Browsing the "storm" Tag

Backdoor.Win32.Wollf.h Missing Authentication ≈ Packet Storm

February 27th, 2021 📆 | 5299 Views ⚑

Discovery / credits: Malvuln – malvuln.com (c) 2021Original source: https://malvuln.com/advisory/4932471df98b0e94db076f2b1c0339bd.txtContact: [email protected]: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.hVulnerability: Missing AuthenticationDescription: Wollf backdoor creates a

Tagged with:




Vehicle Parking Management System 1.0 Cross Site Scripting ≈ Packet Storm

February 27th, 2021 📆 | 8447 Views ⚑

# Exploit Title: Vehicle Parking Management System 1.0 – ‘catename’ Persistent Cross-Site Scripting (XSS)# Date: 2021-02-25# Exploit Author: Tushar Vaidya#

Tagged with:




Trojan.Win32.Gofot.htx Buffer Overflow ≈ Packet Storm

February 27th, 2021 📆 | 5370 Views ⚑

Discovery / credits: Malvuln – malvuln.com (c) 2021Original source: https://malvuln.com/advisory/ae062bfe4abd59ac1b9be693fbc45f60.txtContact: [email protected]: twitter.com/malvuln Threat: Trojan.Win32.Gofot.htxVulnerability: Local File Buffer OverflowDescription: HackerJLY PE

Tagged with:




WordPress Under Construction, Coming Soon, And Maintenance Mode 1.1.1 SSRF / XSS ≈ Packet Storm

February 27th, 2021 📆 | 5804 Views ⚑

There are SSRF and RXSS vulnerabilities in the WordPress plugin Under Construction, Coming Soon & Maintenance Mode version 1.1.1.Both vulnerabilities

Tagged with:




Simple Employee Records System 1.0 Shell Upload ≈ Packet Storm

February 27th, 2021 📆 | 8366 Views ⚑

# Exploit Title: Simple Employee Records System – File Upload RCE (Unauthenticated)# Date: 2021-02-25# Exploit Author: [email protected]# Vendor Homepage: https://www.sourcecodester.com/php/11393/employee-records-system.html#

Tagged with:




Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal ≈ Packet Storm

February 27th, 2021 📆 | 6025 Views ⚑

Path Traversal on Yeastar TG400 GSM Gateway - 91.3.0.3This is a Proof of Concept for CVE-2021-27328Exampleto get firmware decrypting passwordhttp://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../bin/firmware_detectto

Tagged with:




Nagios XI 5.7.5 Remote Code Execution ≈ Packet Storm

February 27th, 2021 📆 | 4246 Views ⚑

# nagios-xi-5.7.5-bugsBugs reported to Nagios XI ## CVE-2021-25296 ### Code Location `/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php` ### Code snippet “`phpif (!empty($plugin_output_len)) {$disk_wmi_command .= ”

Tagged with:




LightCMS 1.3.4 Cross Site Scripting ≈ Packet Storm

February 27th, 2021 📆 | 8369 Views ⚑

# Exploit Title: LightCMS 1.3.4 – ‘exclusive’ Stored XSS# Date: 25/02/2021# Exploit Author: Peithon# Vendor Homepage: https://github.com/eddy8/LightCMS# Software Link: https://github.com/eddy8/LightCMS/releases/tag/v1.3.4#

Tagged with:




Trojan-Spy.Win32.SpyEyes.elr Insecure Permissions ≈ Packet Storm

February 27th, 2021 📆 | 3918 Views ⚑

Discovery / credits: Malvuln – malvuln.com (c) 2021Original source: https://malvuln.com/advisory/025d07f4610605031e501e6745d663aa.txtContact: [email protected]: twitter.com/malvuln Threat: Trojan-Spy.Win32.SpyEyes.elrVulnerability: Insecure Permissions Description: The malware creates

Tagged with:




Backdoor.Win32.Azbreg.amw Insecure Permissions ≈ Packet Storm

February 27th, 2021 📆 | 6511 Views ⚑

Discovery / credits: Malvuln – malvuln.com (c) 2021Original source: https://malvuln.com/advisory/5eb58198721d4ded363e41e243e685cc.txtContact: [email protected]: twitter.com/malvuln Threat: Backdoor.Win32.Azbreg.amwVulnerability: Insecure Permissions Description: The backdoor creates

Tagged with:




Trojan.Win32.Hotkeychick.am Insecure Permissions ≈ Packet Storm

February 27th, 2021 📆 | 6435 Views ⚑

Discovery / credits: Malvuln – malvuln.com (c) 2021Original source: https://malvuln.com/advisory/5ea9840970e78188f73eb1763363eeac.txtContact: [email protected]: twitter.com/malvuln Threat: Trojan.Win32.Hotkeychick.amVulnerability: Insecure Permissions Description: The trojan creates

Tagged with:




Remote Desktop Web Access Authentication Timing Attack ≈ Packet Storm

February 27th, 2021 📆 | 6188 Views ⚑

#!/usr/bin/env python3# -*- coding: utf-8 -*- # standard modulesfrom metasploit import module # extra modulesDEPENDENCIES_MISSING = Falsetry:import base64import itertoolsimport osimport

Tagged with:




VisualWare MyConnection Server 11.x Remote Code Execution ≈ Packet Storm

February 27th, 2021 📆 | 3840 Views ⚑

Document Title: =============== VisualWare MyConnection Server 11.x Remote Code Execution Vulnerability References (Source): ==================== https://www.securifera.com/advisories/cve-2021-27198/ https://myconnectionserver.visualware.com/download.html Release Date: ============= 2020-02-25

Tagged with:




Online Catering Reservation System 1.0 SQL Injection ≈ Packet Storm

February 27th, 2021 📆 | 6081 Views ⚑

# Exploit Title: Online Catering Reservation System – SQL Injection (Authenticated)# Date: 2021-02-25# Exploit Author: [email protected]# Vendor Homepage: https://www.sourcecodester.com/php/11355/online-catering-reservation.html# Software

Tagged with:




Trojan-Dropper.Win32.Daws.etlm Unauthenticated Reboot ≈ Packet Storm

February 27th, 2021 📆 | 2303 Views ⚑

Discovery / credits: Malvuln – malvuln.com (c) 2021Original source: https://malvuln.com/advisory/a0479e18283ed46e8908767dd0b40f8f.txtContact: [email protected]: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Daws.etlmVulnerability: Remote Unauthenticated System RebootDescription: Daws.etlm drops

Tagged with: