Showing 1 - 25 of 181

Files

Packet Storm New Exploits For April, 2018: Posted May 3, 2018; Authored by Todd J. | Site packetstormsecurity.com; This archive contains all of the 181 exploits added to Packet Storm in April, 2018.; tags | exploit; SHA-256 | bc3719c08cc1b48d37e0b2a45f2437d2d9cb917f0865186bbb585f00e5fb6bc8; Download | Favorite | View

Nagios XI 5.x Chained Remote Root: Posted Apr 30, 2018; Authored by Benny Husted, Cale Smith, Jared Arave; Nagios XI versions 5.2.6 up to 5.2.9, 5.3, and 5.4 chained remote root exploit.; tags | exploit, remote, root; advisories | CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736; SHA-256 | bb9a9ca26635c2779d5e4662eab43b6b113e781b49058727e94049827cb3f59a; Download | Favorite | View

Drupalgeddon3 Remote Code Execution: Posted Apr 30, 2018; Authored by SixP4ck3r, Blaklis | Site metasploit.com; A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site Which could result in the site being compromised.; tags | exploit, remote, code execution; advisories | CVE-2018-7602; SHA-256 | b0abf565098b8777e0d1cb55c10243c19f5eca120fbd94d0bd859d9183c69fed; Download | Favorite | View

WordPress Form Maker 1.12.20 CSV Injection: Posted Apr 30, 2018; Authored by Jetty Sairam; WordPress Form Maker plugin version 1.12.20 suffers from a CSV injection vulnerability.; tags | exploit; advisories | CVE-2018-10504; SHA-256 | d3433e864efed7826544d650bf5577a79699c12863a7bbc9bd00e952b50c4c2d; Download | Favorite | View

Cockpit CMS 0.5.5 Server-Side Request Forgery: Posted Apr 28, 2018; Authored by Jiawang Zhang, Qian Wu, Bo Wang; Cockpit CMS versions 0.4.4 through 0.5.5 suffer from a server-side request forgery vulnerability.; tags | exploit; advisories | CVE-2017-14611, CVE-2018-9302; SHA-256 | 877fb3147fad9053c21d2ae76bcbba82752af4be9b3e9a70fa171c8a6b4a756e; Download | Favorite | View

Blackboard Learn Open Redirect: Posted Apr 27, 2018; Authored by Ethan Sweet; Blackboard Learn suffers from an open redirection vulnerability.; tags | exploit; advisories | CVE-2017-18262; SHA-256 | babf5d4124d851a4e9d66c658de82f2eca5512ae3986075bd6ee247d9c1f3cd9; Download | Favorite | View

Test Your IQ 1.1 SQL Injection: Posted Apr 27, 2018; Authored by ShanoWeb; Test Your IQ version 1.1 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | a29c97213b587870f1a5a4337f9f37c2bde8036f8ff2c0bcb06223176c8044f5; Download | Favorite | View

Frog CMS 0.9.5 Cross Site Scripting: Posted Apr 27, 2018; Authored by Wenming Jiang; Frog CMS version 0.9.5 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2018-10321; SHA-256 | 27e5740009e2c00b14ca3eed6da446e7f27908f8557acdab701bcf00d0b42f39; Download | Favorite | View

Navicat Oracle Connection Overflow: Posted Apr 27, 2018; Authored by Kevin McGuigan; Navicat versions prior to 12.0.27 suffer from an oracle connection overflow vulnerability.; tags | exploit, overflow; SHA-256 | 8d035b1e096be2a42ad3e4c182c90e91021be26b95e6eb871a04a9cc4a24f909; Download | Favorite | View

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender Unauthorized Remote Reboot: Posted Apr 27, 2018; Authored by Wadeek; TP-Link Technologies TL-WA850RE Wi-Fi Range Extender suffers from an unauthorized remote reboot vulnerability.; tags | exploit, remote; SHA-256 | 970a5397e04acea93596c1622e954fa7cc0a100eb23d4a5bf1fa9ecac096aba5; Download | Favorite | View

Drupal Drupalgeddon 2 Forms API Property Injection: Posted Apr 26, 2018; Authored by FireFart, wvu, Nixawk, a2u, Jasper Mattsson | Site metasploit.com; This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable.; tags | exploit; advisories | CVE-2018-7600; SHA-256 | d8e06fe66e7a7c70257d472a150741719f1392fb6c548c25bee9d61d4f3a78cd; Download | Favorite | View

GitList 0.6 Remote Code Execution: Posted Apr 26, 2018; Authored by Kacper Szurek; GitList version 0.6 unauthenticated remote code execution exploit.; tags | exploit, remote, code execution; SHA-256 | 0dd6d31c236e339ea46cf2a96afd06f86a7c41ebbaa4e592b132cc48869c6f13; Download | Favorite | View

Google Chrome V8 AwaitedPromise Update Bug: Posted Apr 26, 2018; Authored by Google Security Research, lokihardt; Google Chrome V8 Await methods call ResolveNativePromise which calls InternalResolvePromise which can invoke a user JavaScript code through a "then" getter. If the AwaitedPromise is replaced by the user script, the AwaitedPromise will be immediately overwritten after the call to Await, this may lead the generator to an incorrect state.; tags | exploit, javascript; advisories | CVE-2018-6106; SHA-256 | 78b2c24ff6a8f61df29a3ac781ec2f32f86061d57afb7512f75393705b8644f1; Download | Favorite | View

HRSALE The Ultimate HRM 1.0.2 Cross Site Scripting: Posted Apr 26, 2018; Authored by 8bitsec; HRSALE The Ultimate HRM version 1.0.2 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2018-10259; SHA-256 | 8dbe06a437c757977d1e7e6fff47c5afc2c86bf0606b007b7b8ec40b4dc8df01; Download | Favorite | View

HRSALE The Ultimate HRM 1.0.2 Local File Inclusion: Posted Apr 26, 2018; Authored by 8bitsec; HRSALE The Ultimate HRM version 1.0.2 suffers from a local file inclusion vulnerability.; tags | exploit, local, file inclusion; advisories | CVE-2018-10260; SHA-256 | 5772c8ea23208440a6468e45bb2ba8d98e1bb327e63a9e3a03be53512f1a46d0; Download | Favorite | View

Drupal drupgeddon3 Remote Code Execution: Posted Apr 26, 2018; Authored by Blaklis; This is a simple proof of concept exploit for Drupal versions prior to 7.58 that demonstrate the drupalgeddon3 authenticated remote code execution vulnerability.; tags | exploit, remote, code execution, proof of concept; advisories | CVE-2018-7602; SHA-256 | 083d892c5eba86d29cd75e8b8e8af90103d767eb04a11f57033b9dd9088214a0; Download | Favorite | View

Jfrog Artifactory Code Execution / Shell Upload: Posted Apr 26, 2018; Authored by Alessio Sergi; Jfrog Artifactory versions prior to 4.16 suffer from unauthenticated arbitrary file upload and remote command execution vulnerabilities.; tags | exploit, remote, arbitrary, vulnerability, file upload; advisories | CVE-2016-10036; SHA-256 | 152a825b4c3e4e8481acf58c79f6c1d359fdb42bc26f7d136ab8976ae360c2d7; Download | Favorite | View

WordPress WP With Spritz 1.0 File Inclusion: Posted Apr 26, 2018; Authored by Wadeek; WordPress WP with Spritz plugin version 1.0 suffers from local and remote file inclusion vulnerabilities.; tags | exploit, remote, local, vulnerability, code execution, file inclusion; SHA-256 | c6986cfbd78a92dae5c9a05da5db76c918141c17da17231a3ab998a61b73258d; Download | Favorite | View

SickRage Credential Disclosure: Posted Apr 26, 2018; Authored by Sven Fassbender; SickRage versions prior to 2018.03.09 return clear-text credentials in HTTP responses.; tags | exploit, web, info disclosure; advisories | CVE-2018-9160; SHA-256 | 4eca74b6076c68ef8dfaed89847067aaacb96f5e62b6e0dd9c02340a7fcaca16; Download | Favorite | View

October CMS User 1.4.5 Cross Site Scripting: Posted Apr 26, 2018; Authored by 0xB9; October CMS User plugin version 1.4.5 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2018-10366; SHA-256 | 2542351c0db2686c16ac211c741d58a6096bc2da3e0f49b94409072994f16c19; Download | Favorite | View

hik-connect.com / ezvizlife.com Authentication Bypass: Posted Apr 26, 2018; Authored by Vangelis Stykas, George Lavdanis; A lack of validation on cookie values allows you to login as any user on hik-connect.com and ezvizlife.com.; tags | exploit, bypass; SHA-256 | 640d9d5b8ed635a745527703397776a5bb9f02ecdcb9b198beddb96116636e81; Download | Favorite | View

Sitecore.NET 8.1 Directory Traversal: Posted Apr 26, 2018; Authored by Chris Moberly; Sitecore.NET version 8.1 suffers from a directory traversal vulnerability.; tags | exploit, file inclusion; advisories | CVE-2018-7669; SHA-256 | e4a706da6b29b62366f1ed365cb9f34fa7a8c59a749e0d003d626c959eb95de6; Download | Favorite | View

HRSALE The Ultimate HRM 1.0.2 SQL Injection: Posted Apr 26, 2018; Authored by 8bitsec; HRSALE The Ultimate HRM version 1.0.2 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; advisories | CVE-2018-10256; SHA-256 | 59325a4cf4859ff56febfa34f3bbcd6b4a95112c26ef20b9ab6610f87c0822b2; Download | Favorite | View

HRSALE The Ultimate HRM 1.0.2 CSV Injection: Posted Apr 26, 2018; Authored by 8bitsec; HRSALE The Ultimate HRM version 1.0.2 suffers from a CSV injection vulnerability.; tags | exploit; advisories | CVE-2018-10257; SHA-256 | 1687a963043763348cd13d727463d2d3beb849e67926c5d0b6a37617f97f7773; Download | Favorite | View

Blog Master Pro 1.0 CSV Injection: Posted Apr 26, 2018; Authored by 8bitsec; Blog Master Pro version 1.0 suffers from a CSV injection vulnerability.; tags | exploit; advisories | CVE-2018-10255; SHA-256 | f7fc3381ec61ed7adcf8a5a10586722b9f109264dc4e27d6d064e9358cb059a3; Download | Favorite | View

Page 1 of 8 Back 1 2 3 4 5 Next

Top Authors In Last 30 Days

Red Hat 276 files
Ubuntu 65 files
Debian 25 files
Gentoo 16 files
LiquidWorm 10 files
nu11secur1ty 5 files
kai6u 3 files
Adam Gowdiak 3 files
liquidsky 3 files
gabe_k 3 files

Files

Top Authors In Last 30 Days

Recent News