This archive contains all of the 225 exploits added to Packet Storm in November, 2012.
e53bdc46e1d537d309a6c1b480219705cd6afc3f323fe17fc1150b4cdbf27d95
This Metasploit module exploits a vulnerability found in BlazeVideo HDTV Player's filename handling routine. When supplying a string of input data embedded in a .plf file, the MediaPlayerCtrl.dll component will try to extract a filename by using PathFindFileNameA(), and then copies whatever the return value is on the stack by using an inline strcpy. As a result, if this input data is long enough, it can cause a stack-based buffer overflow, which may lead to arbitrary code execution under the context of the user.
ab34370a5debea1b2a8db24c582834304ee72c0e5a992dbbbcfedc31867011f6
Axis Commerce version 0.8.7.2 suffers from multiple stored cross site scripting vulnerabilities.
5b98c30892bfc1275681ae20caf39f5a066c85801cedca3fd96ad0fd88b04a10
SysAid Helpdesk version 8.5 Pro suffers from multiple remote blind SQL injection vulnerabilities.
6b32da064f8d6d2d434491a60fd914b8e9cf99d9ceab79f915c421782d761761
Squiz CMS version 11654 suffers from a directory traversal vulnerability.
9aad92b935f5ad7c893786de544430c0d9cb211b6cbbaed9edeef9c1a0e15cce
Nagios XI Network Monitor version 2011R1.9 suffers from a remote blind SQL injection vulnerability.
2cf56eed695230c853b7b3b4f90eb894c8c6fc9ed6af1f23249a37152923da76
Nagios XI Network Monitor version 2011R1.9 suffers from OS command injection vulnerabilities.
cefe812c8837b8e434b4ea93fe2c8a19e990a7fdd85084570601625036f225c8
Oracle Gridengine's sgepasswd suffers from a buffer overflow vulnerability.
27c545a1cda033f55904dc6058b6be0f7c4252cea190bf6782a8be65bf19b66d
DataArmor and DriveArmor versions prior to 3.0.12.861 suffer from restricted environment breakout, privilege escalation, and full disk decryption vulnerabilities.
0fc5ee98ad7150597b23a730a459a04feb859a6daba3aacc92a056f31d04b665
jsupload.cgi.pl versions 0.6.4 and below suffer from a directory traversal vulnerability.
ccd62aaa39befe158eac096c007c49a7c571779c421b3de5eb034f9c0b7abff3
PayPal suffered from a persistent cross site scripting vulnerability.
2410978fe3d394fded3f60d02efa3b9655e8eff8e42012acccdeb9c375cab246
SilverStripe version 3.0.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
5cb762b339a330f6095d9df36320aed93b37bcf830588eaba27f260b27da40fb
Oracle OpenSSO version 8.0 suffers from multiple cross site scripting vulnerabilities.
8c808e048c19a6a159ab6b29c16212a38f35d663f13ecf875b211ee928233412
WordPress Video Lead Form plugin version 0.5 suffers from a cross site scripting vulnerability.
6399d89e41c6f18b870131becc911b8866326d09c8fdc61c3e45091324d5ae69
Oracle Exadata leaf switches come configured with easily guessable passwords and a shadow file that is world-readable.
4656654c3f194537f44fd57130e17703524ad55c4635083060dae1b01824ac10
BigDump version 0.32b suffers from cross site scripting, arbitrary file upload, and remote SQL injection vulnerabilities.
bc23c90c044ff4efc633cbcc3f27e340bad38ad3a444213bde86d3e4702abab0
UMPlayer Portable version 0.95 crash proof of concept denial of service exploit.
645f405d6e5613e5ffaa01bd0c557e04533bc8bd28c446fcee2412fd2ffbdf56
Agilebits 1Password version 3.9.9 suffers from a cross site scripting vulnerability in the troubleshooting reporting system.
71744dd1e2e3fc6192bf9157fb70fc21a07956fc2047e6e02439c2ae46385835
Elastix version 2.3.0 suffers from a cross site scripting vulnerability.
1169ee193f94dedd59c9fe5880f39264785ad1850a53caa434d5b07ce5fb358a
MODx versions 1.0.6 and below suffer from cross site request forgery, abuse of functionality, and denial of service vulnerabilities.
06e2431993e324f2e749b37a6e7c7e00a479836f6dfc847e0cea7aa9db329961
BigDump version 0.29b suffers from arbitrary file upload and remote SQL injection vulnerabilities.
7f2a9f83ce7267074bd1e978a6656843e20681fe40e2a65f46e42520bcc2a69e
Sites created by Seventeen Design suffer from cross site scripting and remote SQL injection vulnerabilities. Note that these findings house site-specific data.
6e024ff910a500b76d6e98d594d24f0970043c4043af514d8873b64e06e7d328
Sites developed by Espacio Ecuador suffer from cross site scripting and remote SQL injection vulnerabilities. Note that these findings house site-specific data.
22828edf67f35b77d1f498612cba632ea2ac891ab9f69bfcab423f6c9f593603
This Metasploit module checks the AlwaysInstallElevated registry keys which dictate if .MSI files should be installed with elevated privileges (NT AUTHORITY\SYSTEM). The default MSI file is data/exploits/exec_payload.msi with the WiX source file under external/source/exploits/exec_payload_msi/exec_payload.wxs. This MSI simply executes payload.exe within the same folder. The MSI may not execute successfully successive times, but may be able to get around this by regenerating the MSI. MSI can be rebuilt from the source using the WIX tool with the following commands: candle exec_payload.wxs light exec_payload.wixobj.
c7e98f972baf436cdfffebb9e430a37c5fe6f420bfd185f513efaf7d19a631e2
This Metasploit module exploits a buffer overflow in Apple QuickTime 7.7.2. The stack based overflow occurs when processing a malformed Content-Type header. The module has been tested successfully on Safari 5.1.7 and 5.0.7 on Windows XP SP3.
10b7f159e2f92d30b2c07941abb1e4f934539758916904fa7372f9e7afa29641