what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 54,512 RSS Feed

Exploit Files

ABB Cylon Aspect 3.08.01 vstatConfigurationDownload.php Configuration Download
Posted Nov 27, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the CSV DB that contains the configuration mappings information via the VMobileImportExportServlet by directly calling the vstatConfigurationDownload.php script.

tags | exploit, php
SHA-256 | 43c96af8c2682eb0a000f47d83e5264452bc79644a69b914c8f4bd5a1347cdba
Akuvox Smart Intercom/Doorphone ServicesHTTPAPI Improper Access Control
Posted Nov 27, 2024
Authored by LiquidWorm | Site zeroscience.mk

The Akuvox Smart Intercom/Doorphone suffers from an insecure service API access control. The vulnerability in ServicesHTTPAPI endpoint allows users with "User" privileges to modify API access settings and configurations. This improper access control permits privilege escalation, enabling unauthorized access to administrative functionalities. Exploitation of this issue could compromise system integrity and lead to unauthorized system modifications.

tags | exploit
SHA-256 | d6519d44019fd929163a3f0cfc993a7eb59025d7f9ad1249b44c90b5573d566f
CUPS IPP Attributes LAN Remote Code Execution
Posted Nov 22, 2024
Authored by Spencer McIntyre, RageLtMan, Simone Margaritelli, Ryan Emmons | Site metasploit.com

This Metasploit module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer. Successful exploitation requires user interaction, but no CUPS services need to be reachable via accessible ports. Code execution occurs in the context of the lp user. Affected versions are cups-browsed less than or equal to 2.0.1, libcupsfilters versions 2.1b1 and below, libppd versions 2.1b1 and below, and cups-filters versions 2.0.1 and below.

tags | exploit, remote, vulnerability, code execution
systems | linux
advisories | CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177
SHA-256 | 16431cc7dbb038947f886cccbda9ff1e8abb4ffdc1cbb4066839871766422f13
ProjectSend R1605 Unauthenticated Remote Code Execution
Posted Nov 22, 2024
Site metasploit.com

This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploading a malicious PHP file to the server.

tags | exploit, remote, php, code execution
SHA-256 | e395c3372dc6eda5878d64b4b3e2b759c5bfaffe8d57ca9fdfd36a0bab7bf55b
needrestart Local Privilege Escalation
Posted Nov 22, 2024
Authored by Qualys Security Advisory

Qualys discovered that needrestart suffers from multiple local privilege escalation vulnerabilities that allow for root access from an unprivileged user.

tags | exploit, local, root, vulnerability
advisories | CVE-2024-10224, CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992
SHA-256 | 5e1a7285b40cf60a49ec4d0075d1398f00688905145e895ec8cd09d0cc0d9564
fronsetia 1.1 Cross Site Scripting
Posted Nov 22, 2024
Authored by Andrey Stoykov

fronsetia version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | bbfd522cfd5160099d31a809ca9257e08bb97dcc37b7bf13572eb09dcfd1ed25
fronsetia 1.1 XML Injection
Posted Nov 22, 2024
Authored by Andrey Stoykov

fronsetia version 1.1 suffers from an XML external entity injection vulnerability.

tags | exploit
SHA-256 | 172877845afd1a0942227a2a28e855668aafeacdb04ad37754aebeccf82f3a9d
PowerVR psProcessHandleBase Reuse
Posted Nov 22, 2024
Authored by Jann Horn, Google Security Research

PowerVR has an issue where PVRSRVAcquireProcessHandleBase() can cause psProcessHandleBase reuse when PIDs are reused.

tags | exploit
advisories | CVE-2024-50066
SHA-256 | 18d88674b2b9ce3ddaccd51818379af5893ab0c36e6eb07d67ee93245da55ea8
Linux 6.6 Race Condition
Posted Nov 22, 2024
Authored by Jann Horn, Google Security Research

A security-relevant race between mremap() and THP code has been discovered. Reaching the buggy code typically requires the ability to create unprivileged namespaces. The bug leads to installing physical address 0 as a page table, which is likely exploitable in several ways: For example, triggering the bug in multiple processes can probably lead to unintended page table sharing, which probably can lead to stale TLB entries pointing to freed pages.

tags | exploit
advisories | CVE-2024-50066
SHA-256 | d415d186ac0cd0e8590e6af8e512c75a753a301cb3c1ff5d14ad6ae5cf28a43e
Korenix JetPort 5601 1.2 Path Traversal
Posted Nov 22, 2024

Korenix JetPort 5601 version 1.2 suffers from a path traversal vulnerability.

tags | exploit
advisories | CVE-2024-11303
SHA-256 | eff7e4d263326b019575dc31027a65c20b18d4241b61e5bb7f9dcd9114150ac6
SEH utnserver Pro 20.1.22 Cross Site Scripting
Posted Nov 22, 2024
Site fhstp.ac.at

SEH utnservyer Pro version 20.1.22 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2024-11304
SHA-256 | 8a817f7a2f70f702d665df042fc9c3e7290ebdec05e9d80aed3e21cb27a39f2b
Ivanti EPM Agent Portal Command Execution
Posted Nov 21, 2024
Authored by Spencer McIntyre, James Horseman, Zach Hanley | Site metasploit.com

This Metasploit module leverages an unauthenticated remote command execution vulnerability in Ivanti's EPM Agent Portal where an RPC client can invoke a method which will run an attacker-specified string on the remote target as NT AUTHORITY\SYSTEM. This vulnerability is present in versions prior to EPM 2021.1 Su4 and EPM 2022 Su2.

tags | exploit, remote
advisories | CVE-2023-28324
SHA-256 | e0620d2d0515fa0c50ecc9895fe036f29df5b1ae1f77223209ef2489ec4d79b2
Judge0 Sandbox Escape
Posted Nov 21, 2024
Authored by Takahiro Yokoyama | Site metasploit.com

Judge0 does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox.

tags | exploit, arbitrary, code execution
advisories | CVE-2024-28185, CVE-2024-28189
SHA-256 | a1ba2cf035b4baf95b438349ee60b5d61abfbe14ea74073871109b698ce41265
WordPress Really Simple Security Authentication Bypass
Posted Nov 19, 2024
Authored by Antonio Francesco Sardella | Site github.com

WordPress Really Simple Security plugin versions prior to 9.1.2 proof of concept authentication bypass exploit.

tags | exploit, proof of concept, bypass
advisories | CVE-2024-10924
SHA-256 | 9fb5206f79bdaf66dbedfc4d45fcf5665de6fe05f64aab8cb3e399923acff9fa
Palo Alto PAN-OS Authentication Bypass / Remote Command Execution
Posted Nov 19, 2024
Site github.com

Proof of concept code to exploit an authentication bypass in Palo Alto's PAN-OS that is coupled with remote command execution.

tags | exploit, remote, proof of concept
advisories | CVE-2024-0012, CVE-2024-9474
SHA-256 | c8b10b5731e612b147d09c4e3d75d1869c7c85552ecae142103e7ca29fb1797b
Pyload Remote Code Execution
Posted Nov 18, 2024
Authored by Spencer McIntyre, jheysel-r7 | Site metasploit.com

CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape the sandbox, bypass pyimport restrictions and execute arbitrary commands on the host. At the time of this writing no patch has been released and version 0.74 is the latest version of js2py which was released Nov 6, 2022. CVE-2024-39205 is a remote code execution vulnerability in Pyload versions 0.5.0b3.dev85 and below. It is an open-source download manager designed to automate file downloads from various online sources. Pyload is vulnerable because it exposes the vulnerable js2py functionality mentioned above on the /flash/addcrypted2 API endpoint. This endpoint was designed to only accept connections from localhost but by manipulating the HOST header we can bypass this restriction in order to access the API to achieve unauthenticated remote code execution.

tags | exploit, remote, arbitrary, javascript, code execution, python
advisories | CVE-2024-28397, CVE-2024-39205
SHA-256 | 80427d657de061fee48a9f5adbb6c131d9fca4ddd53f67cf67ca1b3ed439fddd
SOPlanning 1.52.01 Remote Code Execution
Posted Nov 18, 2024

SOPlanning version 1.52.01 authenticated remote code execution exploit.

tags | exploit, remote, code execution
SHA-256 | aa2b0281cd44426371fcd74740cdc742a4967b78355a65e5c712e22f50b852b6
Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
Posted Nov 14, 2024
Authored by Andreas Kolbeck, Steffen Robertz | Site sec-consult.com

Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass.

tags | exploit, arbitrary, local
advisories | CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879
SHA-256 | f3ace4f4cb5b84a560a9593357976ec236f7e116327a16dffefa142cb8440217
TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write
Posted Nov 14, 2024
Authored by Filip Palian

TX Text Control .NET Server For ASP.NET has an issue where it was possible to change the configured system path for reading and writing files in the underlying operating system with privileges of the user running a web application.

tags | exploit, web, asp
SHA-256 | 87daef249524395b391c7767b295ddf96c40db5d4fbd376c76c034cc5844d043
GravCMS 1.10.7 Arbitrary YAML Write / Update
Posted Nov 14, 2024
Site github.com

Proof of concept remote code execution exploit for GravCMS 1.10.7 that leverages an arbitrary YAML write / update.

tags | exploit, remote, arbitrary, code execution, proof of concept
advisories | CVE-2021-21425
SHA-256 | 5cb1696418ca010542d02a039fd2e7ced0fb5abc292d2bf9e447350af4776e32
PHP-CGI Argument Injection Remote Code Execution
Posted Nov 14, 2024
Authored by BTtea | Site github.com

Proof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.

tags | exploit, remote, cgi, php, code execution, proof of concept
advisories | CVE-2024-4577
SHA-256 | a6b63ce9c93a3021236a9a584571d58798fe9d500b30228bb2141feca495c4d9
Palo Alto Expedition 1.2.91 Remote Code Execution
Posted Nov 13, 2024
Authored by Enrique Castillo, Zach Hanley, Michael Heinzl | Site metasploit.com

This Metasploit module lets you obtain remote code execution in Palo Alto Expedition versions 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the second vulnerability, CVE-2024-9464, is an authenticated OS command injection. In a default installation, commands will get executed in the context of www-data. When credentials are provided, this module will only exploit the second vulnerability. If no credentials are provided, the module will first try to reset the admin password and then perform the OS command injection.

tags | exploit, remote, code execution
advisories | CVE-2024-24809, CVE-2024-5910
SHA-256 | df2c6c91b0ec6249f500e20b70f386982ccf89ee425960ccceff8fd524cb14ff
HASOMED Elefant / Elefant Software Updater Data Exposure / Privilege Escalation
Posted Nov 11, 2024
Authored by Daniel Hirschberger, Florian Stuhlmann | Site sec-consult.com

HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities.

tags | exploit, local, vulnerability
advisories | CVE-2024-50588, CVE-2024-50589, CVE-2024-50590, CVE-2024-50591, CVE-2024-50592, CVE-2024-50593
SHA-256 | 08569aaf8d9ee2326579f45288b32f5dc1f2f9623687358b993634b1d5424d28
WSO2 4.0.0 / 4.1.0 / 4.2.0 Shell Upload
Posted Nov 11, 2024
Site github.com

WS02 versions 4.0.0, 4.1.0, and 4.2.0 are susceptible to remote code execution via an arbitrary file upload vulnerability.

tags | exploit, remote, arbitrary, code execution, file upload
SHA-256 | 88bbb0e549a78d6ccac8792066a572155603f8e8b352a29a78237e92f01cd2a7
WordPress Meetup 0.1 Authentication Bypass
Posted Nov 7, 2024
Site github.com

WordPress Meetup plugin versions 0.1 and below suffer from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2024-50483
SHA-256 | 89ac429be4764b94bf641a570c41c31bddf5b9a683ddf1aeac67f0ca453b0bb8
Page 1 of 2,181
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close