This archive contains all of the 126 exploits added to Packet Storm in May, 2013.
c29831f658ed77c2534eddffe84f7ab2fbc633835a65c57ff018013e6ceac702
This Metasploit module exploits a stack buffer overflow in the db_netserver process which is spawned by the Lianja SQL server. The issue is fixed in Lianja SQL 1.0.0RC5.2.
7e06bdae955716ffa265faef6d8a8657fd4b8897f76d0c56b6eba227f9c8cabd
Logic Print 2013 suffers from a stack overflow vulnerability.
ba1216bc16af7f8d80b5c358f6e4541518b85fb4b8d3fc8150c331d6f1c6e2a1
Intrasrv Simple Web Server version 1.0 SEH based remote code execution exploit.
912fd073e0d783dd318697693b042acb7b403d1ca339837fcfa75c842e5512b8
When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on every call to "forceRequestBodyVariable" (in phase 1). This is the proof of concept exploit. Versions prior to 2.7.4 are affected.
b4e14816e4c5cdc0de651f2cc750a97fa531e3a0c488cb71922a3bc534259845
Monkey HTTPD version 1.1.1 suffers from a denial of service vulnerability.
9f43c0d9a2bd9b380f9c63f0e17d6265c76af43e959168f66ca0eb9c22f6dac0
YeaLink IP Phone firmware versions 9.70.0.100 and below suffer from an unauthenticated phone call vulnerability.
22671d10a80df232f64150e4e78af6be36a8803fbdb6475a8eb01087172a3425
TP-LINK WR842ND suffers from a remote directory traversal vulnerability.
ac4197fdb577b1dab807bec29d445b9cd6d5ff28f301aaac5ea7915033dfc735
TP-Link IP cameras suffer from hard-coded credential and remote command execution vulnerabilities.
d96b583866927f2f59a08545c251d956a2dfef2c6512197cefb588c1ac39997b
SIEMENS Solid Edge ST4 SEListCtrlX active-x control SetItemReadOnly suffers from an arbitrary memory rewrite remote code execution vulnerability. Proof of concept included.
6c6ea1a9c072ee2af175d48c30c8a9025b2eddad5dddcf7ee400ddb53f111796
Core Security Technologies Advisory - MayGion IP cameras suffer from path traversal and buffer overflow vulnerabilities.
21e644d9151837b4ab263d654102bff96b1ab9d864c49f37c40e5bb8d1affef9
This Metasploit module exploits a heap based buffer overflow in the C1Tab ActiveX control, while handling the TabCaption property. The affected control can be found in the c1sizer.ocx component as included with IBM SPSS SamplePower 3.0. This Metasploit module has been tested successfully on IE 6, 7 and 8 on Windows XP SP3 and IE 8 on Windows 7 SP1.
99fdd7d6b7ffc3bcb3ad029cfcdb362a9cb2e0bb387ffdddfabe715b79e167a0
Barracuda SSL VPN 680 2.2.2.203 suffers from an open redirection vulnerability.
5740b1e5e5c9fc656d5fb5cfcb35cf011fa06b52f64e6aab8dc7973c32b15373
Core Security Technologies Advisory - Zavio IP cameras based on firmware versions 1.6.03 and below suffer from bypass, hard-coded credential, and arbitrary command execution vulnerabilities.
78c356b2ffcb1e25d51e6592b9d5d73b842cdf1d53ab057c2850cde52d3c84c9
PayPal's France site suffers from a remote SQL injection vulnerability.
d909644459dddf2b6cbe04e3ffd37a2c6cbdcb1c02e0db96d8b6c8ea94d96274
The sitewide search functionality in PayPal suffers from a cross site scripting vulnerability.
ae6f81d653037a6970d54135bf3aa3926b4d02177b5fea9343cd38d0f832748a
HP LaserJet Pro version P1606dn suffers from a direct access administrative password reset vulnerability.
1e0546a1b6c0fd44f287a4018259a51dd668ffc155e34387e618de9957eea8a8
SIEMENS Solid Edge ST4 WebPartHelper active-x control RFMSsvs!JShellExecuteEx suffers from a remote command execution vulnerability. Proof of concept included.
bba4a31d339af5605fe114b27057d1acf37770767071972f2e917ba1e3684b20
aCMS versions 1.0 and below suffer from cross site scripting, content spoofing, and information leakage vulnerabilities.
ae8043acb7b2da9c98837d31f51c47bde25e8182d74dffb82eb080368936bda9
WordPress User Role Editor plugin version 3.12 suffers from a cross site request forgery vulnerability.
f881320e4a6513457ac1d19645502215a0dc771eccc30dd7bd787ce5cc531b2e
ADIF Log Search Widget version 1.0e suffers from a cross site scripting vulnerability.
bf0e8effce0aa1d22148afab86ac617ac9aa5103faece658ec9c15fcadf7e673
Vanilla Forums version 2.0.18.8 suffers from cross site scripting and insecure permission vulnerabilities.
cc1d87f0dc1b0be146646d781abad9170ec4421ef9d3f355fdde9a8d86df9705
LG Optimus G E973 suffers from a command injection vulnerability.
52c14a7776a3df48b367725a4f0a4d5cea76882a924fd60859316427d1ef5748
PayPal.com suffers from a cross site scripting vulnerability.
c455574d672149e36625a44552fd8f9de3058a5512e438e175b6cb80fb8c2282
The SASspk module (SASspk.dll) version 9.310.0.11307, has a function called 'RetrieveBinaryFile()' which has one parameter called 'bstrFileName' which takes arguments as strings as defined in the function itself as ISPKBinaryFile from the SASPackageRetrieve library. Stack-based buffer overflow was discovered in one of the fuzzing processes that could allow arbitrary code execution by an attacker when exploiting the non-sanitized 'bstrFileName' parameter.
520def5ba164f9a7f1d632ee1f23ece85df9bc7454425ba51968438158fe9eda