all things security
Showing 1 - 25 of 165 RSS Feed

Files

Packet Storm New Exploits For July, 2013
Posted Aug 1, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 164 exploits added to Packet Storm in July, 2013.

tags | exploit
systems | linux
MD5 | cbc1c797ada9fc3021dffea3e7ef9d2f
TP-Link TL-SC3171 Command Execution / Shell Upload / Bypass
Posted Jul 31, 2013
Authored by Core Security Technologies, Andres Blanco, Flavio de Cristofaro | Site coresecurity.com

Core Security Technologies Advisory - TP-Link TL-SC3171 IP Cameras suffer from OS command injection, use of hard-coded credentials, authentication bypass, and missing authentication vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2013-2578, CVE-2013-2579, CVE-2013-2580, CVE-2013-2581
MD5 | 7cf475c02e459381d6a31904f4e307c1
Bit51 Better WP Security Plugin XSS / Command Execution
Posted Jul 31, 2013
Authored by Richard Warren | Site nccgroup.com

The Better Security Wordpress Plugin suffers from a stored cross site scripting vulnerability, which can be exploited by a remote unauthenticated attacker to steal cookies or gain privileged access to the affected site. Bit51 Better WP Security Plugin versions 3.4.8, 3.4.9, 3.4.10, 3.5.2, and 3.5.3 are affected.

tags | exploit, remote, xss
MD5 | c976f23ca76e7c1eda6898d0bb24c04a
Oracle Hyperion 11 Directory Traversal
Posted Jul 31, 2013
Authored by Richard Warren | Site nccgroup.com

Oracle Hyperion 11 suffers from a directory traversal vulnerability. Versions 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier are affected.

tags | exploit
MD5 | b76edea15e95010305f7338374de98f1
EchoVNC Viewer Remote Denial Of Service
Posted Jul 31, 2013
Authored by Z3r0n3

A remote attacker can crash EchoVNC Viewer by sending a malformed request. The crash occurs when EchoVNC Viewer allocate a buffer from heap with the size specified by the malicious server.

tags | exploit, remote, denial of service
MD5 | b14505e1070a5bc9b27fa0d97b2b4756
MojoPortal 2.3.9.7 Cross Site Scripting
Posted Jul 31, 2013
Authored by Michael Savage

MojoPortal version 2.3.9.7 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | e59ca34310db299fc45f3c5f81682fc9
Bigace CMS 2.7.8 Cross Site Request Forgery
Posted Jul 30, 2013
Authored by Yashar shahinzadeh

Bigace CMS version 2.7.8 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 7ca35bc665ced8790ac6f138e7c72d0f
PineApp Mail-SeCure test_li_connection.php Arbitrary Command Execution
Posted Jul 29, 2013
Authored by juan vazquez, Dave Weinstein | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the test_li_connection.php component, due to the insecure usage of the system() php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70.

tags | exploit, php
MD5 | 370df352e83a2de9ec2c063ee1b2c4c5
PineApp Mail-SeCure ldapsyncnow.php Arbitrary Command Execution
Posted Jul 29, 2013
Authored by juan vazquez, Dave Weinstein | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the ldapsyncnow.php component, due to the insecure usage of the shell_exec() php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70.

tags | exploit, php
MD5 | 9f5105de172f003eebfb122d6b1f563c
PineApp Mail-SeCure livelog.html Arbitrary Command Execution
Posted Jul 29, 2013
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the livelog.html component, due to the insecure usage of the shell_exec() php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70.

tags | exploit, php
MD5 | d17400c28ae6dc6e4e23eb68f2fcd0d1
MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation
Posted Jul 29, 2013
Authored by Tavis Ormandy, Axel Souchet | Site metasploit.com

The Windows kernel does not properly isolate broadcast messages from low integrity applications from medium or high integrity applications. This allows commands to be broadcasted to an open medium or high integrity command prompts allowing escalation of privileges. We can spawn a medium integrity command prompt, after spawning a low integrity command prompt, by using the Win+Shift+# combination to specify the position of the command prompt on the taskbar. We can then broadcast our command and hope that the user is away and doesn't corrupt it by interacting with the UI. Broadcast issue affects versions Windows Vista, 7, 8, Server 2008, Server 2008 R2, Server 2012, RT. But Spawning a command prompt with the shortcut key does not work in Vista so you will have to check if the user is already running a command prompt and set SPAWN_PROMPT false. The WEB technique will execute a powershell encoded payload from a Web location. The FILE technique will drop an executable to the file system, set it to medium integrity and execute it. The TYPE technique will attempt to execute a powershell encoded payload directly from the command line but it may take some time to complete.

tags | exploit, web, kernel
systems | windows, vista
advisories | CVE-2013-0008, OSVDB-88966
MD5 | bf765133ef2a04116cd29a63ed9e4763
FluxBB 1.5.3 XSS / CSRF / URL Redirection
Posted Jul 29, 2013
Authored by LiquidWorm | Site zeroscience.mk

FluxBB version 1.5.3 suffers from cross site scripting, cross site request forgery, and URL redirection vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 8767b191d220e6c3f0e0ea91472cc534
WebDisk 3.0.2 PhotoViewer iOS Command Execution
Posted Jul 29, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

WebDisk version 3.0.2 PhotoViewer for iOS suffers from a remote command execution vulnerability.

tags | exploit, remote
systems | cisco, ios
MD5 | 70870bbf83cf8313ffdff7490404374b
Private Photos 1.0 Script Insertion
Posted Jul 29, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Private Photos version 1.0 for iOS suffers from a persistent script insertion vulnerability.

tags | exploit
systems | cisco, ios
MD5 | 4a7600af02aaea317cce995e31f7dfd8
OpenEMM-2013 8.10.380.hf13.0.066 Cross Site Scripting / SQL Injection
Posted Jul 29, 2013
Authored by drone

OpenEMM-2013 version 8.10.380.hf13.0.066 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 0dc344af5b5ec5d81c3857ccb8f0728f
Novell Client 2 SP3 Privilege Escalation
Posted Jul 29, 2013
Authored by sickness

Novell Client 2 SP3 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | OSVDB-93718
MD5 | d55894615a747624ade14ec16b1b6feb
OllyDbg / Immunity Debugger Crash
Posted Jul 29, 2013
Authored by Dark-Puzzle

OllyDbg / Immunity debugger crash proof of concept denial of service exploit.

tags | exploit, denial of service, proof of concept
MD5 | a9156179e9f9c0a479e08a3641d064aa
Galil-RIO Modbus Denial Of Service
Posted Jul 27, 2013
Authored by Sapling

Galil RIO-47100 with firmware prior to 1.1d suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2013-0699
MD5 | 2bc129d59f93761ad28adfd64da42887
ASUS RT-AC66U ACSD Remote Root Buffer Overflow
Posted Jul 26, 2013
Authored by Jacob Holcomb

The ASUS RT-AC66U contains the Broadcom ACSD wireless binary that is vulnerable to multiple buffer overflow attacks. This is a remote root exploit that leverages one of those vulnerabilities.

tags | exploit, remote, overflow, root, vulnerability
advisories | CVE-2013-4659
MD5 | a1befe735d368acf82a49a3e0f484b00
Symantec Web Gateway XSS / CSRF / SQL Injection / Command Injection
Posted Jul 26, 2013
Authored by Wolfgang Ettlinger | Site sec-consult.com

Symantec Web Gateway versions 5.1.0.* and below suffer from cross site request forgery, cross site scripting, command injection, and remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, xss, sql injection, csrf
advisories | CVE-2013-1616, CVE-2013-1617, CVE-2013-4670, CVE-2013-4671, CVE-2013-4672
MD5 | eba6575ed59d8f516b66606c704e60c2
Xymon 4.x File Deletion
Posted Jul 26, 2013
Authored by Henrik Stoerner

Xymon versions prior to 4.3.12 with the xymond_rrd module enabled suffer from a file deletion vulnerability.

tags | exploit
MD5 | 74a2fe1646fa1aabef518fd3e2e485bb
Joomla Googlemaps 3.2 Cross Site Scripting / Denial Of Service
Posted Jul 26, 2013
Authored by MustLive

Joomla Googlemaps plugin version 3.2 suffers from cross site scripting and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
MD5 | 728e92816436e26d7b3263af896082c4
Alienvault OSSIM Cross Site Scripting
Posted Jul 25, 2013
Authored by xistence

Alienvault OSSIM versions prior to 4.3.0 suffer from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 7e00cea61a072e5a7d6a76b224857d56
Powershell Payload Web Delivery
Posted Jul 25, 2013
Authored by Ben Campbell, Christopher Campbell | Site metasploit.com

This Metasploit module quickly fires up a web server that serves the payload in powershell. The provided command will start powershell and then download and execute the payload. The IEX command can also be extracted to execute directly from powershell. The main purpose of this module is to quickly establish a session on a target machine when the attacker has to manually type in the command himself, e.g. RDP Session, Local Access or maybe Remote Command Exec. This attack vector does not write to disk so is unlikely to trigger AV solutions and will allow to attempt local privilege escalations supplied by meterpreter etc. You could also try your luck with social engineering. Ensure the payload architecture matches the target computer or use SYSWOW64 powershell.exe to execute x86 payloads on x64 machines.

tags | exploit, remote, web, x86, local
MD5 | 430aaebf868e9484d75294b7d275f3d8
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
Posted Jul 25, 2013
Authored by sinn3r, juan vazquez, Takeshi Terada | Site metasploit.com

The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within forms. In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code. This Metasploit module has been tested successfully on Struts 2.3.15 over Tomcat 7, with Windows 2003 SP2 and Ubuntu 10.04 operating systems.

tags | exploit
systems | linux, windows, ubuntu
advisories | CVE-2013-2251, OSVDB-95405
MD5 | f4dcb90843377c8138d0fd07f5f040c5
Page 1 of 7
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Phishers Getting Smarter By Making Use Of User Location
Posted Oct 20, 2017

tags | headline, malware, cybercrime, fraud, phish
OSX Malware Spread Via Compromised Software Downloads
Posted Oct 20, 2017

tags | headline, malware, apple
Canadian Spooks Release Their Own Malware Detection Tool
Posted Oct 20, 2017

tags | headline, government, malware, canada, spyware
Judge: MalwareTech Is No Longer Under Curfew, GPS Monitoring
Posted Oct 20, 2017

tags | headline, hacker, government, malware, usa, conference
Microsoft Mocks Google For Failed Security Fix Deployment Methodology
Posted Oct 19, 2017

tags | headline, microsoft, flaw, google, chrome
Malicious Mineraft Apps In Google Play Enslave Your Device To A Botnet
Posted Oct 19, 2017

tags | headline, malware, microsoft, phone, botnet, google
OAIC Received 114 Voluntary Data Breach Notifications In Two Years
Posted Oct 19, 2017

tags | headline, hacker, privacy, australia, data loss
US-CERT Predicts Machine Learning To Become Security Risk
Posted Oct 19, 2017

tags | headline, flaw
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close