This archive contains all of the 192 exploits added to Packet Storm in June, 2013.
95019076b638e2f09aaf08a7874f0386a18e21c90290b3a25dd85a226c5662bc
This Metasploit module exploits backdoors that can be sighted all over the leaked source code of the Carberp botnet C2 Web Panel.
8e430225d99c7af533d24ccc317c9b9e1fefd8bc6b0785c793924b5d5a2741a0
Xorbin Analog Flash Clock plugin version 1.0 for Joomla suffers from a flash-based cross site scripting vulnerability.
db191d2a15c32b3a82e6a57b0ed829bbbb56a36958154f8a7150bc0dc3f1d59f
Xorbin Digital Flash Clock plugin version 1.0 for WordPress suffers from a flash-based cross site scripting vulnerability.
52281822ff4a323761052080687530ded283d887d7b6d4c7707929f84c1ef54d
Xorbin Analog Flash Clock plugin version 1.0 for WordPress suffers from a flash-based cross site scripting vulnerability.
4095a10cc00eeeb24a4ebbf0d3b8293fa9afb1e65add0ab3198f35283253d6ca
C.P.Sub versions 4.5 and below allows for administrative access escalation by the simple tweak of a user-supplied parameter.
14729e57eccb98c1c5eea6f86f24ddce13fd2cdb43c82ac103ce384009b6a37a
The Vatican vaticanstate.va webcam page suffered from a cross site scripting vulnerability.
a8894f1b1dd5890c9866d2426fdde5123f882692bbd5b0645b0fea35e9fbd003
Sites powered by ATOMYMAXSITE appear to suffer from a remote shell upload vulnerability.
d379da817df77aaeadcc98a86b9e17fdf60ec6d4b1849e11e8c49f2fe3c406da
Nameko Webmail versions 0.10.146 and below suffer from a cross site scripting vulnerability.
3b2740074a19f52c84f779efae84cdd9f1a80d8cc1175eef3efe3108818db72a
Static HTTP Server version 1.0 SEH overflow exploit that leverages the configuration file and binds a shell to port 4444.
20860972de52d3d5624343a4ab0e0c228e90b1a76c4d40afeed190c4d848a86b
AVS Media Player version 4.1.11.100 local denial of service exploit that generates a malicious AC3 file.
e38991db53bda992deb7fb8bd65ba6883291ab7c0faf79ec5055a5da0cdbb1e2
WordPress WP-Private-Messages this party plugin suffers from a remote SQL injection vulnerability.
b964cff16f08182af4664c78ba3cdaa0af3da335ea7d4470e22511915ce137ed
Fortigate Firewall versions prior to 4.3.13 and 5.0.2 suffer from multiple cross site request forgery vulnerabilities.
5e716d94582ec65cc97f47dcfeeb3d561fddabaebd2912e1d7b23f64de396cd8
YOPMail suffers from cross site scripting, HTTP response splitting, CRLF injection, and session token handling vulnerabilities.
695a2946cc39df0b7ae62aedfd486a14f8ffc15c2fc2ef1b909e0eeccfa856ae
If you have physical access to a Microsoft Windows 7 SP1 instance, you can leverage the "Launch startup Repair" functionality to gain SYSTEM access.
fac9f4e8231364eeec4b1aecc36f354fe04953186fefb938b3fc672b096c51cb
Mobile USB Drive HD version 1.2 suffers from a remote shell upload vulnerability.
af5f77c231114e25afd0e7bb7892ab8b042909b94e8970efbfe6ac0a8a8915f3
Barracuda CudaTel Communication Server version 2.6.002.040 suffers from multiple script injection vulnerabilities.
40dfe644016b1ad81c1a85043ea8e429a90b78046c7c522200ab93064f1ac717
PCMan's FTP Server version 2.0 remote buffer overflow exploit that leverages USER and pops calc.exe.
ebe2ee53f912fbc36e072f14536b5b3d704cb736c0af15df0fafefd130440e39
The PayPal Hong Kong marketing site suffers from information disclosure, user enumeration, and bruteforcing vulnerabilities.
9392e6433d56701d485bdda4c180db292d48ca179237ab880ff00fd75ff3f245
eFile Wifi Transfer Manager version 1.0 for iOS suffers from local file inclusion and cross site scripting vulnerabilities.
f4659d8f270b07a83389f539606ad8dafb4a5388e016cbf23573ae55c1a4c349
PCMan's FTP Server version 2.0.7 remote root buffer overflow exploit that leverages the USER command and binds a shell to port 4444.
7f0bb5b4598cb64d889b69fe79face4a1e564281d836fd315c6a126034d7cc32
This Metasploit module abuses the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java version 7u21 and earlier.
4c7f2d07b2fb9904b25b6805e68094ce81bd292f4e93feb4b36e0f249b1ace06
Send an empty password to PCMan's FTP Server version 2.0 triggers a denial of service condition.
5c6bc2540fe27f8b6ae22a14eac60214f4d64052fc02c888492e8709cf10aec6
Xaraya version 2.4.0-b1 suffers from multiple cross site scripting vulnerabilities.
ed1a6f3ff2988a17b6db15e8220f076ffe9b16698f9b2452201a32c958af6c74
InstantCMS version 1.6 remote PHP code execution exploit that spawns a reverse shell.
58c5a918b42d3c4c9947890483bf68e4a4eea813701b686f794e5f548a9a717d