This archive contains all of the 164 exploits added to Packet Storm in July, 2013.
0a0985c7d5fdcaabbf25a53953410fd592cdcbfc6dacbbb8c55ddb3e55a12e42Core Security Technologies Advisory - TP-Link TL-SC3171 IP Cameras suffer from OS command injection, use of hard-coded credentials, authentication bypass, and missing authentication vulnerabilities.
65c946f42cda6e7f2e468690ba32b2210dbcd121ef351a42cfd3246f433128d2The Better Security Wordpress Plugin suffers from a stored cross site scripting vulnerability, which can be exploited by a remote unauthenticated attacker to steal cookies or gain privileged access to the affected site. Bit51 Better WP Security Plugin versions 3.4.8, 3.4.9, 3.4.10, 3.5.2, and 3.5.3 are affected.
851d1befb1d83e0151c831c6884961f17e3e980ac4ed6716207a81c4fd790e09Oracle Hyperion 11 suffers from a directory traversal vulnerability. Versions 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier are affected.
a63ebab32dfca1c676f5478d4507e5cb9958e376a21f14bd4a427db0035dea98A remote attacker can crash EchoVNC Viewer by sending a malformed request. The crash occurs when EchoVNC Viewer allocate a buffer from heap with the size specified by the malicious server.
0f95b5873df085c2956dfc5fe0afe9b4e60c00984cd0b00e317b429c8132c007MojoPortal version 2.3.9.7 suffers from a stored cross site scripting vulnerability.
8b314a7ebb6349066cbe66d2384dfefcf3dad366bbf130131f2c132e81a0edbaBigace CMS version 2.7.8 suffers from a cross site request forgery vulnerability.
334578e319255af19b9ffd7d30e813d5f2ccfc342588bfb110915cb965de5cd3This Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the test_li_connection.php component, due to the insecure usage of the system() php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70.
f986755f0d0b80f4f24f3b0cebb979f77db7ba99a7a250f60cf38a00b1bfde1cThis Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the ldapsyncnow.php component, due to the insecure usage of the shell_exec() php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70.
6d5046291504d28d39d79d096fba6a69e382c338c97f38b517a66277e740b9ddThis Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the livelog.html component, due to the insecure usage of the shell_exec() php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70.
51fca1c0fcae3623e2c9c69f04d8e43a10745b7c2cfa4634796a3d1d61a9cf15The Windows kernel does not properly isolate broadcast messages from low integrity applications from medium or high integrity applications. This allows commands to be broadcasted to an open medium or high integrity command prompts allowing escalation of privileges. We can spawn a medium integrity command prompt, after spawning a low integrity command prompt, by using the Win+Shift+# combination to specify the position of the command prompt on the taskbar. We can then broadcast our command and hope that the user is away and doesn't corrupt it by interacting with the UI. Broadcast issue affects versions Windows Vista, 7, 8, Server 2008, Server 2008 R2, Server 2012, RT. But Spawning a command prompt with the shortcut key does not work in Vista so you will have to check if the user is already running a command prompt and set SPAWN_PROMPT false. The WEB technique will execute a powershell encoded payload from a Web location. The FILE technique will drop an executable to the file system, set it to medium integrity and execute it. The TYPE technique will attempt to execute a powershell encoded payload directly from the command line but it may take some time to complete.
ec4132f8b9ac70f158c3461e225396c2635aeb7d0ad1f9877329265b9fd215b8FluxBB version 1.5.3 suffers from cross site scripting, cross site request forgery, and URL redirection vulnerabilities.
3d2a429f0d7f7702aac350cfb0a31594ad3302501c55568dfa29c8812f3a4a6eWebDisk version 3.0.2 PhotoViewer for iOS suffers from a remote command execution vulnerability.
a74a5bd33336150b25147766ce88ce05cc03a56a2927ac49301a7b6d2986f69bPrivate Photos version 1.0 for iOS suffers from a persistent script insertion vulnerability.
675393a5ef46624db7acc97471d1f5ccdb744cecce7d6c64116194fd6fc7a6b1OpenEMM-2013 version 8.10.380.hf13.0.066 suffers from cross site scripting and remote SQL injection vulnerabilities.
14456af2c9a5b9e11fb7313fb343d5a731c447e6b28ffc4391db130a2ff55411Novell Client 2 SP3 suffers from a privilege escalation vulnerability.
90372d883442b6991b9af375b8d05bbaa5c31c066b8a21018779b94badc3881dOllyDbg / Immunity debugger crash proof of concept denial of service exploit.
675d2824b19af798e908b299af4c63101ca4f8e7734c1c02006fdc9bf019156eGalil RIO-47100 with firmware prior to 1.1d suffers from a denial of service vulnerability.
711c8078ac8a79ef82338bae820506b5505483135cfd8c8c037db18a38b4bf56The ASUS RT-AC66U contains the Broadcom ACSD wireless binary that is vulnerable to multiple buffer overflow attacks. This is a remote root exploit that leverages one of those vulnerabilities.
7be0d23f95cb6278115b744a39cbc800e85bbed42e53df481abed6ccfe4b5bdaSymantec Web Gateway versions 5.1.0.* and below suffer from cross site request forgery, cross site scripting, command injection, and remote SQL injection vulnerabilities.
f5687779117e75bfab54e5c4e26cfc839c5928b756b4cf1652789d76e8d5aadcXymon versions prior to 4.3.12 with the xymond_rrd module enabled suffer from a file deletion vulnerability.
05961b9deef0e4629fab271ff5bc660e184d958c0772a463c88ba29fff50ab45Joomla Googlemaps plugin version 3.2 suffers from cross site scripting and denial of service vulnerabilities.
d2ba9c614111d4d02b0e070dcc14bca5220f56187e1021e317c465c625078204Alienvault OSSIM versions prior to 4.3.0 suffer from multiple reflective cross site scripting vulnerabilities.
b97b24ad187260fb2d369e36bc782d9527bb13c5629ef33949027b13a42c4a22This Metasploit module quickly fires up a web server that serves the payload in powershell. The provided command will start powershell and then download and execute the payload. The IEX command can also be extracted to execute directly from powershell. The main purpose of this module is to quickly establish a session on a target machine when the attacker has to manually type in the command himself, e.g. RDP Session, Local Access or maybe Remote Command Exec. This attack vector does not write to disk so is unlikely to trigger AV solutions and will allow to attempt local privilege escalations supplied by meterpreter etc. You could also try your luck with social engineering. Ensure the payload architecture matches the target computer or use SYSWOW64 powershell.exe to execute x86 payloads on x64 machines.
3df7ddc32fd686c31c096c385be3456948866192543e5796efa9d470ac552386The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within forms. In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code. This Metasploit module has been tested successfully on Struts 2.3.15 over Tomcat 7, with Windows 2003 SP2 and Ubuntu 10.04 operating systems.
c240d5878f508b714bf5ceed219b636cd035393594292bf01d990b95dae4b372
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed