accept no compromises
Showing 1 - 25 of 207 RSS Feed

Files

Packet Storm New Exploits For November, 2012
Posted Dec 1, 2012
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 225 exploits added to Packet Storm in November, 2012.

tags | exploit
systems | linux
MD5 | 0eaa1d1318b2854de608c4e272db764f
BlazeVideo HDTV Player Pro 6.6 Filename Handling
Posted Nov 30, 2012
Authored by sinn3r, b33f | Site metasploit.com

This Metasploit module exploits a vulnerability found in BlazeVideo HDTV Player's filename handling routine. When supplying a string of input data embedded in a .plf file, the MediaPlayerCtrl.dll component will try to extract a filename by using PathFindFileNameA(), and then copies whatever the return value is on the stack by using an inline strcpy. As a result, if this input data is long enough, it can cause a stack-based buffer overflow, which may lead to arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
advisories | OSVDB-80896
MD5 | 18479af99cd876aea7ca8d3a6f0c35fb
Axis Commerce 0.8.7.2 Cross Site Scripting
Posted Nov 30, 2012
Authored by LiquidWorm | Site zeroscience.mk

Axis Commerce version 0.8.7.2 suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 881fe5f6ef6e5dbec355493c0d924fe3
SysAid Helpdesk 8.5 Pro SQL Injection
Posted Nov 30, 2012
Authored by Daniel Compton | Site nccgroup.com

SysAid Helpdesk version 8.5 Pro suffers from multiple remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 9f07d639148cb86bf1c1ef207e3d8be8
Squiz CMS 11654 File Path Traversal
Posted Nov 30, 2012
Authored by Robert Ray | Site nccgroup.com

Squiz CMS version 11654 suffers from a directory traversal vulnerability.

tags | exploit
MD5 | 20777e9c1618a11616598ae7f13aabab
Nagios XI Network Monitor 2011R1.9 SQL Injection
Posted Nov 30, 2012
Authored by Daniel Compton | Site nccgroup.com

Nagios XI Network Monitor version 2011R1.9 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 31235d7bde61608ca3ebf88ad44f4c7c
Nagios XI Network Monitor 2011R1.9 OS Command Injection
Posted Nov 30, 2012
Authored by Daniel Compton | Site nccgroup.com

Nagios XI Network Monitor version 2011R1.9 suffers from OS command injection vulnerabilities.

tags | exploit, vulnerability
MD5 | 8282d53e99b1e8dbcb80909ec38492d2
Oracle Gridengine sgepasswd Buffer Overflow
Posted Nov 30, 2012
Authored by Edward Torkington | Site ngssoftware.com

Oracle Gridengine's sgepasswd suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | dc278ebed50251a0deb5698d833767cc
DataArmor / DriveArmor Privilege Escalation / Decryption
Posted Nov 30, 2012
Authored by Stuart Passe | Site ngssoftware.com

DataArmor and DriveArmor versions prior to 3.0.12.861 suffer from restricted environment breakout, privilege escalation, and full disk decryption vulnerabilities.

tags | exploit, vulnerability
MD5 | 0419d05b8467d22e94ea40d4bec34572
jsupload.cgi.pl 0.6.4 Directory Traversal
Posted Nov 30, 2012
Authored by Sean de Regge

jsupload.cgi.pl versions 0.6.4 and below suffer from a directory traversal vulnerability.

tags | exploit, cgi, file inclusion
MD5 | 0373f395b175a1ebb55509a6d8d4603d
PayPal Persistent Listing Cross Site Scripting
Posted Nov 30, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

PayPal suffered from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3e5e7d726ff45caa32c8441e05e68b0c
SilverStripe CMS 3.0.2 Cross Site Request Forgery / Cross Site Scripting
Posted Nov 30, 2012
Authored by Nathaniel Carew | Site senseofsecurity.com.au

SilverStripe version 3.0.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | ef185cbe2fa306c18219cccfb231e76c
Oracle OpenSSO 8.0 Cross Site Scripting
Posted Nov 30, 2012
Authored by LiquidWorm | Site zeroscience.mk

Oracle OpenSSO version 8.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | c1fb019e18acec10b5e921de308a0da6
WordPress Video Lead Form 0.5 Cross Site Scripting
Posted Nov 30, 2012
Authored by Aditya Balapure

WordPress Video Lead Form plugin version 0.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-6312
MD5 | bc85a1fd4dd6df628f7fa124bf37411a
Oracle Exadata Leaf Switch Weak Logins
Posted Nov 29, 2012
Authored by Larry W. Cashdollar

Oracle Exadata leaf switches come configured with easily guessable passwords and a shadow file that is world-readable.

tags | exploit
MD5 | 0ded84ac51347fe8a9e43587bb421685
BigDump 0.32b XSS / Shell Upload / SQL Injection
Posted Nov 29, 2012
Authored by Ur0b0r0x

BigDump version 0.32b suffers from cross site scripting, arbitrary file upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, xss, sql injection, file upload
MD5 | 068a864ca68b92ff822c30e42c339e5e
UMPlayer Portable 0.95 Proof Of Concept
Posted Nov 29, 2012
Authored by p3kok

UMPlayer Portable version 0.95 crash proof of concept denial of service exploit.

tags | exploit, denial of service, proof of concept
MD5 | 6cc36250defd8242f0559f0312ed744d
Agilebits 1Password 3.9.9 Cross Site Scripting
Posted Nov 29, 2012
Authored by Christy Philip Mathew

Agilebits 1Password version 3.9.9 suffers from a cross site scripting vulnerability in the troubleshooting reporting system.

tags | exploit, xss
MD5 | e22306620b78ed20844f9028f2ccd247
Elastix 2.3.0 Cross Site Scripting
Posted Nov 29, 2012
Authored by cheki

Elastix version 2.3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3ae06887df03088d4edb65bf1c2f5330
MODx 1.0.6 XSS / Abuse Functionality / Denial Of Service
Posted Nov 29, 2012
Authored by MustLive

MODx versions 1.0.6 and below suffer from cross site request forgery, abuse of functionality, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, csrf
MD5 | eb6da7a2b149c7b3eb0bc87eb5f1ab8d
BigDump 0.29b Shell Upload / SQL Injection
Posted Nov 29, 2012
Authored by Ur0b0r0x

BigDump version 0.29b suffers from arbitrary file upload and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file upload
MD5 | 93d6a48cb2ccdbb96ef77fdee5704916
Seventeen Design Cross Site Scripting / SQL Injection
Posted Nov 29, 2012
Authored by Ur0b0r0x

Sites created by Seventeen Design suffer from cross site scripting and remote SQL injection vulnerabilities. Note that these findings house site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | e1ff5696e6bab52f0c9257970397d426
Espacio Ecuador Cross Site Scripting / SQL Injection
Posted Nov 29, 2012
Authored by Ur0b0r0x

Sites developed by Espacio Ecuador suffer from cross site scripting and remote SQL injection vulnerabilities. Note that these findings house site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 59e0cf6b3b3f8cc1ed184db18cf58601
Windows AlwaysInstallElevated MSI
Posted Nov 29, 2012
Authored by Parvez Anwar, Ben Campbell | Site metasploit.com

This Metasploit module checks the AlwaysInstallElevated registry keys which dictate if .MSI files should be installed with elevated privileges (NT AUTHORITY\SYSTEM). The default MSI file is data/exploits/exec_payload.msi with the WiX source file under external/source/exploits/exec_payload_msi/exec_payload.wxs. This MSI simply executes payload.exe within the same folder. The MSI may not execute successfully successive times, but may be able to get around this by regenerating the MSI. MSI can be rebuilt from the source using the WIX tool with the following commands: candle exec_payload.wxs light exec_payload.wixobj.

tags | exploit, registry
MD5 | 7f54f3f19b96a153e20a2549365a851b
Apple QuickTime 7.7.2 MIME Type Buffer Overflow
Posted Nov 29, 2012
Authored by juan vazquez, Pavel Polischouk | Site metasploit.com

This Metasploit module exploits a buffer overflow in Apple QuickTime 7.7.2. The stack based overflow occurs when processing a malformed Content-Type header. The module has been tested successfully on Safari 5.1.7 and 5.0.7 on Windows XP SP3.

tags | exploit, overflow
systems | windows, apple, xp
advisories | CVE-2012-3753, OSVDB-87088
MD5 | 102127242852b83738de42d177aa8f59
Page 1 of 9
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
Child Safety Smartwatches Easy To Hack, Watchdog Says
Posted Oct 18, 2017

tags | headline, privacy, flaw
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Microsoft Never Disclosed 2013 Hack Of Secret Vulnerability Database
Posted Oct 18, 2017

tags | headline, hacker, microsoft, data loss, flaw
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
UK TV Drama About North Korea Hit By Hackers
Posted Oct 17, 2017

tags | headline, hacker, government, britain, cyberwar, korea
Russia Tweaks Telegram With Tiny Fine For Decryption Denial
Posted Oct 17, 2017

tags | headline, government, privacy, russia, cryptography
Never Mind The WPA2 Drama... Details Emerge Of TPM Key Fail
Posted Oct 17, 2017

tags | headline, wireless, flaw, cryptography
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close