This archive contains all of the 118 exploits added to Packet Storm in April, 2013.
796a707a40714a19684c71eaa704f1afa8f4783db71ca2856381cedd8088857f
Syslog Watcher Pro version 2.8.0.812 suffers from a cross site scripting vulnerability in the date parameter.
915406c2f87f0049bb8834fe22f3c1981d4e58f7034f1ecd7f678170203cf3db
WowzaMediaServer suffers from a bypass vulnerability that allows for accessing of files outside of the allowed StorageDir directory.
f4564e946705fc60d5c17b51bebbe0c644dbb60355ce85b64a936c75bbf48ae6
Personal File Share HTTP server suffers from a remote buffer overflow vulnerability. Proof of concept denial of service code included.
35ab66e9b48e819eccea9de3c3b1264a3321487f6247141d750c465f46ab2f37
This Metasploit module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. This Metasploit module has been tested successfully with SAP NetWeaver 7.00 and 7.01 on Windows Server 2008 R2.
62e0a4607ddec7e5f1da4c772ef23ba8583944002abf5e96e995e6da403c5361
This Metasploit module exploits a PREG_REPLACE_EVAL vulnerability in phpMyAdmin's replace_prefix_tbl within libraries/mult_submits.inc.php via db_settings.php. This affects versions 3.5.x below 3.5.8.1 and 4.0.0 below 4.0.0-rc3. PHP versions greater than 5.4.6 are not vulnerable.
cde46aba3bb442a48c277780f2ae183ec296c40bdbad1fb176830924a1405679
This Metasploit module exploits a PHP Code Injection vulnerability against Wordpress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows arbitrary PHP code injection. A valid post ID is needed in order to add the malicious comment. If the POSTID option isn't specified, then the module will automatically bruteforce one. Also, if anonymous comments aren't allowed, then a valid username and password must be provided. In addition, the "A comment is held for moderation" option on Wordpress must be unchecked for successful exploitation. This Metasploit module has been tested against Wordpress 3.5 and W3 Total Cache 0.9.2.3 on a Ubuntu 10.04 system.
e5ac9a6fad8c4d6319f7a5b50dd28589a34b1e7d2753c81dd9c0c17b9fb0bb79
Core Security Technologies Advisory - D-Link IP Cameras suffer from OS command injection, authentication, information leak, and hard-coded credential vulnerabilities.
c89524253ab599d8622f01400e1599d3a2ca11af0117966d4e4a0fe9ff04ad31
Core Security Technologies Advisory - Vivotek IP Cameras suffer from information leak, buffer overflow, authentication, path traversal, and command injection vulnerabilities. Vulnerable are Vivotek PT7135 IP camera with firmware 0300a, Vivotek PT7135 IP camera with firmware 0400a, and possibly others.
fa7660e4a137a97602dd52a3f2f89792f4eba90870562d6329ab58bbcacf03d9
Cisco Linksys E1200 and N300 routers version 2.0.04 suffer from a cross site scripting vulnerability.
c940fba04264c2e267af39f6a7ead1f281c2d9cc0420ff4ca58897013a5ee1c6
Foe CMS version 1.6.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
f9cee0773f9203282881b7996ccb4e7e82ff6ed5751595da4aa7cbe5dcbda989
Ipswitch IMail version 11.01 suffers from a cross site scripting vulnerability.
994dfe38a03dadf23ee63272381e22efa35b41a469d160c4208efb44566257f9
Memcached denial of service exploit for an issue disclosed on their bugtracker two years ago and was never patched.
814e65638843b38bd9fd9f0e2304a82c68628fa8c903a54aaec2025d9de659fc
Joomla! versions 3.0.3 and below suffer from a PHP object injection vulnerability in remember.php.
92c1b16050368998c04ca3342d9eced12b23a19d5974b249776e4d6b55dcefcd
PayPal's Billsafe online payment service web application suffered from a remote authentication bypass session vulnerability.
a7648736a35c6d5b0f41156d9bb5608ca1538419ba339fc5cf0c58bcb604ae1b
TinyMCE Ajax File Manager suffers from a remote code execution vulnerability.
d755af232c0c6aa46764039b4bc2eb4bec170c1ae8e037d2d4a69a96ee1a9200
FreePBX version 2.9 suffers from a backup module remote command execution vulnerability.
0f737c88245ed86d1ced573e55dc41069885055dbdb06ade39b3d6fddb9f0145
PHPValley Micro Jobs Site Script version 1.01 allows for a logged in user to spoof another user and take over their account.
be3489717f38a732799715a5bf9d318833e3065f792e86619fa9a7f2f1b2c792
Elecard MPEG Player version 5.8 proof of concept local buffer overflow exploit.
7302291bed8b7eb00f297566ec60a621d7adcfae5c0545a7e9a021986f0bdd90
Sites designed by Iron Lava Corp suffer from remote shell upload and remote SQL injection vulnerabilities. Note that this advisory has site-specific information.
75f7541db9cc5c202ba408bd1c4efc347e24216888610a60af000419f373eff4
D-Link DIR-635 suffers from cross site request forgery and multiple cross site scripting vulnerabilities.
9f5aeb25f45b5c7859957c04d42fa54170e29e93b7f0b36b152822e378687b11
In module wpsio.dll in WPS Office, a BSTR string stored in the file is copied to the stack buffer without strict length inspection leading to a stack buffer overflow. Proof of concept included.
38358e22e0283cc8f63c3c5da968863cd9aeb2e6d05f82b21fb4a56fc9a8dd4e
CMS Cameron McKenna 2013 suffers from a cross site scripting vulnerability. The vendor has been notified of this issue. Note that this advisory has site-specific information.
9bb471ef068545d2955c05c1c10076f6f1d8c862aa331fcdf79fbb9334231220
Windows Light HTTPD version 0.1 HTTP GET buffer overflow exploit that spawns a bindshell.
c6353474ef20863a17e6e60c49ab6d2415f53b3329ca89fc8312aa196928cdcd
phpMyAdmin versions 3.5.8 and 4.0.0-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities.
5f5b20d982ae97824512b1c23808b9c17b328dae83d316eee98cdebbab52a1c6