Exploit the possiblities
Showing 1 - 25 of 119 RSS Feed

Files

Packet Storm New Exploits For April, 2013
Posted May 1, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 118 exploits added to Packet Storm in April, 2013.

tags | exploit
systems | linux
MD5 | 90447f8ee63ae01f2456fe38c2dc26f2
Syslog Watcher Pro 2.8.0.812 Cross Site Scripting
Posted Apr 30, 2013
Authored by demonalex

Syslog Watcher Pro version 2.8.0.812 suffers from a cross site scripting vulnerability in the date parameter.

tags | exploit, xss
MD5 | f164c179146707b31d4ec1b3fe905209
WowzaMediaServer StorageDir Constraint Bypass
Posted Apr 30, 2013
Authored by Michal J.

WowzaMediaServer suffers from a bypass vulnerability that allows for accessing of files outside of the allowed StorageDir directory.

tags | exploit, bypass
MD5 | 16e059de5db2b3f3fd8dfc6b604a0c52
Personal File Share HTTP Server Remote Overflow
Posted Apr 30, 2013
Authored by demonalex

Personal File Share HTTP server suffers from a remote buffer overflow vulnerability. Proof of concept denial of service code included.

tags | exploit, remote, web, denial of service, overflow, proof of concept
MD5 | 560458247fe7fb6b03d9728121a3fd0b
SAP ConfigServlet Remote Code Execution
Posted Apr 29, 2013
Authored by Dmitry Chastuhin, Andras Kabai | Site metasploit.com

This Metasploit module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. This Metasploit module has been tested successfully with SAP NetWeaver 7.00 and 7.01 on Windows Server 2008 R2.

tags | exploit, remote, code execution
systems | windows
advisories | OSVDB-92704
MD5 | a7a37ad7f21c133224d6379292a884d8
phpMyAdmin Authenticated Remote Code Execution
Posted Apr 29, 2013
Authored by Janek Vind aka waraxe | Site metasploit.com

This Metasploit module exploits a PREG_REPLACE_EVAL vulnerability in phpMyAdmin's replace_prefix_tbl within libraries/mult_submits.inc.php via db_settings.php. This affects versions 3.5.x below 3.5.8.1 and 4.0.0 below 4.0.0-rc3. PHP versions greater than 5.4.6 are not vulnerable.

tags | exploit, php
advisories | CVE-2013-3238, OSVDB-92793
MD5 | 0f98ac49e2a0e97b78d728dd67072274
Wordpress W3 Total Cache PHP Code Execution
Posted Apr 29, 2013
Authored by H D Moore, juan vazquez, temp66, Christian Mehlmauer | Site metasploit.com

This Metasploit module exploits a PHP Code Injection vulnerability against Wordpress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows arbitrary PHP code injection. A valid post ID is needed in order to add the malicious comment. If the POSTID option isn't specified, then the module will automatically bruteforce one. Also, if anonymous comments aren't allowed, then a valid username and password must be provided. In addition, the "A comment is held for moderation" option on Wordpress must be unchecked for successful exploitation. This Metasploit module has been tested against Wordpress 3.5 and W3 Total Cache 0.9.2.3 on a Ubuntu 10.04 system.

tags | exploit, arbitrary, php
systems | linux, ubuntu
advisories | OSVDB-92652
MD5 | 170014b6ed1d82d111127c7bec507a9d
D-Link IP Cameras Injection / Bypass
Posted Apr 29, 2013
Authored by Core Security Technologies, Nahuel Riva, Francisco Falcon, Pablo Santamaria, Juan Cotta, Martin Rocha | Site coresecurity.com

Core Security Technologies Advisory - D-Link IP Cameras suffer from OS command injection, authentication, information leak, and hard-coded credential vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2013-1599, CVE-2013-1600, CVE-2013-1601, CVE-2013-1602, CVE-2013-1603
MD5 | c9bc857db464de16f8f840ad447d5881
Vivotek IP Camera Buffer Overflow / Disclosure / Injection
Posted Apr 29, 2013
Authored by Core Security Technologies, Nahuel Riva, Francisco Falcon, Alejandro Leon Morales, Juan Cotta, Martin Rocha | Site coresecurity.com

Core Security Technologies Advisory - Vivotek IP Cameras suffer from information leak, buffer overflow, authentication, path traversal, and command injection vulnerabilities. Vulnerable are Vivotek PT7135 IP camera with firmware 0300a, Vivotek PT7135 IP camera with firmware 0400a, and possibly others.

tags | exploit, overflow, vulnerability
advisories | CVE-2013-1594, CVE-2013-1595, CVE-2013-1596, CVE-2013-1597, CVE-2013-1598
MD5 | b85b1ef6c99144cbd2edd7812d06158b
Cisco Linksys E1200 / N300 Cross Site Scripting
Posted Apr 29, 2013
Authored by Carl Benedict

Cisco Linksys E1200 and N300 routers version 2.0.04 suffer from a cross site scripting vulnerability.

tags | exploit, xss
systems | cisco
MD5 | 521831d1f3399f90f343ff1021e7d95e
Foe CMS 1.6.5 Cross Site Scripting / SQL Injection
Posted Apr 29, 2013
Authored by flux77

Foe CMS version 1.6.5 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 8e1fd4c98807c68fa32dbf2e2d7722c6
Ipswitch IMail 11.01 Cross Site Scripting
Posted Apr 29, 2013
Authored by DaOne

Ipswitch IMail version 11.01 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9a82a5c990e70a11b0aa7069fa78bef2
Memcached Remote Denial Of Service
Posted Apr 29, 2013
Authored by infodox

Memcached denial of service exploit for an issue disclosed on their bugtracker two years ago and was never patched.

tags | exploit, denial of service
MD5 | cbe9afa9cac634c26e0e326e408c06cc
Joomla! 3.0.3 PHP Object Injection
Posted Apr 29, 2013
Authored by EgiX

Joomla! versions 3.0.3 and below suffer from a PHP object injection vulnerability in remember.php.

tags | exploit, php
advisories | CVE-2013-3242
MD5 | f9684c84a5ee41372db90dbf26d495f7
PayPal BillSafe Authentication Bypass
Posted Apr 29, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

PayPal's Billsafe online payment service web application suffered from a remote authentication bypass session vulnerability.

tags | exploit, remote, web
MD5 | b3ba16ab33684a9484ff99ad1fe67e2b
TinyMCE Ajax File Manager Remote Code Execution
Posted Apr 29, 2013
Authored by onestree

TinyMCE Ajax File Manager suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | f3424d1ce40a76c506652097317976f7
FreePBX 2.9 Remote Command Execution
Posted Apr 27, 2013
Authored by Ahmed Aboul-Ela

FreePBX version 2.9 suffers from a backup module remote command execution vulnerability.

tags | exploit, remote
MD5 | 582fa2e5544c8c4da6487f4ceb1b05ba
PHPValley Micro Jobs Site Script 1.01 Account Takeover
Posted Apr 27, 2013
Authored by Jason Whelan

PHPValley Micro Jobs Site Script version 1.01 allows for a logged in user to spoof another user and take over their account.

tags | exploit, spoof
MD5 | 834d645a5dc51daf527af3a9fcffe379
Elecard MPEG Player 5.8 Buffer Overflow
Posted Apr 27, 2013
Authored by metacom

Elecard MPEG Player version 5.8 proof of concept local buffer overflow exploit.

tags | exploit, overflow, local, proof of concept
MD5 | 12f837ba24f7408f16dc7fcf1e68d290
Iron Lava Corp Shell Upload / SQL Injection
Posted Apr 27, 2013
Authored by Ashiyane Digital Security Team

Sites designed by Iron Lava Corp suffer from remote shell upload and remote SQL injection vulnerabilities. Note that this advisory has site-specific information.

tags | exploit, remote, shell, vulnerability, sql injection
MD5 | 9baea165241efbff031a26023050f4cf
D-Link DIR-635 Cross Site Request Forgery / Cross Site Scripting
Posted Apr 26, 2013
Authored by Michael Messner

D-Link DIR-635 suffers from cross site request forgery and multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 4ace141f9c5d0fb676b6eaf618190a05
WPS Office Stack Buffer Overflow
Posted Apr 26, 2013
Authored by Zhangjiantao

In module wpsio.dll in WPS Office, a BSTR string stored in the file is copied to the stack buffer without strict length inspection leading to a stack buffer overflow. Proof of concept included.

tags | exploit, overflow, proof of concept
systems | linux
advisories | CVE-2012-4886
MD5 | 2903a1aaee327cb030f2a2a6375ab875
CMS Cameron McKenna 2013 Cross Site Scripting
Posted Apr 26, 2013
Authored by Ivan Sanchez, Raul Diaz

CMS Cameron McKenna 2013 suffers from a cross site scripting vulnerability. The vendor has been notified of this issue. Note that this advisory has site-specific information.

tags | exploit, xss
MD5 | 4f4d22f0a4d305de40dbc0ac9cc8a628
Windows Light HTTPD 0.1 Buffer Overflow
Posted Apr 25, 2013
Authored by Jacob Holcomb

Windows Light HTTPD version 0.1 HTTP GET buffer overflow exploit that spawns a bindshell.

tags | exploit, web, overflow
systems | windows
MD5 | 55ad6958d8acdf6ae266aea27245a388
phpMyAdmin 3.5.8 / 4.0.0-RC2 Code Execution / LFI / Overwrite
Posted Apr 25, 2013
Authored by Janek Vind aka waraxe | Site waraxe.us

phpMyAdmin versions 3.5.8 and 4.0.0-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
advisories | CVE-2013-3238, CVE-2013-3239, CVE-2013-3240, CVE-2013-3241
MD5 | a19f7b563bcfd27ec869d2b00fdd590b
Page 1 of 5
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Language Bugs Infest Downstream Software
Posted Dec 11, 2017

tags | headline, flaw
German Spy Agency Warns Of Chinese LinkedIn Espionage
Posted Dec 11, 2017

tags | headline, government, china, cyberwar, germany, spyware, social
Dynamics 365 Sandbox Leaked TLS Certificates
Posted Dec 11, 2017

tags | headline, privacy, microsoft, data loss, flaw, cryptography
Keylogger Uncovered On Hundreds Of HP PCs
Posted Dec 11, 2017

tags | headline, flaw, spyware, backdoor
PlexCoin Scam Founder Sentenced To Jail And Fined $10k
Posted Dec 10, 2017

tags | headline, cybercrime, fraud, scam, cryptography
Google Lifts Lid On FBI Data Requests: Now You Can Read Actual Letters Online
Posted Dec 9, 2017

tags | headline, government, privacy, usa, google, fbi
Android Flaw Lets Attack Code Slip Into Signed Apps
Posted Dec 9, 2017

tags | headline, malware, phone, flaw, google
Millions Stolen In NiceHash Bitcoin Heist
Posted Dec 9, 2017

tags | headline, hacker, cybercrime, fraud, cryptography
Apple HomeKit Flaw Left Smart Gadgets Vulnerable
Posted Dec 9, 2017

tags | headline, flaw, apple
Intel Management Engine Pwned By Buffer Overflow
Posted Dec 7, 2017

tags | headline, hacker, flaw, conference, intel
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close