Twenty Year Anniversary
Showing 1 - 25 of 119 RSS Feed

Files

Packet Storm New Exploits For April, 2013
Posted May 1, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 118 exploits added to Packet Storm in April, 2013.

tags | exploit
systems | linux
MD5 | 90447f8ee63ae01f2456fe38c2dc26f2
Syslog Watcher Pro 2.8.0.812 Cross Site Scripting
Posted Apr 30, 2013
Authored by demonalex

Syslog Watcher Pro version 2.8.0.812 suffers from a cross site scripting vulnerability in the date parameter.

tags | exploit, xss
MD5 | f164c179146707b31d4ec1b3fe905209
WowzaMediaServer StorageDir Constraint Bypass
Posted Apr 30, 2013
Authored by Michal J.

WowzaMediaServer suffers from a bypass vulnerability that allows for accessing of files outside of the allowed StorageDir directory.

tags | exploit, bypass
MD5 | 16e059de5db2b3f3fd8dfc6b604a0c52
Personal File Share HTTP Server Remote Overflow
Posted Apr 30, 2013
Authored by demonalex

Personal File Share HTTP server suffers from a remote buffer overflow vulnerability. Proof of concept denial of service code included.

tags | exploit, remote, web, denial of service, overflow, proof of concept
MD5 | 560458247fe7fb6b03d9728121a3fd0b
SAP ConfigServlet Remote Code Execution
Posted Apr 29, 2013
Authored by Dmitry Chastuhin, Andras Kabai | Site metasploit.com

This Metasploit module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. This Metasploit module has been tested successfully with SAP NetWeaver 7.00 and 7.01 on Windows Server 2008 R2.

tags | exploit, remote, code execution
systems | windows
advisories | OSVDB-92704
MD5 | a7a37ad7f21c133224d6379292a884d8
phpMyAdmin Authenticated Remote Code Execution
Posted Apr 29, 2013
Authored by Janek Vind aka waraxe | Site metasploit.com

This Metasploit module exploits a PREG_REPLACE_EVAL vulnerability in phpMyAdmin's replace_prefix_tbl within libraries/mult_submits.inc.php via db_settings.php. This affects versions 3.5.x below 3.5.8.1 and 4.0.0 below 4.0.0-rc3. PHP versions greater than 5.4.6 are not vulnerable.

tags | exploit, php
advisories | CVE-2013-3238, OSVDB-92793
MD5 | 0f98ac49e2a0e97b78d728dd67072274
Wordpress W3 Total Cache PHP Code Execution
Posted Apr 29, 2013
Authored by H D Moore, juan vazquez, temp66, Christian Mehlmauer | Site metasploit.com

This Metasploit module exploits a PHP Code Injection vulnerability against Wordpress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows arbitrary PHP code injection. A valid post ID is needed in order to add the malicious comment. If the POSTID option isn't specified, then the module will automatically bruteforce one. Also, if anonymous comments aren't allowed, then a valid username and password must be provided. In addition, the "A comment is held for moderation" option on Wordpress must be unchecked for successful exploitation. This Metasploit module has been tested against Wordpress 3.5 and W3 Total Cache 0.9.2.3 on a Ubuntu 10.04 system.

tags | exploit, arbitrary, php
systems | linux, ubuntu
advisories | OSVDB-92652
MD5 | 170014b6ed1d82d111127c7bec507a9d
D-Link IP Cameras Injection / Bypass
Posted Apr 29, 2013
Authored by Core Security Technologies, Nahuel Riva, Francisco Falcon, Pablo Santamaria, Juan Cotta, Martin Rocha | Site coresecurity.com

Core Security Technologies Advisory - D-Link IP Cameras suffer from OS command injection, authentication, information leak, and hard-coded credential vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2013-1599, CVE-2013-1600, CVE-2013-1601, CVE-2013-1602, CVE-2013-1603
MD5 | c9bc857db464de16f8f840ad447d5881
Vivotek IP Camera Buffer Overflow / Disclosure / Injection
Posted Apr 29, 2013
Authored by Core Security Technologies, Nahuel Riva, Francisco Falcon, Alejandro Leon Morales, Juan Cotta, Martin Rocha | Site coresecurity.com

Core Security Technologies Advisory - Vivotek IP Cameras suffer from information leak, buffer overflow, authentication, path traversal, and command injection vulnerabilities. Vulnerable are Vivotek PT7135 IP camera with firmware 0300a, Vivotek PT7135 IP camera with firmware 0400a, and possibly others.

tags | exploit, overflow, vulnerability
advisories | CVE-2013-1594, CVE-2013-1595, CVE-2013-1596, CVE-2013-1597, CVE-2013-1598
MD5 | b85b1ef6c99144cbd2edd7812d06158b
Cisco Linksys E1200 / N300 Cross Site Scripting
Posted Apr 29, 2013
Authored by Carl Benedict

Cisco Linksys E1200 and N300 routers version 2.0.04 suffer from a cross site scripting vulnerability.

tags | exploit, xss
systems | cisco
MD5 | 521831d1f3399f90f343ff1021e7d95e
Foe CMS 1.6.5 Cross Site Scripting / SQL Injection
Posted Apr 29, 2013
Authored by flux77

Foe CMS version 1.6.5 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 8e1fd4c98807c68fa32dbf2e2d7722c6
Ipswitch IMail 11.01 Cross Site Scripting
Posted Apr 29, 2013
Authored by DaOne

Ipswitch IMail version 11.01 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9a82a5c990e70a11b0aa7069fa78bef2
Memcached Remote Denial Of Service
Posted Apr 29, 2013
Authored by infodox

Memcached denial of service exploit for an issue disclosed on their bugtracker two years ago and was never patched.

tags | exploit, denial of service
MD5 | cbe9afa9cac634c26e0e326e408c06cc
Joomla! 3.0.3 PHP Object Injection
Posted Apr 29, 2013
Authored by EgiX

Joomla! versions 3.0.3 and below suffer from a PHP object injection vulnerability in remember.php.

tags | exploit, php
advisories | CVE-2013-3242
MD5 | f9684c84a5ee41372db90dbf26d495f7
PayPal BillSafe Authentication Bypass
Posted Apr 29, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

PayPal's Billsafe online payment service web application suffered from a remote authentication bypass session vulnerability.

tags | exploit, remote, web
MD5 | b3ba16ab33684a9484ff99ad1fe67e2b
TinyMCE Ajax File Manager Remote Code Execution
Posted Apr 29, 2013
Authored by onestree

TinyMCE Ajax File Manager suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | f3424d1ce40a76c506652097317976f7
FreePBX 2.9 Remote Command Execution
Posted Apr 27, 2013
Authored by Ahmed Aboul-Ela

FreePBX version 2.9 suffers from a backup module remote command execution vulnerability.

tags | exploit, remote
MD5 | 582fa2e5544c8c4da6487f4ceb1b05ba
PHPValley Micro Jobs Site Script 1.01 Account Takeover
Posted Apr 27, 2013
Authored by Jason Whelan

PHPValley Micro Jobs Site Script version 1.01 allows for a logged in user to spoof another user and take over their account.

tags | exploit, spoof
MD5 | 834d645a5dc51daf527af3a9fcffe379
Elecard MPEG Player 5.8 Buffer Overflow
Posted Apr 27, 2013
Authored by metacom

Elecard MPEG Player version 5.8 proof of concept local buffer overflow exploit.

tags | exploit, overflow, local, proof of concept
MD5 | 12f837ba24f7408f16dc7fcf1e68d290
Iron Lava Corp Shell Upload / SQL Injection
Posted Apr 27, 2013
Authored by Ashiyane Digital Security Team

Sites designed by Iron Lava Corp suffer from remote shell upload and remote SQL injection vulnerabilities. Note that this advisory has site-specific information.

tags | exploit, remote, shell, vulnerability, sql injection
MD5 | 9baea165241efbff031a26023050f4cf
D-Link DIR-635 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 26, 2013
Authored by Michael Messner

D-Link DIR-635 suffers from cross site request forgery and multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 4ace141f9c5d0fb676b6eaf618190a05
WPS Office Stack Buffer Overflow
Posted Apr 26, 2013
Authored by Zhangjiantao

In module wpsio.dll in WPS Office, a BSTR string stored in the file is copied to the stack buffer without strict length inspection leading to a stack buffer overflow. Proof of concept included.

tags | exploit, overflow, proof of concept
systems | linux
advisories | CVE-2012-4886
MD5 | 2903a1aaee327cb030f2a2a6375ab875
CMS Cameron McKenna 2013 Cross Site Scripting
Posted Apr 26, 2013
Authored by Ivan Sanchez, Raul Diaz

CMS Cameron McKenna 2013 suffers from a cross site scripting vulnerability. The vendor has been notified of this issue. Note that this advisory has site-specific information.

tags | exploit, xss
MD5 | 4f4d22f0a4d305de40dbc0ac9cc8a628
Windows Light HTTPD 0.1 Buffer Overflow
Posted Apr 25, 2013
Authored by Jacob Holcomb

Windows Light HTTPD version 0.1 HTTP GET buffer overflow exploit that spawns a bindshell.

tags | exploit, web, overflow
systems | windows
MD5 | 55ad6958d8acdf6ae266aea27245a388
phpMyAdmin 3.5.8 / 4.0.0-RC2 Code Execution / LFI / Overwrite
Posted Apr 25, 2013
Authored by Janek Vind aka waraxe | Site waraxe.us

phpMyAdmin versions 3.5.8 and 4.0.0-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
advisories | CVE-2013-3238, CVE-2013-3239, CVE-2013-3240, CVE-2013-3241
MD5 | a19f7b563bcfd27ec869d2b00fdd590b
Page 1 of 5
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
Mueller Indicts 12 Russian Intelligence Officers, Including Guccifer 2.0, For Hacking Democrats
Posted Jul 13, 2018

tags | headline, hacker, government, usa, russia, cyberwar, spyware, fbi
Bogus MDM System Used To Hack iPhones In India
Posted Jul 13, 2018

tags | headline, malware, phone, india, fraud, apple
Chrome Adds Ambitious Browser Mitigation For Spectre
Posted Jul 13, 2018

tags | headline, flaw, google, patch, chrome, intel
Cisco Patches High-Severity Bug In VoIP Phones
Posted Jul 13, 2018

tags | headline, flaw, patch, cisco
Ukraine Claims It Blocked VPNFilter Attack At Chemical Plant
Posted Jul 13, 2018

tags | headline, malware, cyberwar, scada
Ticketmaster Breach Part Of Massive Card Skimming Campaign
Posted Jul 12, 2018

tags | headline, hacker, privacy, bank, data loss, fraud
Hackers Are Selling Backdoors Into PCs For $10
Posted Jul 12, 2018

tags | headline, hacker, fraud, backdoor
Cambridge Analytica Staff Set Up New Firm
Posted Jul 12, 2018

tags | headline, government, privacy, data loss, fraud, cyberwar, facebook
Stolen Sensitive Drone Files Sold On Dark Web
Posted Jul 12, 2018

tags | headline, hacker, government, data loss, cyberwar
A Curious Tale Of The Priest, The Broker, The Hacked Newswires, And $100 Million Of Insider Trades
Posted Jul 11, 2018

tags | headline, hacker, bank, russia, fraud
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close