what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 181 RSS Feed

Files

Packet Storm New Exploits For April, 2018
Posted May 3, 2018
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 181 exploits added to Packet Storm in April, 2018.

tags | exploit
SHA-256 | bc3719c08cc1b48d37e0b2a45f2437d2d9cb917f0865186bbb585f00e5fb6bc8
Nagios XI 5.x Chained Remote Root
Posted Apr 30, 2018
Authored by Benny Husted, Cale Smith, Jared Arave

Nagios XI versions 5.2.6 up to 5.2.9, 5.3, and 5.4 chained remote root exploit.

tags | exploit, remote, root
advisories | CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736
SHA-256 | bb9a9ca26635c2779d5e4662eab43b6b113e781b49058727e94049827cb3f59a
Drupalgeddon3 Remote Code Execution
Posted Apr 30, 2018
Authored by SixP4ck3r, Blaklis | Site metasploit.com

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site Which could result in the site being compromised.

tags | exploit, remote, code execution
advisories | CVE-2018-7602
SHA-256 | b0abf565098b8777e0d1cb55c10243c19f5eca120fbd94d0bd859d9183c69fed
WordPress Form Maker 1.12.20 CSV Injection
Posted Apr 30, 2018
Authored by Jetty Sairam

WordPress Form Maker plugin version 1.12.20 suffers from a CSV injection vulnerability.

tags | exploit
advisories | CVE-2018-10504
SHA-256 | d3433e864efed7826544d650bf5577a79699c12863a7bbc9bd00e952b50c4c2d
Cockpit CMS 0.5.5 Server-Side Request Forgery
Posted Apr 28, 2018
Authored by Jiawang Zhang, Qian Wu, Bo Wang

Cockpit CMS versions 0.4.4 through 0.5.5 suffer from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2017-14611, CVE-2018-9302
SHA-256 | 877fb3147fad9053c21d2ae76bcbba82752af4be9b3e9a70fa171c8a6b4a756e
Blackboard Learn Open Redirect
Posted Apr 27, 2018
Authored by Ethan Sweet

Blackboard Learn suffers from an open redirection vulnerability.

tags | exploit
advisories | CVE-2017-18262
SHA-256 | babf5d4124d851a4e9d66c658de82f2eca5512ae3986075bd6ee247d9c1f3cd9
Test Your IQ 1.1 SQL Injection
Posted Apr 27, 2018
Authored by ShanoWeb

Test Your IQ version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a29c97213b587870f1a5a4337f9f37c2bde8036f8ff2c0bcb06223176c8044f5
Frog CMS 0.9.5 Cross Site Scripting
Posted Apr 27, 2018
Authored by Wenming Jiang

Frog CMS version 0.9.5 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-10321
SHA-256 | 27e5740009e2c00b14ca3eed6da446e7f27908f8557acdab701bcf00d0b42f39
Navicat Oracle Connection Overflow
Posted Apr 27, 2018
Authored by Kevin McGuigan

Navicat versions prior to 12.0.27 suffer from an oracle connection overflow vulnerability.

tags | exploit, overflow
SHA-256 | 8d035b1e096be2a42ad3e4c182c90e91021be26b95e6eb871a04a9cc4a24f909
TP-Link Technologies TL-WA850RE Wi-Fi Range Extender Unauthorized Remote Reboot
Posted Apr 27, 2018
Authored by Wadeek

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender suffers from an unauthorized remote reboot vulnerability.

tags | exploit, remote
SHA-256 | 970a5397e04acea93596c1622e954fa7cc0a100eb23d4a5bf1fa9ecac096aba5
Drupal Drupalgeddon 2 Forms API Property Injection
Posted Apr 26, 2018
Authored by FireFart, wvu, Nixawk, a2u, Jasper Mattsson | Site metasploit.com

This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable.

tags | exploit
advisories | CVE-2018-7600
SHA-256 | d8e06fe66e7a7c70257d472a150741719f1392fb6c548c25bee9d61d4f3a78cd
GitList 0.6 Remote Code Execution
Posted Apr 26, 2018
Authored by Kacper Szurek

GitList version 0.6 unauthenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | 0dd6d31c236e339ea46cf2a96afd06f86a7c41ebbaa4e592b132cc48869c6f13
Google Chrome V8 AwaitedPromise Update Bug
Posted Apr 26, 2018
Authored by Google Security Research, lokihardt

Google Chrome V8 Await methods call ResolveNativePromise which calls InternalResolvePromise which can invoke a user JavaScript code through a "then" getter. If the AwaitedPromise is replaced by the user script, the AwaitedPromise will be immediately overwritten after the call to Await, this may lead the generator to an incorrect state.

tags | exploit, javascript
advisories | CVE-2018-6106
SHA-256 | 78b2c24ff6a8f61df29a3ac781ec2f32f86061d57afb7512f75393705b8644f1
HRSALE The Ultimate HRM 1.0.2 Cross Site Scripting
Posted Apr 26, 2018
Authored by 8bitsec

HRSALE The Ultimate HRM version 1.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-10259
SHA-256 | 8dbe06a437c757977d1e7e6fff47c5afc2c86bf0606b007b7b8ec40b4dc8df01
HRSALE The Ultimate HRM 1.0.2 Local File Inclusion
Posted Apr 26, 2018
Authored by 8bitsec

HRSALE The Ultimate HRM version 1.0.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2018-10260
SHA-256 | 5772c8ea23208440a6468e45bb2ba8d98e1bb327e63a9e3a03be53512f1a46d0
Drupal drupgeddon3 Remote Code Execution
Posted Apr 26, 2018
Authored by Blaklis

This is a simple proof of concept exploit for Drupal versions prior to 7.58 that demonstrate the drupalgeddon3 authenticated remote code execution vulnerability.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2018-7602
SHA-256 | 083d892c5eba86d29cd75e8b8e8af90103d767eb04a11f57033b9dd9088214a0
Jfrog Artifactory Code Execution / Shell Upload
Posted Apr 26, 2018
Authored by Alessio Sergi

Jfrog Artifactory versions prior to 4.16 suffer from unauthenticated arbitrary file upload and remote command execution vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, file upload
advisories | CVE-2016-10036
SHA-256 | 152a825b4c3e4e8481acf58c79f6c1d359fdb42bc26f7d136ab8976ae360c2d7
WordPress WP With Spritz 1.0 File Inclusion
Posted Apr 26, 2018
Authored by Wadeek

WordPress WP with Spritz plugin version 1.0 suffers from local and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
SHA-256 | c6986cfbd78a92dae5c9a05da5db76c918141c17da17231a3ab998a61b73258d
SickRage Credential Disclosure
Posted Apr 26, 2018
Authored by Sven Fassbender

SickRage versions prior to 2018.03.09 return clear-text credentials in HTTP responses.

tags | exploit, web, info disclosure
advisories | CVE-2018-9160
SHA-256 | 4eca74b6076c68ef8dfaed89847067aaacb96f5e62b6e0dd9c02340a7fcaca16
October CMS User 1.4.5 Cross Site Scripting
Posted Apr 26, 2018
Authored by 0xB9

October CMS User plugin version 1.4.5 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-10366
SHA-256 | 2542351c0db2686c16ac211c741d58a6096bc2da3e0f49b94409072994f16c19
hik-connect.com / ezvizlife.com Authentication Bypass
Posted Apr 26, 2018
Authored by Vangelis Stykas, George Lavdanis

A lack of validation on cookie values allows you to login as any user on hik-connect.com and ezvizlife.com.

tags | exploit, bypass
SHA-256 | 640d9d5b8ed635a745527703397776a5bb9f02ecdcb9b198beddb96116636e81
Sitecore.NET 8.1 Directory Traversal
Posted Apr 26, 2018
Authored by Chris Moberly

Sitecore.NET version 8.1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-7669
SHA-256 | e4a706da6b29b62366f1ed365cb9f34fa7a8c59a749e0d003d626c959eb95de6
HRSALE The Ultimate HRM 1.0.2 SQL Injection
Posted Apr 26, 2018
Authored by 8bitsec

HRSALE The Ultimate HRM version 1.0.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2018-10256
SHA-256 | 59325a4cf4859ff56febfa34f3bbcd6b4a95112c26ef20b9ab6610f87c0822b2
HRSALE The Ultimate HRM 1.0.2 CSV Injection
Posted Apr 26, 2018
Authored by 8bitsec

HRSALE The Ultimate HRM version 1.0.2 suffers from a CSV injection vulnerability.

tags | exploit
advisories | CVE-2018-10257
SHA-256 | 1687a963043763348cd13d727463d2d3beb849e67926c5d0b6a37617f97f7773
Blog Master Pro 1.0 CSV Injection
Posted Apr 26, 2018
Authored by 8bitsec

Blog Master Pro version 1.0 suffers from a CSV injection vulnerability.

tags | exploit
advisories | CVE-2018-10255
SHA-256 | f7fc3381ec61ed7adcf8a5a10586722b9f109264dc4e27d6d064e9358cb059a3
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Microsoft Power Pages Misconfigurations Exposing Sensitive Data
Posted Nov 15, 2024

tags | headline, privacy, microsoft, data loss
Man Gets 5 Years For Laundering Crypto From Bitfinex Hack
Posted Nov 15, 2024

tags | headline, hacker, data loss, fraud, cryptography
Five Eyes Infosec Agencies List 2024's Most Exploited Software Flaws
Posted Nov 14, 2024

tags | headline, government, usa, canada, britain, australia, flaw, new zealand
CISA, FBI Confirm China Hacked Telecoms To Spy
Posted Nov 14, 2024

tags | headline, government, privacy, usa, phone, china, data loss, cyberwar, spyware, backdoor
Two Men Charged For Hacking US Tax Preparation Firms
Posted Nov 14, 2024

tags | headline, hacker, privacy, usa, fraud, identity theft
Iranian Threat Group Targets Aerospace Workers With Fake Job Lures
Posted Nov 14, 2024

tags | headline, hacker, fraud, phish, iran
Air National Guardsman Gets 15 Years For Leaking Docs On Discord
Posted Nov 13, 2024

tags | headline, government, usa, data loss, military
Citrix, Cisco, Fortinet Zero-Days Among 2023's Most Exploited Vulnerabilities
Posted Nov 13, 2024

tags | headline, hacker, flaw, cisco, zero day
Ivanti Patches 50 Vulnerabilities Across Several Products
Posted Nov 13, 2024

tags | headline, flaw, patch
Intel And AMD Have Released Many Advisories
Posted Nov 13, 2024

tags | headline, flaw, patch, intel
View More News →
packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close