Exploit Files ≈ Packet Storm

Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Packet Storm
  1. NodeJS Debugger Command Injection
    This Metasploit module uses the "evaluate" request type of the NodeJS V8 debugger protocol (version 1) to evaluate arbitrary JS and call out to other system commands. The port (default 5858) is not exposed non-locally in default configurations, but may be exposed either intentionally or via misconfiguration.
  2. Adobe Flash appleToRange Out-Of-Bounds Read
    Adobe Flash suffers from an out-of-bounds read in applyToRange.
  3. Adobe Flash MP4 Edge Processing Out-Of-Bounds Write
    Adobe Flash suffers from an out-of-bounds write vulnerability in MP4 Edge Processing.
  4. Adobe Flash MP4 Parsing Out-Of-Bounds Read
    Adobe Flash suffers from an out-of-bounds memory read vulnerability in MP4 parsing.
  5. Broadcom 802.11k Neighbor Report Response Out-Of-Bounds Write
    Broadcom suffers from an out-of-bounds write when handling 802.11k Neighbor Report Response.
  6. CyberLink LabelPrint Buffer Overflow
    CyberLink LabelPrint versions prior to 2.5 SEH unicode buffer overflow exploit.
  7. JitBit Helpdesk 9.0.2 Broken Authentication
    JitBit Helpdesk versions 9.0.2 and below suffer from a broken authentication vulnerability.
  8. Oracle 9i XDB 9.2.01 HTTP PASS Buffer Overflow
    Oracle 9i XDB version HTTP PASS buffer overflow exploit.
  9. Disk Pulse Enterprise 10.0.12 GET Buffer Overflow
    Disk Pulse Enterprise version 10.0.12 GET buffer overflow SEH exploit.
  10. FLIR Systems FLIR Thermal Camera F/FC/PT/D Hard-Coded SSH Credentials
    FLIR utilizes hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the camera.
  11. FLIR Systems FLIR Thermal Camera F/FC/PT/D Stream Disclosure
    FLIR suffers from an unauthenticated and unauthorized live stream disclosure.
  12. FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures
    FLIP Systems thermal cameras have an issues where Input passed through several parameters is not properly verified before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files from local resources.
  13. FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) Remote Root
    FLIR Camera PT-Series suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exist due to several POST parameters in controllerFlirSystem.php script when calling the execFlirSystem() function not being sanitized when using the shell_exec() PHP function while updating the network settings on the affected device. This allows the attacker to execute arbitrary system commands as the root user and bypass access controls in place.
  14. FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection
    FLIR FC-S/PT series suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user.
  15. Supervisor XML-RPC Authenticated Remote Code Execution
    This Metasploit module exploits a vulnerability in the Supervisor process control software, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. This vulnerability can only be exploited by an authenticated client, or if supervisord has been configured to run an HTTP server without authentication. This vulnerability affects versions 3.0a1 to 3.3.2.
  16. BlueBorne BlueTooth Buffer Overflow Proof Of Concept
    BlueBorne BlueTooth buffer overflow proof of concept exploit that causes a denial of service vulnerability on Linux kernels prior to 4.13.1.
  17. Kaltura 13.1.0 Code Execution / Cross Site Scripting
    Kaltura versions 13.1.0 and below suffer from code execution and cross site scripting vulnerabilities.
  18. DenyAll Web Application Firewall Remote Code Execution
    This Metasploit module exploits the command injection vulnerability of DenyAll Web Application Firewall. Unauthenticated users can execute a terminal command under the context of the web server user.
  19. PHP Auction Ecommerce Script 1.6 SQL Injection
    PHP Auction Ecommerce Script version 1.6 suffers from a remote SQL injection vulnerability.
  20. Cash Back Comparison Script 1.0 SQL Injection
    Cash Back Comparison Script version 1.0 suffers from a remote SQL injection vulnerability.
  21. Secure E-Commerce Script 1.02 SQL Injection
    Secure E-Commerce Script version 1.02 suffers from a remote SQL injection vulnerability.
  22. Claydip Airbnb Clone 1.0 Arbitrary File Upload
    Claydip Airbnb Clone version 1.0 suffers from an arbitrary file upload vulnerability.
  23. Lending And Borrowing SQL Injection
    Lending and Borrowing suffers from a remote SQL injection vulnerability.
  24. Multi Level Marketing SQL Injection
    Multi Level Marketing suffers from a remote SQL injection vulnerability.
  25. Microsoft Edge Chakra JavascriptFunction::ReparseAsmJsModule Parsing Issue
    Microsoft Edge Chakra JavascriptFunction::ReparseAsmJsModule suffers from a parsing issue.

Is Your Network At Risk?

  • Is Your Network an Easy Target? Search Networks That Can Be Breached

Cyber Security Associations

Cyber Security Tips

  • Microsoft Windows Update+

    Microsoft goes to great lengths to provide security patches through "Windows Update". Apply these patches on a weekly basis to…
  • Virus Protection+

    Make sure to install Virus Protection software and run updates on a weekly basis to catch new threats.…
  • 1