This archive contains all of the 164 exploits added to Packet Storm in March, 2013.
cc9b59131cd6d24c186284b4f01e36d1751f2d3a101e4330d56f247f9c0fca94
Sites powered by Portal Web Services suffer from cross site scripting and CRLF injection vulnerabilities. Note that this finding houses site-specific data.
bba0cb1ec8775b2ec0571e21bd97b31dfe507f03417823e8fd87715b8060e1f0
DCMS version 2.4 suffers from multiple cross site scripting vulnerabilities. Note that this finding houses site-specific data.
cb8acad3b615e6700cf1dbbb7957fc87d79663626397c27ea5fc07e842b32537
Netgear WNR1000 suffers from an authentication bypass vulnerability.
72c6cc5c8d4c418bcf9e4c0336a5047a0e2f2e3bb08d8d8efc6e07e63370d425
mRemote version 1.50 suffers from an update spoofing vulnerability.
c1de31f6f8728351a15b518d67f8c93d6869670704738ea370459b1e5c0cd954
Royal TS version 2.1.5 suffers from an update spoofing vulnerability.
bbdbe2cbd87607168248afc01ef7c42de353e86ceb6dd83377794643f9bbeb09
Daddy's File Hosting version 2 suffers from a cross site scripting vulnerability.
db44085cab878901dee0a65baa633d3bb9ce62a9c90a07fec1c599811840deac
This Metasploit module exploits unauthenticated versions of the "STUNSHELL" web shell. This Metasploit module works when safe mode is enabled on the web server. This shell is widely used in automated RFI payloads.
06341fc12ebcf2e13776c2ddafaa57edbd47f88dc20ac17daa4c87e2d4466e2b
This Metasploit module exploits unauthenticated versions of the "STUNSHELL" web shell. This Metasploit module works when safe mode is disabled on the web server. This shell is widely used in automated RFI payloads.
079ce9781a20fac112fd7690e6c284a6257f4927ebf9c7ae45b6ac4eb0b72f57
WordPress podPress third party plugin version 8.8.10.13 suffers from a cross site scripting vulnerability via 1pixelout_player.swf.
9620208825215dde109d0dd4c3734e97da23acc4ff0aa1eb1c302f9168f941c7
MailOrderWorks version 5.907 suffers from multiple cross site scripting vulnerabilities.
cca8817cbdf2e9cf7db4aa0eedb86c8dc3199c58d9e85d491fdf62af4152b113
The PayPal GP+ service application for analyzing websites suffered from a persistent cross site scripting vulnerability.
b1818e383a5b5735c8c66c269294c19ba5b51f5ba01f59bd57a6d45a263e3300
The PayPal content manager system for sellers suffered from a persistent cross site scripting vulnerability.
3112ea858a3dd800858266762e9d7c03ed6e45b96447da5ecb1cb268ae33a435
This Metasploit module exploits a stack buffer overflow in ALLMediaServer version 0.94. The vulnerability is caused due to a boundary error within the handling of an HTTP request.
9e10375f11d2160bc7bb76256fee52ef258402ea5c166bf2a4a74b2a8c0132a5
Sites designed by Voila Syria suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.
f123f9576092f3e027e57b3df0d7fb2d17366e274ccd657041c6ae8747e18719
This Metasploit module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013. The vulnerability affects Java version 7u15 and earlier and 6u41 and earlier and has been tested successfully on Windows XP SP3 and Windows 7 SP1 systems. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.
257e7dc02cc758e02ddfc07622def557b152de2354df0f2e8e6ddd5a95045d43
This Metasploit module exploits a lack of authentication in the shell developed by v0pCr3w and is widely reused in automated RFI payloads. This Metasploit module takes advantage of the shell's various methods to execute commands.
c98b44143d435c087fc71dd51541d105f13f0b99cdf31def59cce893a060e474
BlazeDVD Free Edition version 6.1.1.6 suffers from a buffer overflow vulnerability.
bdbc3385b746b6b0cb6e4960656a9e6c260df28173c52e32937cf108929fe845
AWS XMS version 2.5 suffers from a path traversal vulnerability.
e8265b5ddbb691c7801baa5e82a4c792f1e07efb41722fd028d1429b5c701edf
McAfee Virtual Technician (MVT) 6.5.0.2101 suffers from an exposed unsafe active-x method.
55fc445bc2332b108a292b07dc1275003a836cf017d276122b75dab94844b2a7
PsychoStats version 3.2.2b suffers from a remote SQL injection vulnerability.
6939fa06a31241d32f01ab10763e0f55e5a577b21d1456f8fa1c91b354697f10
Konftel 300IP SIP-based conference phone versions 2.1.2 and below remote bypass reboot exploit.
9e507e381e6d3283aca016657d917380e4a9531c10b62c0736789e6838811a3f
Atmail WebMail versions 7.0.2 and below suffer from a reflective cross site scripting vulnerability.
ff5341ba2491f38ee1944030bf777bbf3463e21753cdd0caff3312068641c1b0
This Metasploit module exploits a vulnerability in the JCE component for Joomla!, which could allow an unauthenticated remote attacker to upload arbitrary files, caused by the fails to sufficiently sanitize user-supplied input. Sending specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system. This Metasploit module has been tested successfully on the JCE Editor 1.5.71 and Joomla 1.5.26.
d551a16563e5797049076716bcbb1d33f994204c2b5f2e12601d1eac4daa07b1
Ruby Thumbshooter Gem version 0.1.5 suffers from a remote command execution vulnerability due to passing unsanitized user-supplied data to the shell.
0652702d6e2f7b3bc1f88941a17af3a1b29f12b8f34ed087c62a57ec0db99e81