This archive contains proof of concepts and a whitepaper that describes multiple email client implementations where popular clients for email are vulnerable to signature spoofing attacks.
>> CATEGORY: exploit
CentOS Web Panel versions 0.9.8.793 (Free), 0.9.8.753 (Pro), and 0.9.8.807 (Pro) suffer from a domain field (Add DNS Zone) cross site scripting vulnerability.
Winamp version 5.12 playlist (.pls) buffer overflow exploit with ASLR + EGGHUNT + REV_SHELL. Written in Python.
This Metasploit module exploits a vulnerability in Ruby on Rails. In development mode, a Rails application would use its name as the secret_key_base, and can be easily extracted by visiting…
This archive contains all of the 204 exploits added to Packet Storm in April, 2019.
Microsoft Windows PowerShell ISE will execute wrongly supplied code when debugging specially crafted PowerShell scripts that contain array brackets as part of the filename. This can result in ISE executing…
Joomla JiFile component version 2.3.1 suffers from an arbitrary file download vulnerability.
Agent Tesla Botnet suffers from an information leakage vulnerability.
This Metasploit module exploits a PHP unserialize() in Pimcore before 5.7.1 to execute arbitrary code. An authenticated user with “classes” permission could exploit the vulnerability. The vulnerability exists in the…
This Metasploit module creates a pre-invoke hook for APT in apt.conf.d. The hook name syntax is numeric followed by text.