what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2024-10-07

Grav CMS 1.7.44 Server-Side Template Injection
Posted Oct 7, 2024
Authored by geniuszlyy | Site github.com

GenGravSSTIExploit is a proof of concept Python script that exploits an authenticated server-side template injection (SSTI) vulnerability in Grav CMS versions 1.7.44 and below. This vulnerability allows a user with editor permissions to execute OS commands on a remote server.

tags | exploit, remote, proof of concept, python
advisories | CVE-2024-28116
SHA-256 | 320840a574bd1e39d76e644a70206a220bf7e080390462bcc9fbdf69d6cd628a
Ruby-SAML / GitLab Authentication Bypass
Posted Oct 7, 2024
Authored by Synacktiv | Site github.com

This script exploits the issue noted in CVE-2024-45409 that allows an unauthenticated attacker with access to any signed SAML document issued by the IDP to forge a SAML Response/Assertion and gain access as any user on GitLab. Ruby-SAML versions below or equal to 12.2 and versions 1.13.0 through 1.16.0 do not properly verify the signature of the SAML Response.

tags | exploit, ruby
advisories | CVE-2024-45409
SHA-256 | d08713f2b53b8375bee1c935a8aa40df427334d91a9660f64086fe0c225c0c55
iTunes For Windows 12.13.2.3 Local Privilege Escalation
Posted Oct 7, 2024
Authored by mbog14 | Site github.com

This is a thorough write up of how to exploit a local privilege escalation vulnerability in iTunes for Windows version 12.13.2.3. Apple fixed this in version 12.13.3.

tags | exploit, local
systems | windows, apple
advisories | CVE-2024-44193
SHA-256 | d695b4f1b1028346552105f4ee8239edee8add156e7b797895b5d5337070f75f
ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution
Posted Oct 7, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect versions 3.08.00 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the SYSLOG HTTP POST parameter called by the syslogSwitch.php script.

tags | exploit, web, arbitrary, shell, php
SHA-256 | bd108fa7ce900744b1676f5426423c1034cfcf86df1a6c72f006197b3c7c4616
ABB Cylon Aspect 3.08.01 caldavUtil.php Remote Code Execution
Posted Oct 7, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect versions 3.08.01 and below suffer from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the Footer HTTP POST parameter called by the caldavUtil.php script.

tags | exploit, web, arbitrary, shell, php
SHA-256 | 8a578a88dc628bdf9030f24dfeb5efed5a2916122d7b2c6617ee5215c5c7a0d4
ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution
Posted Oct 7, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect versions 3.08.00 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the timeserver HTTP POST parameter called by the setTimeServer.php script.

tags | exploit, web, arbitrary, shell, php
SHA-256 | 7a951ff7fa25dce192577e79009a2ecc161d07c5d3e93a4698034aee54606ea7
ABB Cylon Aspect 3.08.01 logYumLookup.php Unauthenticated File Disclosure
Posted Oct 7, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect versions 3.08.01 and below suffer from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the logFile GET parameter via the logYumLookup.php script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

tags | exploit, arbitrary, php
SHA-256 | 30c77f451b21a376551521dd035b5e49e0e8791bc964c67769f0111ef659c202
Ubuntu Security Notice USN-7056-1
Posted Oct 7, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7056-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Masato Kinugawa discovered that Firefox did not properly validate javascript under the "resource://pdf.js" origin. An attacker could potentially exploit this issue to execute arbitrary javascript code and access cross-origin PDF content.

tags | advisory, denial of service, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-9396, CVE-2024-9397, CVE-2024-9401, CVE-2024-9402
SHA-256 | 80c7f4192680b4c2101a2c6f637255686ae8913ec48a9a8254011849671e40e0
ManageEngine ADManager Plus Privilege Escalation
Posted Oct 7, 2024
Authored by Metin Yunus Kandemir

ManageEngine ADManager Plus builds prior to 7210 suffers from a privilege escalation vulnerability.

tags | advisory
advisories | CVE-2024-24409
SHA-256 | 3b9941aa9efcb746685c3ff7341274059f2a5c45bbffedd341d4a38c6fdff3c0
Book Recording App 2024-09-24 Cross Site Scripting
Posted Oct 7, 2024
Authored by Arif Ari

Book Recording App, as submitted on 2024-09-24, suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ca1768dbff94043ee01a0061583de80ca1685c784895cdca06b8f990a4ba4df4
Debian Security Advisory 5786-1
Posted Oct 7, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5786-1 - Integer overflows flaws were discovered in the Compound Document Binary File format parser of libgsf, the GNOME Project G Structured File Library, which could result in the execution of arbitrary code if a specially crafted file is processed.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2024-36474, CVE-2024-42415
SHA-256 | 98c0d59e2d6c56f5374ef98a8c7336b85fff3f90be2ec312d6bc3af96e794ba8
Debian Security Advisory 5785-1
Posted Oct 7, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5785-1 - Dom Walden discovered that the AbuseFilter extension in MediaWiki, a website engine for collaborative work, performed incomplete authorisation checks.

tags | advisory
systems | linux, debian
advisories | CVE-2024-47913
SHA-256 | 38742c4e799607f311ca3f650942c752a6b19f6597bc2e6819c3e789065b2193
OpenMediaVault 7.4.2-2 Code Injection
Posted Oct 7, 2024
Authored by indoushka

OpenMediaVault version 7.4.2-2 suffers from a PHP code injection vulnerability.

tags | exploit, php
SHA-256 | dee3901417baed652d3fc04ebaed8cad97b0a4d6b6b57d600f69ac46177f5cc4
Netis MW5360 Code Injection
Posted Oct 7, 2024
Authored by indoushka

Netis MW5360 suffers from a PHP code injection vulnerability.

tags | exploit, php
SHA-256 | 974dd984899b2411ba4ed106942c2a833ce6ac14b2289ac1294116a892fdc83a
Hikvision IP Camera Cross Site Request Forgery
Posted Oct 7, 2024
Authored by indoushka

Hikvision IP Cameras suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 048a62691fff8ca9559f3569ecda16c64e4b8fff10f2234edeffc362e6ec8528
GeoServer 2.25.1 Code Injection
Posted Oct 7, 2024
Authored by indoushka

GeoServer version 2.25.1 suffers from a PHP code injection vulnerability.

tags | exploit, php
SHA-256 | 425286b969561badddd4d4255537956eb91fd2c63a438e26b79b655873664851
Gambio Online Webshop 4.9.2.0 Code Injection
Posted Oct 7, 2024
Authored by indoushka

Gambio Online Webshop version 4.9.2.0 suffers from a PHP code injection vulnerability.

tags | exploit, php
SHA-256 | c8f9e04f80ca5f409461edae51290f96dd6f04c7856de1b8c387b3a5757ea858
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close