exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 25 of 35

Files Date: 2017-02-24

EasyCom SQL iPlug Denial Of Service

Posted Feb 24, 2017

Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

EasyCom SQL iPlug suffers from a denial of service vulnerability.

tags | exploit, denial of service, sql injection

advisories | CVE-2017-5359

SHA-256 | 8ff75e06d54c1f35232927de23ac06daeac3c8d54ef6bc21733440e1e028b5d8

Download | Favorite | View

EasyCom AS400 PHP API Buffer Overflow

Posted Feb 24, 2017

Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

The EasyCom AS400 (iBMI) PHP API suffers from a buffer overflow vulnerability.

tags | exploit, overflow, php

advisories | CVE-2017-5358

SHA-256 | 6124ed975805675e778436a46121a105d3b644ada5197bdb2d1bbaead544dc13

Download | Favorite | View

tnef 1.4.12 OOB Read / Write / Type Confusions / Integer Overflows

Posted Feb 24, 2017

Authored by Eric Sesterhenn

tnef versions 1.4.12 and below suffer from multiple integer overflows, type confusions, and out of bounds read and write vulnerabilities.

tags | advisory, overflow, vulnerability

SHA-256 | 5705b80ef5130f182eaa09743b3b19d2e17761e1bcc5443fc91394d3bdbe51e3

Download | Favorite | View

Air Transfer 1.2.1 / 1.0.14 Cross Site Scripting

Posted Feb 24, 2017

Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Air Transfer versions 1.2.1 and 1.0.14 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | 4ff3c672752680320d8532a572df100ca60629e149d24ca58f7ba062128a5672

Download | Favorite | View

Microsoft Security Bulletin Summary For February, 2017

Posted Feb 24, 2017

Site microsoft.com

This bulletin summary lists one released Microsoft security bulletin for February, 2017.

tags | advisory

SHA-256 | c10fca7550173686a11a883eb6930a23f50785d3d78916bad5ddf4bdd62390bc

Download | Favorite | View

Norcon Redux Call For Papers

Posted Feb 24, 2017

Authored by CFP NORCON 2017 | Site norcon.info

The Norcon Redux Call For Papers has been announced. It will take place in Chico, California.

tags | paper, conference

SHA-256 | 14e8aefe803297258549025a0c93e5786540f68feb58f01e54aa1465566cb400

Download | Favorite | View

Travel Portal Script 9.37 Cross Site Scripting / SQL Injection

Posted Feb 24, 2017

Authored by Marc Castejon

Travel Portal Script version 9.37 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection

SHA-256 | 7c0a15a3895f367ee356e75fb018aa1102c9b134758f5cd9478c60e258c9a3cd

Download | Favorite | View

Apple Security Advisory 2017-02-21-2

Posted Feb 24, 2017

Authored by Apple | Site apple.com

Apple Security Advisory 2017-02-21-2 - Logic Pro X 10.3.1 is now available and addresses a memory corruption vulnerability.

tags | advisory

systems | apple

advisories | CVE-2017-2374

SHA-256 | 3eed75a7242320f6481a22179eaefd954c54322d7a2947a90ddbefa68b2f94a4

Download | Favorite | View

Apple Security Advisory 2017-02-21-1

Posted Feb 24, 2017

Authored by Apple | Site apple.com

Apple Security Advisory 2017-02-21-1 - GarageBand 10.1.6 is now available and addresses a memory corruption issue.

tags | advisory

systems | apple

advisories | CVE-2017-2374

SHA-256 | 1a5a8e755756dda1db45dd85aee82fc3cf7d4f874e1f54dad06b2fd61d006d03

Download | Favorite | View

Sonicwall SRA 8.1.0.2-14sv viewcert.cgi Remote Command Execution

Posted Feb 24, 2017

Authored by Russell Sanford | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in the Sonicwall SRA Appliance versions 8.1.0.2-14sv and below. The vulnerability exists in a section of the machine's administrative interface for performing configurations related to on-connect scripts to be launched for users connecting.

tags | exploit, remote

SHA-256 | ee018dd39831a98879da701a3b32d457caca08abf9e8f7998865190e3fb7e893

Download | Favorite | View

Sonicwall SRA 8.1.0.2-14sv Remote Command Execution

Posted Feb 24, 2017

Authored by Russell Sanford | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in the Sonicwall SRA Appliance versions 8.1.0.2-14sv and below. The vulnerability exists in a section of the machine's administrative interface for performing configurations related to on-connect scripts to be launched for users connecting.

tags | exploit, remote

advisories | CVE-2016-9683

SHA-256 | e5debce7ddf1f32b39ab4ebafe3798788f7bac257c170fec0012a53ab9729588

Download | Favorite | View

Cloudflare Memory Dumping Reverse Proxies

Posted Feb 24, 2017

Authored by Tavis Ormandy, Google Security Research

Cloudflare has reverse proxies that are dumping uninitialized memory.

tags | exploit

SHA-256 | 66511f241de1d3b330ddbb6ca920b62835261e611a2fa6e9a5e1f26923a423df

Download | Favorite | View

Apple WebKit Frame::setDocument UXSS

Posted Feb 24, 2017

Authored by Google Security Research, lokihardt

Apple WebKit suffers from a UXSS via Frame::setDocument.

tags | advisory

systems | apple

advisories | CVE-2017-2365

SHA-256 | 5104194e03e417e5667c9b4e888d0c95f77d92b2d00a9053243150deb4f64f54

Download | Favorite | View

Apple WebKit Pop-Up Blocker Bypass

Posted Feb 24, 2017

Authored by Google Security Research, lokihardt

AppleWebKit suffers from a bypass in the pop-up blocker via a cross-origin or sandboxed iframe.

tags | advisory

advisories | CVE-2017-2371

SHA-256 | d457da214a1cf7f501ec9edc89ee54671857a33c838ee0dd2b0b469664bd1774

Download | Favorite | View

Apple WebKit FrameLoader::clear UXSS

Posted Feb 24, 2017

Authored by Google Security Research, lokihardt

Apple WebKit suffers from a UXSS via FrameLoader::clear.

tags | exploit

systems | apple

advisories | CVE-2017-2363

SHA-256 | 96dd616ca7980d96ce88b9b1c9eb294dcbfae7e91426263f14063998f9dbbfaf

Download | Favorite | View

macOS HelpViewer XSS / Arbitrary File Execution / Read

Posted Feb 24, 2017

Authored by Google Security Research, lokihardt

Cross site scripting on macOS HelpViewer leads to arbitrary file execution and arbitrary file read.

tags | exploit, arbitrary, xss

advisories | CVE-2017-2361

SHA-256 | 60ac6dfc903acc3a29b78f58ebfa4282a803cce1341a5844a4a5edfbfd88a659

Download | Favorite | View

Google Chrome Layout Out-Of-Bounds Read

Posted Feb 24, 2017

Authored by Ivan Fratric, Google Security Research

Google Chrome suffers from an out-of-bounds read in layout.

tags | exploit

SHA-256 | 2d3757be67305e873ee9adecfd5373daa82c75610751deda2131394581490717

Download | Favorite | View

Microsoft Edge / Internet Explorer HandleColumnBreakOnColumnSpanningElement Type Confusion

Posted Feb 24, 2017

Authored by Ivan Fratric, Google Security Research

Microsoft Edge and Internet Explorer suffer from a type confusion in HandleColumnBreakOnColumnSpanningElement.

tags | exploit

advisories | CVE-2017-0037

SHA-256 | acb3a39defa5f6c4a6541be344f794bfefad5affcf45b6f3a062c6bf6cbb9b2b

Download | Favorite | View

Android Javanano Compiler Arbitrary Class Loading / Instantiation

Posted Feb 24, 2017

Authored by Google Security Research, laginimaineb

Android suffers from an arbitrary class loading and instantiation in the protobuf parcelable "javanano" compiler.

tags | exploit, arbitrary

SHA-256 | 00694c6c42772d03fbe9189fb1b29c2886a2b4bc8a3b53aeaadae66fb7532591

Download | Favorite | View

Linux/x86-64 Egghunter Shellcode

Posted Feb 24, 2017

Authored by odzhancode

38 bytes small Linux x86-64 egghunter shellcode.

tags | x86, shellcode

systems | linux

SHA-256 | 33a8836e8a3a2bb2786d5204de9376fab193195fc37069f045d2398e5c936c77

Download | Favorite | View

WordPress Mail Masta 1.0 SQL Injection

Posted Feb 24, 2017

Authored by Hanley Shun

WordPress Mail Masta plugin version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

advisories | CVE-2017-6095, CVE-2017-6096, CVE-2017-6097, CVE-2017-6098

SHA-256 | 7435bc6744e9bd69c9761bcb6ab621a067018103534512777e5dc3959b909a40

Download | Favorite | View

MBLS Flex CMS 0.7.2 SQL Injection / Cross Site Scripting

Posted Feb 24, 2017

Authored by Bilal Kardadou

MBLS Flex CMS version 0.7.2 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection

SHA-256 | de8bbf8970714b308b02a1c4bb5001ad45d1ad6812f661ed24075e53393fe863

Download | Favorite | View

Sophos Web Appliance 4.2.1.3 Remote Command Execution

Posted Feb 24, 2017

Authored by Russell Sanford | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in the Sophos Web Appliance versions 4.2.1.3 and below. The vulnerability exists in a section of the machine's administrative interface for performing diagnostic network tests with wget and unsanitized user supplied information.

tags | exploit, remote, web

advisories | CVE-2016-9554

SHA-256 | 7db483f4c13c510be0772b6ca810c42aab21ae2d4566ceb664f88a68ec7e033c

Download | Favorite | View

ProjectSend r754 Insecure Direct Object Reference / Authenticaton Bypass

Posted Feb 24, 2017

Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

ProjectSend r754 suffers from authentication bypass and insecure direct object reference vulnerabilities.

tags | exploit, vulnerability

SHA-256 | e576cd52b59276cce9f4867d9fc7b1432eb74feb9c066efecd24c54f3ae44bf5

Download | Favorite | View

Lock Photos Album And Videos Safe 4.3 Directory Traversal

Posted Feb 24, 2017

Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Lock Photos Album and Videos Safe version 4.3 suffers from a directory traversal vulnerability.

tags | exploit

SHA-256 | 030e45eb2a4547c1026ac012430e5158bfa001dc92b0f82caf3acd206c8d56b3

Download | Favorite | View