuntu v18.04.

tags | exploit, remote, arbitrary, root, code execution
systems | linux, ubuntu
SHA-256 | cb30da254f071764bf5594bfe148a729f959e85798593b2141d4d5c66b873f67
BMC Patrol Agent Privilege Escalation / Command Execution
Posted Mar 15, 2019
Authored by b0yd | Site metasploit.com

This Metasploit module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verifies that the password of the provided user is correct. This also means if the software is running on a domain controller, it can be used to escalate from a normal domain user to domain admin as SYSTEM on a DC is DA. **WARNING** The windows version of this exploit uses powershell to execute the payload. The powershell version tends to timeout on the first run so it may take multiple tries.

tags | exploit, remote
systems | windows
advisories | CVE-2018-20735
SHA-256 | 98f98bd33a671db2ff8429f69a71fe6eaaaef83479578981b7f8a5a1b68913aa
Fujitsu LX901 GK900 Keystroke Injection
Posted Mar 15, 2019
Authored by Matthias Deeg | Site syss.de

SySS GmbH found out that the wireless desktop set Fujitsu LX901 is vulnerable to keystroke injection attacks by sending unencrypted data packets with the correct packet format to the receiver (USB dongle).

tags | advisory
SHA-256 | 555e9592017214071d19547d41a4cd74d3f40548f4da4cae61826dbe7096f255
VMware Security Advisory 2019-0003
Posted Mar 15, 2019
Authored by VMware | Site vmware.com

VVMware Security Advisory 2019-0003 - VMware Horizon update addresses Connection Server an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2019-5513
SHA-256 | 7b205eda12fcc1972d7aa2e6bd927406e4d8543c2a4a0949cf97e6713a6981d7
VMware Security Advisory 2019-0002
Posted Mar 15, 2019
Authored by VMware | Site vmware.com

VMware Security Advisory 2019-0002 - VMware Workstation update addresses elevation of privilege issues.

tags | advisory
advisories | CVE-2019-5511, CVE-2019-5512
SHA-256 | e76e88071eec3efb2650ac8cc53a45d5647e3662fc94acac92fb925da7e8cf71
Moodle 3.4.1 Remote Code Execution
Posted Mar 15, 2019
Authored by Darryn Ten

Moodle version 3.4.1 remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2018-1133
SHA-256 | c7b3442c281584a424f874ce9e4379c907c051aa41899073b810f31eed5a2174
Mail Carrier 2.5.1 Buffer Overflow
Posted Mar 15, 2019
Authored by Joseph McDonagh

Mail Carrier version 2.5.1 suffers from a MAIL FROM buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | fa94e50e2485b506801d6f992c1e86c411a78cbb6e2d4395b32275f97b75867b
ICE HRM 23.0 SQL / Iframe Injection
Posted Mar 15, 2019
Authored by Mehmet Emiroglu

ICE HRM version 23.0 suffers from remote SQL injection and iframe injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 271468ab32bd1af6952dfc72ac3a9cc0ff13f868a1f8c61c3d959288f5e41ac0
CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload
Posted Mar 15, 2019
Authored by Daniele Scanu

CMS Made Simple Showtime2 module version 3.6.2 suffers from an authenticated arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-9692
SHA-256 | fa20c0dbf5abddd0ecf04e638c87694a61d978bf9edf8380b83ae038d3fe85d9
Vembu Storegrid Web Interface 4.4.0 Cross Site Scripting / Information Disclosure
Posted Mar 15, 2019
Authored by Gionathan Reale

Vembu Storegrid Web Interface version 4.4.0 suffers from cross site scripting and information leakage vulnerabilities.

tags | exploit, web, vulnerability, xss, info disclosure
SHA-256 | 485bbcad6d11b203886c8c7af37fff9950488d4dd0ec1a846a40cd4dc7482a6a
NetData 1.13.0 HTML Injection
Posted Mar 15, 2019
Authored by Marcelo Vazquez

NetData versions 1.13.0 and below suffer from an html injection vulnerability.

tags | exploit
SHA-256 | e4421c08e04764a176d6a020cf1ed805e7e2ddd2b6de19a9bd5c2d46229262cd
Laundry CMS SQL / Iframe Injection
Posted Mar 15, 2019
Authored by Mehmet Emiroglu

Laundry CMS suffers from remote SQL injection and iframe injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 4412dd67bae98f1d3bbcb70253b472b8cf017a7fb762fa340b484fee624a54ec
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close