Exploit the possiblities
Showing 1 - 25 of 158 RSS Feed

Files

Packet Storm New Exploits For February, 2013
Posted Mar 1, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 157 exploits added to Packet Storm in February, 2013.

tags | exploit
systems | linux
MD5 | 84d49c28376372e86bda7e9cba45e4e2
Piwigo 2.4.6 Cross Site Request Forgery / Traversal
Posted Feb 28, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

Piwigo version 2.4.5 suffers from cross site request forgery and path traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion, csrf
advisories | CVE-2013-1468, CVE-2013-1469
MD5 | b1935590941c1e53c6ac425376599150
Geeklog 1.8.2 Cross Site Scripting
Posted Feb 28, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

Geeklog version 1.8.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-1470
MD5 | a350c891f1392831f81fe229e6dbadb2
D-Link DIR-645 Authentication Bypass
Posted Feb 28, 2013
Authored by Roberto Paleari

D-Link DIR-645 devices suffer from a direct access authentication bypass vulnerability.

tags | exploit, bypass
MD5 | d7b5095d749258932d4e7f5c6ea41d4d
Fileutils Ruby Gem Remote Command Execution
Posted Feb 28, 2013
Authored by Larry W. Cashdollar

The Fileutils Ruby gem suffers from possible remote command execution due to a lack of passing unsanitized user input to CutyCapt for execution. It also suffers from insecure file handling in /tmp.

tags | exploit, remote, ruby
MD5 | 99646c474c4e02422426633db0fadaa0
Joomla! 3.0.2 PHP Object Injection
Posted Feb 27, 2013
Authored by EgiX

Joomla! versions 3.0.2 and below suffer from a PHP object injection vulnerability in highlight.php.

tags | exploit, php
advisories | CVE-2013-1453, OSVDB-89852
MD5 | 9e2ca8e1398a948ecccc92626171da9e
WordPress Comment Rating 2.9.32 SQL Injection / Bypass
Posted Feb 27, 2013
Authored by ebanyu

WordPress Comment Rating plugin version 2.9.32 suffers from vote limitation bypass and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, bypass
MD5 | cca508057d6477719b27ca2cb2a9a895
Gambas /tmp Directory Hijack
Posted Feb 27, 2013
Authored by Larry W. Cashdollar

Gambas creates a directory in /tmp called gambas.UID where UID is the user id of the person running the software. Gambas does not check to see if a malicious user has already created that directory.

tags | exploit
MD5 | 256a033dd2a232057aae8893a9b8a634
Brewthology 0.1 SQL Injection
Posted Feb 26, 2013
Authored by cr4wl3r

Brewthology version 0.1 remote SQL injection exploit that dumps the user table and leverages beerxml.php.

tags | exploit, remote, php, sql injection
MD5 | 9ad2a97eebe256c251da3803aa889bfc
Archlinux/x86-64 3.3.x-3.7.x x86-64 sock_diag_handlers[] Local Root
Posted Feb 26, 2013
Authored by sd

Local root exploit for Archlinux that allows an unprivileged user to take over control in kernel mode due to an out-of-bounds access of the sock_diag_handlers[] array. Works reliably against x86-64 3.3-3.7.

tags | exploit, x86, kernel, local, root
advisories | CVE-2013-1763
MD5 | f38c7c832635834f88b0ae806b01f1b0
Glossword 1.8.12 Arbitrary File Upload
Posted Feb 26, 2013
Authored by Akastep, Brendan Coles | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Glossword versions 1.8.8 through 1.8.12 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the 'gw_temp/a/' directory.

tags | exploit, arbitrary, file upload
advisories | OSVDB-89960
MD5 | 4f1934a968cdbb5fa314b491cfd0ec99
Kordil EDMS 2.2.60rc3 Arbitrary File Upload
Posted Feb 25, 2013
Authored by Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in Kordil EDMS version 2.2.60rc3. This application has an upload feature that allows an unauthenticated user to upload arbitrary files to the '/kordil_edms/userpictures/' directory.

tags | exploit, arbitrary
MD5 | 33ad49a9cc2ea906a39ccf8cd2cbeb28
PolarPearCms PHP File Upload
Posted Feb 25, 2013
Authored by Fady Mohamed Osman | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in PolarPear CMS. By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.

tags | exploit, arbitrary, php, code execution, file upload
advisories | CVE-2013-0803
MD5 | 9c1bc86a33b371e22501e3da5154018e
MTP Poll 1.0 Cross Site Scripting
Posted Feb 25, 2013
Authored by LiquidWorm | Site zeroscience.mk

MTP Poll version 1.0 suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 68eefe17b17528488410f7a6ecfa8444
MTP Guestbook 1.0 Cross Site Scripting
Posted Feb 25, 2013
Authored by LiquidWorm | Site zeroscience.mk

MTP Guestbook version 1.0 suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 105818be5c7cf73cae884d21ed6236c6
MTP Image Gallery 1.0 Cross Site Scripting
Posted Feb 25, 2013
Authored by LiquidWorm | Site zeroscience.mk

MTP Image Gallery version 1.0 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | 132d1afc88bdb70f0d87841956cae140
Java Applet JMX Remote Code Execution
Posted Feb 25, 2013
Authored by Adam Gowdiak, juan vazquez, SecurityObscurity | Site metasploit.com

This Metasploit module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February of 2013. Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning to the user.

tags | exploit, java, arbitrary
advisories | CVE-2013-0431, OSVDB-89613
MD5 | 8f755d5ec685451214b1ccb81d296451
phpMyRecipes 1.2.2 Cross Site Scripting
Posted Feb 25, 2013
Authored by PDS

phpMyRecipes version 1.2.2 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | d5d4d7e3435fcf1b288bcd272eebcaf5
WiFilet 1.2 CSRF / LFI / Shell Upload
Posted Feb 25, 2013
Authored by Chokri Ben Achor | Site vulnerability-lab.com

WiFilet version 1.2 suffers from cross site request forgery, local file inclusion, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion, csrf
MD5 | ddb4bfa9542c68caedc540b0908a9890
Porch Light Media SQL Injection
Posted Feb 24, 2013
Authored by Kalashinkov3

Porch Light Media suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1388e9c034272df3de3c2b9ca597f034
MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free
Posted Feb 23, 2013
Authored by sgb | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability in Microsoft Internet Explorer where a CParaElement node is released but a reference is still kept in CDoc. This memory is reused when a CDoc relayout is performed.

tags | exploit
advisories | CVE-2013-0025
MD5 | e22f640406a701a53f6a2600e5cb2480
Rix4Web Portal Remote Blind SQL Injection
Posted Feb 23, 2013
Authored by L0n3ly-H34rT

Rix4Web Portal suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 94e216ef20fb2168325da5bb0a714ce6
Photodex ProShow Producer 5.0.3297 Insecure Library Load
Posted Feb 23, 2013
Authored by Julien Ahrens | Site security.inshell.net

Photodex ProShow Producer version 5.0.3297 suffers from an insecure library loading vulnerability. Proof of concept code included.

tags | exploit, proof of concept
MD5 | a9b997d7704ea4fb456c4216d6358c78
IPMap 2.5 Shell Upload
Posted Feb 23, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

IPMap version 2.5 suffers from remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
MD5 | b2d1a0959b972356bb9f762e1fcdadb2
Kayako Fusion 4.51.1891 Cross Site Scripting
Posted Feb 23, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Kayako Fusion version 4.51.1891 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 244e668351a0592667f70c4db912b66d
Page 1 of 7
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Germany Urges Parents To Destroy Snooping Smartwatches
Posted Nov 20, 2017

tags | headline, privacy, germany
Drone Maker Makes Hacking Accusations
Posted Nov 20, 2017

tags | headline, hacker, flaw
DNS Resolver 9.9.9.9 Will Check Requests Against IBM Threat Database
Posted Nov 20, 2017

tags | headline, malware, dns
F5 DROWNing, Not Waving, In Crypto Fail
Posted Nov 20, 2017

tags | headline, flaw, cryptography
Cap'n Crunch Booted From Conferences Due To Sexual Misconduct Claims
Posted Nov 18, 2017

tags | headline, hacker, phone, conference
3 More Android Malware Families Invade Google Play Store
Posted Nov 18, 2017

tags | headline, malware, phone, google
Shamed TLS/SSL Cert Authority StartCom To Shut Up Shop
Posted Nov 18, 2017

tags | headline, privacy, data loss, flaw, cryptography
Massive US Military Social Media Spying Archive Left Wide Open In AWS S3 Buckets
Posted Nov 18, 2017

tags | headline, government, privacy, usa, amazon, data loss, flaw, spyware, social
NYPD Cops Need A Warrant To Snoop On Your Phone
Posted Nov 17, 2017

tags | headline, government, privacy, usa, phone
Oracle Scrambles To Fix Security Flaws In Tuxedo
Posted Nov 17, 2017

tags | headline, database, flaw, oracle
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close