This archive contains all of the 164 exploits added to Packet Storm in March, 2013.
cc9b59131cd6d24c186284b4f01e36d1751f2d3a101e4330d56f247f9c0fca94Sites powered by Portal Web Services suffer from cross site scripting and CRLF injection vulnerabilities. Note that this finding houses site-specific data.
bba0cb1ec8775b2ec0571e21bd97b31dfe507f03417823e8fd87715b8060e1f0DCMS version 2.4 suffers from multiple cross site scripting vulnerabilities. Note that this finding houses site-specific data.
cb8acad3b615e6700cf1dbbb7957fc87d79663626397c27ea5fc07e842b32537Netgear WNR1000 suffers from an authentication bypass vulnerability.
72c6cc5c8d4c418bcf9e4c0336a5047a0e2f2e3bb08d8d8efc6e07e63370d425mRemote version 1.50 suffers from an update spoofing vulnerability.
c1de31f6f8728351a15b518d67f8c93d6869670704738ea370459b1e5c0cd954Royal TS version 2.1.5 suffers from an update spoofing vulnerability.
bbdbe2cbd87607168248afc01ef7c42de353e86ceb6dd83377794643f9bbeb09Daddy's File Hosting version 2 suffers from a cross site scripting vulnerability.
db44085cab878901dee0a65baa633d3bb9ce62a9c90a07fec1c599811840deacThis Metasploit module exploits unauthenticated versions of the "STUNSHELL" web shell. This Metasploit module works when safe mode is enabled on the web server. This shell is widely used in automated RFI payloads.
06341fc12ebcf2e13776c2ddafaa57edbd47f88dc20ac17daa4c87e2d4466e2bThis Metasploit module exploits unauthenticated versions of the "STUNSHELL" web shell. This Metasploit module works when safe mode is disabled on the web server. This shell is widely used in automated RFI payloads.
079ce9781a20fac112fd7690e6c284a6257f4927ebf9c7ae45b6ac4eb0b72f57WordPress podPress third party plugin version 8.8.10.13 suffers from a cross site scripting vulnerability via 1pixelout_player.swf.
9620208825215dde109d0dd4c3734e97da23acc4ff0aa1eb1c302f9168f941c7MailOrderWorks version 5.907 suffers from multiple cross site scripting vulnerabilities.
cca8817cbdf2e9cf7db4aa0eedb86c8dc3199c58d9e85d491fdf62af4152b113The PayPal GP+ service application for analyzing websites suffered from a persistent cross site scripting vulnerability.
b1818e383a5b5735c8c66c269294c19ba5b51f5ba01f59bd57a6d45a263e3300The PayPal content manager system for sellers suffered from a persistent cross site scripting vulnerability.
3112ea858a3dd800858266762e9d7c03ed6e45b96447da5ecb1cb268ae33a435This Metasploit module exploits a stack buffer overflow in ALLMediaServer version 0.94. The vulnerability is caused due to a boundary error within the handling of an HTTP request.
9e10375f11d2160bc7bb76256fee52ef258402ea5c166bf2a4a74b2a8c0132a5Sites designed by Voila Syria suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.
f123f9576092f3e027e57b3df0d7fb2d17366e274ccd657041c6ae8747e18719This Metasploit module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013. The vulnerability affects Java version 7u15 and earlier and 6u41 and earlier and has been tested successfully on Windows XP SP3 and Windows 7 SP1 systems. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.
257e7dc02cc758e02ddfc07622def557b152de2354df0f2e8e6ddd5a95045d43This Metasploit module exploits a lack of authentication in the shell developed by v0pCr3w and is widely reused in automated RFI payloads. This Metasploit module takes advantage of the shell's various methods to execute commands.
c98b44143d435c087fc71dd51541d105f13f0b99cdf31def59cce893a060e474BlazeDVD Free Edition version 6.1.1.6 suffers from a buffer overflow vulnerability.
bdbc3385b746b6b0cb6e4960656a9e6c260df28173c52e32937cf108929fe845AWS XMS version 2.5 suffers from a path traversal vulnerability.
e8265b5ddbb691c7801baa5e82a4c792f1e07efb41722fd028d1429b5c701edfMcAfee Virtual Technician (MVT) 6.5.0.2101 suffers from an exposed unsafe active-x method.
55fc445bc2332b108a292b07dc1275003a836cf017d276122b75dab94844b2a7PsychoStats version 3.2.2b suffers from a remote SQL injection vulnerability.
6939fa06a31241d32f01ab10763e0f55e5a577b21d1456f8fa1c91b354697f10Konftel 300IP SIP-based conference phone versions 2.1.2 and below remote bypass reboot exploit.
9e507e381e6d3283aca016657d917380e4a9531c10b62c0736789e6838811a3fAtmail WebMail versions 7.0.2 and below suffer from a reflective cross site scripting vulnerability.
ff5341ba2491f38ee1944030bf777bbf3463e21753cdd0caff3312068641c1b0This Metasploit module exploits a vulnerability in the JCE component for Joomla!, which could allow an unauthenticated remote attacker to upload arbitrary files, caused by the fails to sufficiently sanitize user-supplied input. Sending specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system. This Metasploit module has been tested successfully on the JCE Editor 1.5.71 and Joomla 1.5.26.
d551a16563e5797049076716bcbb1d33f994204c2b5f2e12601d1eac4daa07b1Ruby Thumbshooter Gem version 0.1.5 suffers from a remote command execution vulnerability due to passing unsanitized user-supplied data to the shell.
0652702d6e2f7b3bc1f88941a17af3a1b29f12b8f34ed087c62a57ec0db99e81
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed